Josh Ballard
Network Security
Analyst
Outline
Firewall Types
Default Deny vs. Default Allow
Campus Offerings
The Importance of Scope
Campus Offerings
For approximately the past
year, we have been
developing and offering
firewall services.
Based on the Cisco
PIX/ASA/FWSM platform.
Campus Offerings
We are in the process of deploying
FWSM-based firewalls virtually in
front of all data center systems.
This allows for differing policy
levels for each group of systems in
the data center.
We can also deploy FWSM
technology to buildings or
departments as applicable and
requested.
Campus Offerings
With our licensing of Trend Micro,
we also have access to host-based
firewalls, as well as the Windows
firewall.
Both of these are controllable by
you as the admin with appropriate
knowledge of your services and
their scopes.
The Importance of
Scope
AKA: Why is firewalling important?
Consider this example:
Windows Server 2003 System
Running IIS and Exchange
Running RDP for Adminstrative
Control
The Importance of
Scope (2)
Another example - multi-tiered
UNIX system running Apache
and other web software that ties
to a database backend.
UNIX system running Oracle
database software
Both systems running SSH
Why is scoping important in this
example?
The Importance of
Scoping (3)
So the questions to answer to
write a policy are:
What should we explicitly not allow?
What services are running on the
systems in questions?
Who needs to access those services?
What should happen to a packet that
isnt explicitly matched?
Conclusion
Firewalling is an important
piece of any security
infrastructure, both networkbased and host-based.
It is by no means an end-all
be-all solution, but can limit
your exposure greatly.
Questions?