TECH TIPS
Performing firewall maintenance
Adesh Rampat
05.08.2003
Rating: -4.20- (out of 5)
|
A firewall is designed to protect network resources. Through a
firewall, information can be securely shared amongst servers and
workstations. They are a common form of security for any organization
that has data to protect from mainly external sources. Firewalls are
designed to block incoming traffic by preventing access through open
ports. After installing a firewall, however, it is not necessarily
safe to say that the organization is now protected against
denial-of-service attacks. How can the network administrator know if
the firewall is doing its job?
- The system that supports the firewall must be properly maintained. The network administrator should create a list of all field replaceable components for this system. Once this list is compiled, the components should be located in a safe storage area so that in the event of a system failure the components can be readily available. An ideal situation would be to have a totally redundant firewall system so that in the event of primary system failure, security would not be compromised.
- Whenever a change is made to the firewall configuration, perform a backup immediately to reflect that change. For example, there may be rules set up to perform specific functions. Whenever an update to any rule is made, the network administrator should perform an immediate backup of the configuration.
- Have the firewall vendor test both the firewall software and system hardware periodically for any "leaks." The testing procedure should include scanning the firewall system to determine the presence of known vulnerabilities and, if any are found, the immediate
application of patches or fixes. Alternately, the network administrator should also have third-party certified vendors perform the same tests to ensure that the firewall's vendor does not have a bias. The tests should be performed when there is the least network traffic, because test scripts can possibly overload a network. The person conducting the tests should be supervised by either the CIO or the network administrator. In this way, questions can be asked about the testing procedure and results presented by the tests.
- The results of the tests should be stored in a secure location to prevent any unauthorized persons from gaining access to it
- As part of the testing phase, the firewall alarms and thresholds should also be tested. Delays in receiving alarms via e-mail or pager should be observed.
- Some vendors may require remote access to the firewall in order to perform testing procedure whenever there is a problem. This should be avoided unless there is written assurance from the vendor and approval by the client company's legal advisor.
Adesh Rampat has 10 years of experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.
|
|
Rate this Tip
|
To rate tips, you must be a member of SearchSecurity.com.
Register now
to start rating these tips. Log in if you are already a member.
|
DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.
|
|
|
|
|
|
|
