Upgrading the firewall
It is often necessary that the firewall software and hardware components be upgraded with the necessary modules to ensure optimal firewall performance. The firewall administrator should be aware of any hardware and software bugs, as well as firewall software upgrades that may be issued by the vendor. If an upgrade of any sort is necessary, certain precautions must be taken to continue to maintain a high level of operational security. Sample policies that should be written for upgrades may include the following:
- To optimize the performance of the firewall, all vendor recommendations for processor and memory capacities should be followed.
- The firewall administrator must evaluate each new release of the firewall software to determine whether an upgrade is required. All security patches recommended by the firewall vendor should be implemented in a timely manner.
- Hardware and software components should be obtained from a list of vendor-recommended sources. Any firewall-specific upgrades should also be obtained from the vendor. In addition, Network File System (NFS) should not be used as a means of obtaining hardware and software components. The use of virus-checked CDROM or FTP to a vendor's site is an appropriate method.
- The firewall administrators should monitor the vendor's firewall mailing list or maintain some other form of contact with the vendor to be aware of all required upgrades. Before an upgrade of any of the firewall component, the firewall administrator must verify with the vendor that an upgrade is required. After any upgrade, the firewall should be tested to verify proper operation before going operational.
Logs and audit trails: audit/event reporting and summaries
Most firewalls provide a wide range of capabilities for logging traffic and network events. Some security-relevant events that should be recorded on the firewall's audit trail logs are: hardware and disk media errors; login/logout activity; connect time; use of system administrator privileges; inbound and outbound e-mail traffic; TCP network connect attempts; and inbound and outbound proxy traffic type.
In this tutorial:
- Firewall Security Policy
- Firewall protection
- Firewall architectures
- Multi-homed host
- Screened host
- Screened subnet
- Types of firewalls
- Packet-filtering gateways
- Application gateways
- Hybrid or complex gateways
- Routing versus forwarding
- IP spoofing
- DNS and mail resolution
- Intranet
- Network trust relationships
- Virtual private networks
- Qualification of the firewall administrator
- Remote firewall administration
- Firewall backup
- System integrity
- Physical firewall security
- Firewall incident handling
- Upgrading the firewall
- Revision/update of firewall policy
- Examples of service-specific policies