Scribd Logo
Unggah

Selamat datang di Scribd!

  • Tom Peters Networking Troubleshooting Checklist Guerilla CISO

    Diunggah oleh

    shabuzmushfique
    430 tayangan2 halaman
    firewall configuration and ensure the secure configuration of firewall. network Firewall configuration

    Judul Asli

    Firewall Security checklist

    Hak Cipta

    © © All Rights Reserved

    Format Tersedia

    DOCX, PDF, TXT atau baca online dari Scribd

    Apakah menurut Anda dokumen ini bermanfaat?

    Apakah konten ini tidak pantas?

    Laporkan Dokumen Ini
    firewall configuration and ensure the secure configuration of firewall. network Firewall configuration

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    430 tayangan2 halaman

    Tom Peters Networking Troubleshooting Checklist Guerilla CISO

    Diunggah oleh

    shabuzmushfique
    firewall configuration and ensure the secure configuration of firewall. network Firewall configuration

    Hak Cipta:

    © All Rights Reserved
    Unduh sebagai DOCX, PDF, TXT atau baca online dari Scribd
    Tandai sebagai konten tidak pantas
    dari 2

    Checklists are a good way to verify Information Technology security environments.

    Many
    people including Tom Peters have been praising the usefulness and simplicity of checklists. I had
    previously created a networking troubleshooting checklist. Reading a post about
    Router/Firewalls at Guerilla CISO, reminded me of a checklist about firewall rules I created in
    2003. I dusted it off and updated it. So, here is a checklist for firewall rules:
    1. External routers health check. You can use Nipper to check wether your router configuration
    is acceptable.
    2. Document current firewall/router, OS, rule-base, object-base, and NAT tables. You can look at
    using FWdoc.
    3. Document current performance - page load, file transfer, CPU utilization. If you firewall
    platform supports that standard HostMIB you can point something like NMIS at it and obtain
    these stats.
    4. Document current usage of security systems and recommend improvements. A good tool to
    recognize improvements is Wikto.
    5. Research traffic needs. You can span the router port and check out traffic flows using
    OpenXtra's NTOP, or alternatively use Netflow and a tool like Netflow Tracker.
    6. Review firewall/router logs to determine current service usage. Collect syslogs for review
    using a product like Kiwi.
    7. Interview business units for service requirements and document findings.
    8. Backup existing configuration, rule-base, object-base, and NAT tables.
    9. Create rule-base migration plan.
    10. Migrate rule-base in controlled sections.
    11. Arrange rules in order of rule hit rate.
    12. Monitor changes for issues.
    13. Document final configuration.
    14. Document performance differential performance gains.
    15. Only allow RFC1918 IP addresses on the internal network. Drop all RFC1918 addresses on
    the external Internet Access router.
    16. Drop the following incoming traffic on the external Internet router:telnet, snmp, icmp, dns,
    pop3, SQL: Oracle SQL*NET(66), sqlserv(118), SQL-NET(150), sqlsrv(156), mini-SQL(1114),
    Microsoft SQL Server(1433), Microsoft SQL Monitor(1434), Sybase SQL AnyWhere(1498),
    Oracle SQL*Net v2(1521), Oracle(1522), Oracle SQL*Net v1(1525), Oracle SQL*Net(1529),
    UniSQL (1978), UniSQL Java(1979), mySQL(3306), SSQL(3352), mSQL(4333), Remote
    access: Dameware (6129), PC Anywhere (5631).
    17. Firewall default properties: Eliminate anything that is allowed generically. Firewall software
    is installed by default with services wide open. The first step is to turn off these default
    properties.
    18. Firewall outbound: Allow the following traffic originating from the firewall to any
    destination: Time services, SSH, Ping, Ident, FW-1, Traceroute, SNMP trap
    19. Internal outbound: Allow the following traffic originating internal to any outbound
    destination: HTTP (80), HTTPS (443), FTP (21), SSH (22), MSN Messenger (1863) Voice
    (UDP:2001-2120, 6801, 6901), file transfers (6891-6900).
    20. Lockdown: Blocking any access to the firewall. No one should have access to the firewall but
    the firewall administrators and workstations operating on the FW-1 ports.
    21. Drop All AND Log rule and add it to the end of the rule base.
    22. No Logging: A rule that drops/rejects broadcast traffic, but does NOT log it.
    23. DNS access: All the internal DNS servers access to the service providers named DNS
    server. All servers in the DMZ, DNS access to the internal DNS servers.
    24. Mail access: Allow the bridgehead servers bi-directional SMTP access to the relay server in
    the DMZ. Allow all bidirectional SMTP traffic from the relay server to external hosts. As an
    alternative investigate the use of a service like Mimecast.
    25. Web access: Allow incoming HTTP and HTTPS access to the DMZ from external.
    26. DMZ access: Allow only bidirectional-encrypted access from the internal network to the
    DMZ from named sources and destinations.
    27. Performance: Move the most commonly used rules towards the top of the rule base.
    28. Web content: Block access to sites that do not comply with the company computer usage
    policy. Consider using OpenDNS, which has blocking abilities.
    29. Vulnerability scanning: Allow the internal vulnerability-scanning server to scan all ports and
    addresses in the DMZ. Allow the rule only to be active from 19h00 to 23h30. Wikto is a good
    tool to accomplish this.
    30. Time services: Allow named addresses access to the time service on the firewall from the
    internal network.
    31. Allow the network management servers access to the DMZ (e.g. HP SIM uses port 2381).
    Allow the network management servers SNMP read access to the DMZ. Allow all DMZ servers
    to transmit SNMP traps to the network management servers.

    Anda mungkin juga menyukai