Security
Topics > Firewalls

IT Security
Overview


Firewalls

Intrusion
Detection

Security
Policies

Vulnerability
Assessments

Cryptography

Portal
Review

Scanners

Against
Security?

 

Contents

Introduction

Institutions and businesses need to protect themselves from threats created by the use of new technologies. Firewall technology is useful in offering this protection. Firewalls control all inbound and outbound traffic. The most common types of technology used in firewalls are packet filtering, application level firewalls, and stateful inspection firewalls. Packet filtering software works at the network layer where all packets are inspected as they pass through a router. Packets that match access control rules are allowed through, while those that do not match are dropped. Application-level firewalls work at the application layer. Most use proxy servers that act as an interface between internal users and the Internet. The proxy checks for permissions and enforces access control rules. Services that do not comply with these rules are blocked. Stateful inspection works at the network layer. IP header information is reviewed to determine which services to allow through and which to block. Adaptive proxy, a new firewall technology, combines packet filtering with secure proxy technology. Firewall appliances, as opposed to software applications, are becoming more popular. These devices stand-alone and typically combine hardware and software set into an operating system.

The following selection guidelines are recommended by Gartner, and can be found at

http://enterprise.cnet.com/enterprise/0-9567-7-2481743.html.
top

Organizational

  • Establish application/business needs: Internet, intranet, extranet.
  • Assess security risks: high, medium, or low.
  • Establish security requirements.
  • Establish operational capabilities.
  • Check security budget allocation.
  • Establishing business requirements includes asking questions about:
  • What type of access to the Internet is required and by whom (internal employees, remote access, access from outside to company Web site)?
  • Does the company intranet need a firewall to protect from internal attacks?
  • Does the enterprise want to conduct business with other business partners and suppliers via an extranet?
  • Assessing the type of firewall to install requires an organization to review its network design and business objectives. By conducting a risk analysis, exposures and levels of risk may be determined. Then, based on the results of the risk analysis, an organization has the starting blocks from which its requirements will arise. A sampling of what may be uncovered during the risk analysis includes these:
    • The threats, impact, and vulnerabilities of connecting to the Internet.
    • Consider what Internet or external services are required, what features are required, and what level of assurance is required.
    • This will help towards specifying a firewall according to the user's needs as opposed to selecting a firewall based on the number of features it comes with. The firewall must reflect the company's existing security policy, not impose a new one. In the absence of a security policy, or where a security policy exists but does not cover the Internet, an acceptable use agreement should be implemented.
    • Operational capabilities should be established, i.e., what processes are involved in the day-to-day running of the system, check logistics, IT responsibilities, etc. Another important factor to bear in mind is to check where the security spending will come from: Does the enterprise have a dedicated security department with a dedicated security budget, or will budget have to be requested from the corporate IT director.
top

Functionality

Questions to ask include these:
  • What authentication techniques does the firewall support?
  • Which antivirus software is supported?
  • Can it filter Java/ActiveX applets?
  • Are there logging facilities for inbound/outbound traffic?
  • Are there auditing and reporting tools?
  • Does it carry out intrusion detection?
  • Does it have alerting facilities?
  • Is there a standby device in case of failure?
  • Does the firewall support VPN?
  • What types of encryption settings does it have?
  • Can it centrally manage multiple firewalls?
  • Does it offer secure remote management?
  • Does it have ITSEC or ICSA certification?
  • Does it have load balancing/traffic prioritization/bandwidth management?
  • Does it support LDAP?
  • Performance?
  • Does it offer PKI support?
top

Other Sources

Ahsan, Muninder P. (March 8, 2000). Firewalls: A perspective. San Francisco, CA: CNET Enterprise. Retrieved from the World Wide Web on February 22, 2001: http://enterprise.cnet.com/enterprise/0-9567-7-2481743.html

Roble Systems Consulting. (1999). Firewall comparison: Checkpoint Firewall-1 and Cisco PIX. Palo Alto, CA: Roble Systems, Inc. Retrieved from the World Wide Web on February 26, 2001: http://www.roble.com/docs/fw1_or_pix.html

top