Firewalls | Deploy and Manage

Deploy

Once testing is complete and all issues have been resolved, the next phase of the firewall planning and implementation model is deployment, which should be done in accordance with organization policies.

Before deploying the firewall, administrators should notify users or owners of potentially affected systems of the planned deployment, and instruct them who to notify if they encounter any problems.Any changes required to other equipment, such as changing default routes, should also be coordinated as part of the firewall deployment.

If multiple firewalls are being deployed, including personal firewalls or at multiple branch offices, a gradual or phased approach should be considered by the organization. This will provide administrators with an opportunity to evaluate the impact of the firewall solution and resolve issues prior to enterprise-wide deployment.

Manage

This last phase of the firewall planning and implementation model is the longest lasting, because managing the solution involves maintaining firewall architecture, policies, software, and other components of the solution chosen to be deployed.

One example of a typical maintenance action is testing and applying patches to firewall devices. Policy rules may need to be updated as requirements change, such as when new applications or hosts are implemented within the network, and should also be reviewed periodically to ensure they remain in compliance with security policy.

It is also important to monitor the performance of firewall components to ensure that potential resource issues are identified and addressed before components become overwhelmed. Logs and alerts should also be monitored continuously to identify threats—successful and unsuccessful—that are made to the system. Another important task is to perform periodic testing to verify that firewall rules are functioning as expected.

Changes to firewall rulesets or policies impact network security and should be managed by a formal process. Many firewalls have auditing of changes as part of their administrative interfaces, but this does not necessarily track policy changes.

At a minimum, a log should be kept of all policy decisions and ruleset changes—and this log should somehow be associated with the firewall. For example, the log can be attached to the device physically, or the log file can be kept in the same part of the organization’s inventory management system as the firewall.
Be aware that firewall rulesets can become increasingly complicated with age.

For example, a new firewall ruleset might contain entries to accommodate only outbound user traffic and inbound email traffic (along with allowing the return inbound connections required by TCP/IP)—but will likely contain far more rules by the time the firewall system reaches the end of its first year in production. While new user or business requirements typically drive these changes, they can also reflect other influences within an organization.

Organizations may want to consider penetration testing to assess the overall security of their network environment. This testing can be used to verify that a firewall ruleset is performing as intended by generating network traffic and monitoring how it is handled by the firewall in comparison with its expected response. Penetration testing should be employed in addition to, rather than instead of, a conventional audit program.

Published in Firewalls - VPN , Wednesday February 4th 2009
Tags: , ,



10 Responses to “Firewalls | Deploy and Manage”

  1. Kelly says:

    What is Packet Filtering ?

  2. admin says:

    Packet filtering is the process of analyzing the headers in network packets
    and deciding whether or not to allow the packets, based on the policy enforced by the firewall

  3. Dandy says:

    Who first proposed a distributed firewall solution ?

  4. admin says:

    It was proposed by Bellovin and was implemented by Ioannidis et al. in 2000 and by
    Markham and Payne in 2001

  5. Bar says:

    What is a SOCKS Proxy ?

  6. admin says:

    A SOCKS proxy is a circuit-level daemon server that has limited capabilities in
    a sense that it can only allow network packets that originate from nonprohibited
    sources without looking at the content of the packet itself

  7. Ella says:

    What is a Virtual Private Network (VPN) ?

  8. admin says:

    A VPN is a cryptographic system including Point-to-Point Tunneling Protocol (PPTP), Layer 2 Tunneling Protocol (L2TP), and IPSec that carry Point-to-Point Protocol (PPP) frames across an Internet with multiple data links with added security

  9. CoolHand says:

    What is a SOHO firewall ?

  10. admin says:

    A SOHO (Small Office or Home) firewall is a relatively small firewall that connects a few personal computers via a hub, switch, a bridge, even a router on one side and connecting to a broadband modem like DSL or cable on the other

  11. Ken says:

    interesting post

  12. P. Silva says:

    a very good article about Firewalls | Deploy and Manage

Leave a Reply


Privacy | About Us | Contact
Copyright © 2008 Home Automation - JAEC - All the rights reserved