Eicon Networks S92 Bedienungsanleitung PDF herunterladen (Seite 30)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 30

DesignPrinciple

AsmentionedbyLanceSpitznerinhisarticle“BuildingYourFirewallRulebase”,

securitypolicydefineswhatistobeenforced

2

.

Thefirewallisatoolfordefininghowthesecuritypolicyisenforced.Beforewe

implementanyfirewallsolution,thesecuritypolicymustfirstbeclearlydefined.As

Lancesaid,thekeytosuccessissimplicity.Complicatedpolicygivesroomto

misconfiguration.

Firewallrulebasesfollowandimplementthedefinedsecuritypolicies.Forevery

rulebase,theprincipleisstraightforward–anythingnotexplicitlyallowedbyaruleis

rejectedbydefault.Thiswaytherulebasecanbekeptassimpleaspossiblewithout

theneedtointroducetonsofcomplicated(andpossiblyconflicting)rules.

Layered Architecture

Itisnotpossibletoencompassprotectionofallsortsforeverysegmentintoasingle

firewall.TheGIAC’snetworkdeploysalayeredprotectionarchitecture,meaning

differentfirewallsareimplementedatdifferentpointsofthenetwork.Theentire

networkissecuredwhentheappropriatesecuritypoliciesareallocatedtothe

appropriatefirewallsuchthateverycornerofthenetworkissecured.

Toimplementthissecurityarchitecture,weneedto:

1. defineoverallsecuritypoliciesfortheenterprisebasedonitstechnical

requirements

2. allocateenforcementdutiestothefirewalls

3. oneveryfirewall,definespecificrulesandsettingsforpolicyenforcement

2

http://www.enteract.com/~lspitz/rules.html

1 2 ... 25 26 27 28 29 30 31 32 33 34 35 ... 208 209

Keine Kommentare

Eicon Networks S92 Bedienungsanleitung Seite 30