Firewall Security Policy
Network administrators have increasing concerns about the security of their networks when they expose their organization's private data and networking infrastructure to Internet crackers. To provide the required level of protection, an organization needs a security policy to prevent unauthorized users from accessing resources on the private network and to protect against the unauthorized export of private information.
Even if an organization is not connected to the Internet, it may still want to establish an internal security policy to manage user access to portions of the network and protect sensitive or secret information. With regards to the Internet, many organizations have connected or want to connect their private LANs to the Internet so their users can have convenient access to Internet services. Because the Internet as a whole is not trustworthy, their private systems are vulnerable to misuse and attack. A firewall is a safeguard one can use to control access between a trusted network and a less trusted one. A firewall is not a single component, but a strategy for protecting an organization's Internet-reachable resources. Firewalls can also be used to secure segments of an organization's intranet, but this tutorial will concentrate on the Internet aspects of firewall policy.
A firewall enforces a security policy, so without a policy, a firewall is useless. This tutorial will help the responsible manager and firewall administrator create a useful policy for the firewall. Throughout this tutorial, the term firewall refers to the sum of the hardware, software, policy, and procedures used to implement the firewall policy. A firewall is not necessarily a single piece of software sitting on a single computer system.
In this tutorial:
- Firewall protection
- Firewall architectures
- Multi-homed host
- Screened host
- Screened subnet
- Types of firewalls
- Packet-filtering gateways
- Application gateways
- Hybrid or complex gateways
- Routing versus forwarding
- IP spoofing
- DNS and mail resolution
- Intranet
- Network trust relationships
- Virtual private networks
- Qualification of the firewall administrator
- Remote firewall administration
- Firewall backup
- System integrity
- Physical firewall security
- Firewall incident handling
- Upgrading the firewall
- Revision/update of firewall policy
- Examples of service-specific policies