Previous Page | Next Page

  1. Introduction
  2. Your Needs
  3. What to Protect
  4. Security Policies
  5. Security Policy Requirements
  6. Incident Procedures
  7. Security Categories
  8. Software Vulnerability Control
  9. Hostile Software
  10. Network Layout
  11. Traffic Filtering
  12. Mail
  13. Firewall Protection
  14. Network Intrusion Detection
  15. Network Port Scanning
  16. Network Tools
  17. Passwords
  18. Types of Attacks
  19. Protocol Use
  20. Entry Points
  21. Cost
  22. Application Level Protection
  23. System Protection
  24. User Issues
  25. Other Recommendations
  26. Terms
  27. Credits

Firewall Protection

Firewall

Firewalls are used to protect an organization's internal network from those on the outside (internet). It limits and regulates the access from the outside to the internal network and also regulates traffic going out. It is used to keep outsiders from gaining information to secrets or from doing damage to internal computer systems. Firewalls are also used to limit the access of individuals on the internal network to services on the internet along with keeping track of what is done through the firewall.

Firewalls filter traffic based on their protocol, sending or receiving port, sending or receiving IP address, or the value of some status bits in the packet. There are several types of firewalls which include packet filtering, circuit level relay, and application proxy.

If your organization does not have a firewall, get one. At least implement a packet filtering firewall on a Linux based computer, if money is the concern.

  • The firewall should filter e-mail, FTP file transfers, and web content traffic for potential harmful or hostile code and viruses.
  • No computer should be directly connected to the internet without going through an IS approved firewall. This means independent modem connections to the internet should be forbidden.

Firewall Policy

  • Set up a "spoofing filter" on your firewall - Don't allow traffic from the internet that indicates a source IP address matching any of your internal network addresses. This keeps attackers from "spoofing" your machines and possibly causing them to crash.
  • Prevent spoofing from your network - Place an outbound filter (for addresses inside your network attempting outside access) on the firewall that only allows traffic from valid internal network addresses to be serviced. This should prevent attacks against other networks from being originated in your network.