A firewall is defined as a system which is designed to prevent unauthorized access to or from a private network. Claimed to be implemented in both hardware and software, or a combination of both, firewalls are frequently used in order to prevent unauthorized Internet users from accessing private networks connected to the Internet, especially intranets.
Types of firewall techniques:
Packet filter: Each packet entering or leaving the network is checked and based on user-defined rules it is either accepted or rejected. It is said to be fairly effective and transparent to users, but is difficult to configure and is susceptible to IP spoofing.
Application gateway: Security mechanisms are applied to specific applications, such as FTP and Telnet servers. Although this is very effective, performance degradation can be imposed.
Circuit-level gateway: Security mechanisms are applied when a TCP or UDP connection is established. Upon establishing the connection, packets can flow between the hosts without further checking.
Proxy server: All messages are intercepted while entering and leaving the network, while the true network addresses are kept effectively hidden by the proxy server
Principle of a Firewall:
A set of predefined rules constitute a firewall system wherein the system is allowed to:
Authorise the connection (allow)
Block the connection (deny)
Reject the connection request without informing the issuer (drop)
Firewall Management Best Practices:
- Don’t assume that the firewall is the answer to all your network security needs.
- Deny all the traffic and allow what is needed and the other way, allowing all and blocking the known vulnerable ports.
- Limit the number of applications running (Antivirus, VPN, Authentication software’s) in your host based firewalls to maximize the CPU cycles and network throughput.
- Run the firewall services from unique ID rather than running from generic root/admin id.
- Follow good password practices
– Change the default admin or root passwords before connecting the firewall to the internet
– Use long and complex pass phrase difficult to crack and easy to remember
– Change the passwords once in 6 months and whenever suspected to be compromised
- Use features like stateful inspection, proxies and application level inspections if available in the firewalls.
- Physical Access to the firewall should be controlled.
- Keep the configurations simple, eliminate unneeded and redundant rules.
- Audit the firewall rule base regularly.
- Perform regular security tests on your firewalls for new exploits, changes in rules and with firewall disabled to determine how vulnerable you will be in cased of firewall failures.
- Enable firewall logging and alerting.
- Use secure remote syslog server that makes log modification and manipulation difficult for an attacker.
- Consider outsourcing firewall management to a managed service provider to leverage on their expertise, trend analysis and intelligence.
- Have strong Change Management process to control changes to firewalls.
- Try to have personal firewalls/intrusion prevention software’s, as the network firewalls can be easily circumvented when connected through devices like USB modems, ADSL links etc.
- Backup the firewalls rule base regularly and keep the backups offsite