09-05-2013, 02:24 PM
A TECHNICAL SEMINAR ON FIREWALLS
FIREWALLS.docx (Size: 174.38 KB / Downloads: 23)
INTRODUCTION
The following documents will provide an introduction to departmental firewalls, some examples of firewall installations, as well as specific information that must be compiled prior to the implementation of a firewall.
Additionally, it is recommended that departmental technical staff familiarize themselves with the "Firewalls on RUNet" technical document. This document discusses the architectural design issues regarding the placement of a firewall on the RUNet and the issues surrounding the installation. It does not deal with specific scenarios or examples, but contains pertinent information for departments contemplating a firewall installation on their local network.
What is a firewall?
How does a firewall fit into an overall security strategy?
How a firewall fits into the network; graphic examples.
What information is needed when considering and planning a firewall implementation?
"My department is interested in a hardware firewall solution. Where do we begin?"
What is a Firewall?
A firewall is a device placed at the perimeter of an administrative domain that enforces an access policy for traffic entering and leaving that domain. The role of a firewall in a security paradigm is to segment a trusted or secure domain from an untrusted or insecure domain, and to selectively pass traffic based on desired connection characteristics. One reason to install a firewall is to reduce the number of services exposed by a network of hosts, and limiting the exposure of possible misconfigurations or security vulnerabilities to untrusted parties.
In other words, a firewall is a device - usually a dedicated piece of hardware - that sits on the edge of a LAN and decides what can come or go from the network. A firewall is a potentially powerful tool in a security plan. It allows the administrator of the firewall equipped LAN to set a security policy that prevents unwanted traffic from entering or leaving the LAN, controlling what traffic is allowed to pass between different LAN segments behind the firewall. Without the security policy in place, the firewall is useless.
What Doesn't a Firewall Do?
Firewalls are not security in and of themselves , they can only be part of a security solution.
They cannot stop all attacks on a network, nor can they stop attacks that mask themselves as valid traffic.
Spam and virus-laden email will pass right through a firewall.
A firewall can prevent attackers from getting freely into a network, but will not stop an internal user from activating a trojan or maliciously exploiting an unpatched computer.
Firewalls primarily stop outside attackers. Although firewalls can and do audit traffic leaving a network, a firewall cannot stop a user within a network from opening a connection to a dangerous outside location.
Because a firewall is not an all in one solution, it is vital to stay aware of security on your network. A network administrator must know what is on the network and what must be done to protect those resources. This can include, but is not limited to, minimizing the services running on your systems to only the needed ones. Also, there is a great need to identify and patch vulnerabilities on your systems since most compromises and viruses exploit known vulnerabilities. These can be identified via regular vulnerability scans as well as just regularly applying vendor supplied patches.
Defense in Depth
It can be very easy to fall into a false sense of security after having deployed a firewall. This can be a very costly mistake. Even the best single security measure will only provide limited protection to your network. That is why it is critical to employ multiple security measures, each having it's own strengths and weaknesses, but when used together, will provide much more complete coverage of your network.
An incomplete security solution is just an illusion of security. There are five distinct actions that need to be taken by a departmental support administrator to ensure a minimum of security for hosts.
Planning
When planning for a firewall, or even when just considering whether one is needed, there are many pieces of information that must be collected. Below is a list of preliminary items as well as some questions you should be able to answer.
Does your network meet the guidelines presented in the IPS "Baseline Security Checklist"?
Why are you requesting a firewall for your department?
What expectations of security do you have for your networks?
How many networks are you responsible for administration? Do you want them all protected by a firewall?
What services do you currently support in your environment?
What services do you support that need to be accessible from outside your network and/or from outside the University?
LSS has an online form available to facilitate the consulting and planning process. The form, expanding on the above questions, provides information that is critical in the design and configuration of the firewall setup.