Networking / Beginners

Upgrading the firewall

It is often necessary that the firewall software and hardware components be upgraded with the necessary modules to ensure optimal firewall performance. The firewall administrator should be aware of any hardware and software bugs, as well as firewall software upgrades that may be issued by the vendor. If an upgrade of any sort is necessary, certain precautions must be taken to continue to maintain a high level of operational security. Sample policies that should be written for upgrades may include the following:

  • To optimize the performance of the firewall, all vendor recommendations for processor and memory capacities should be followed.
  • The firewall administrator must evaluate each new release of the firewall software to determine whether an upgrade is required. All security patches recommended by the firewall vendor should be implemented in a timely manner.
  • Hardware and software components should be obtained from a list of vendor-recommended sources. Any firewall-specific upgrades should also be obtained from the vendor. In addition, Network File System (NFS) should not be used as a means of obtaining hardware and software components. The use of virus-checked CDROM or FTP to a vendor's site is an appropriate method.
  • The firewall administrators should monitor the vendor's firewall mailing list or maintain some other form of contact with the vendor to be aware of all required upgrades. Before an upgrade of any of the firewall component, the firewall administrator must verify with the vendor that an upgrade is required. After any upgrade, the firewall should be tested to verify proper operation before going operational.

Logs and audit trails: audit/event reporting and summaries

Most firewalls provide a wide range of capabilities for logging traffic and network events. Some security-relevant events that should be recorded on the firewall's audit trail logs are: hardware and disk media errors; login/logout activity; connect time; use of system administrator privileges; inbound and outbound e-mail traffic; TCP network connect attempts; and inbound and outbound proxy traffic type.

[Previous] [Contents] [Next]

In this tutorial:

  1. Firewall Security Policy
  2. Firewall protection
  3. Firewall architectures
  4. Multi-homed host
  5. Screened host
  6. Screened subnet
  7. Types of firewalls
  8. Packet-filtering gateways
  9. Application gateways
  10. Hybrid or complex gateways
  11. Routing versus forwarding
  12. IP spoofing
  13. DNS and mail resolution
  14. Intranet
  15. Network trust relationships
  16. Virtual private networks
  17. Qualification of the firewall administrator
  18. Remote firewall administration
  19. Firewall backup
  20. System integrity
  21. Physical firewall security
  22. Firewall incident handling
  23. Upgrading the firewall
  24. Revision/update of firewall policy
  25. Examples of service-specific policies