Enterprise Firewall

 

Firewalls are your first line of security defence against viruses, hackers, trojans. It is extremely important to ensure is configured properly in order for this security tool to be effective. I would like to share with you my hands-on Real-life firewall experience:

As an IT Security Engineer, I received a high priority call from a large corporate company and the last message was Server was hacked ! When I got there, I found out that one of the main server has a user and directory created that no one in the company can identify.

There was a high-end enterprise firewall installed but guess what, the was only 1 rule set. Allow All (meaning as good as no firewall). Period. Naturally, we (security company) came in and did a technical security assessment (audit). Further, recommended and implemented the appropriate server hardening, firewall reconfiguration, IPS (Intrusion Prevention System), Anti-Virus, user security training and this company had became one of the long lasting major customer.

So the lesson learned is to install a enterprise firewall and get the rules working for you. It will do you good.

As Featured on ArticleCity.com

 

The corporate firewall acts as the first line of defence against any Internet attacks. Please refer to the diagram below on the role a typical firewall interfacing with 3 types of network. e.g. Internet (External), Internal Network and DMZ (Dimilitarized Zone).

firewallnetwork

Some of the features of a corporate firewall which should be configured includes the following:

Able to be configured to be invisible to external parties. Do not allow "pings".

Administrator password must be at least 8 alphanumeric characters and held tightly by the person that you trust.

 

Tight Packet filter rules ( A must) They act by inspecting the "network packets" traveling between the firewall. It is sort of like a postoffice between the Internet and your office servers/PC. If a packet matches the packet filter's rules that state it is fine to pass through, the packet filter will pass the network packets to your Internal PC/Servers. If it does not match, the packet filter will drop the packet, or reject it (discard it, and send "error responses" to the source). Bottom line: ensure rules are configured properly.

Sync Protection : Ensure this protection is enable to protect against Sync Attack.

Typically a connection between PC and Server is establish when "3 way handshake is established". The sender PC will send a SYNC flag, then the receiving Server will send back a SYNC ACK flag. After that the sender PCwill send a SYNC ACK flag. Once these are all done, connection is established. The PC and Server can go about their business of connecting application e.g. FTP.

Now an intruder will keep on sending the server with SYNC flags. The server do not know what to do with it and will just hold them. Denial of Service attack will be established when the server cannot handle the load and deny any legitimate connections to the server.

IPS

Nowadays, a firewall is not adequate to protect the network. It should be complement with IPS which has updated signatures make access control decisions based on application content, rather than IP address or ports as traditional firewalls had done.

 

Back to Home for more Security Tips

 

COPYRIGHT 2007 Enterprise Firewall

 

About Gabriel Ng
Home

Hacking Demo on YouTube.com
Basic Protection Tutorial
How to Protect from Viruses
Trojans and Personal Firewalls
Spywares Prevention

 
Windows Hardening
Firewalls the Bastion Host
Security Policy
Server Vulnerabilities
Importance of Security Assessment
Disaster Recovery
Are Firewalls and Anti-Virus Adequate ?
Website Hacking Prevention

Security Books
WEP Wireless Security Stinks
 
 
 
 
 
 
INTERNET SECURITY ADVISOR
Step by Step Enterprise Firewall Guide for Beginners and Business Owners