Organizations should have policies for handling incoming and outgoing IPv6 traffic. Many types of IPv4 traffic, such as that with invalid or private addresses, should be blocked by default. Policies should take into account the source and destination of the traffic in addition to the content. _12.įirewall policies should be based on blocking all inbound and outbound traffic, with exceptions made for desired traffic. _11.Īn organization’s firewall policy should be based on a comprehensive risk analysis. In some environments, putting one firewall behind another may lead to a desired security goal, but in general such multiple layers of firewalls can be troublesome. _9.ĭo not rely on NATs to provide the benefits of firewalls. If an edge firewall has a DMZ, consider which outward-facing services should be run from the DMZ and which should remain on the inside network. _7.ĭifferent common network architectures lead to very different choices for where to place a firewall, so an organization should assess which architecture works best for its security goals. However, an organization might change its network architecture at the same time as it deploys a firewall as part of an overall security upgrade. In general, a firewall should fit into a current network’s layout. Management of personal firewalls should be centralized to help efficiently create, distribute, and enforce policies for all users and groups. When choosing the type of firewall to deploy, it is important to decide whether the firewall needs to act as an application proxy. _3.Ĭompliance checking is only useful in a firewall when it can block communication that can be harmful to protected systems.
Organizations should only permit outbound traffic that uses the source IP addresses in use by the organization.
The use of network address translation (NAT) should be considered a form of routing, not a type of firewall. The following checklist lists the major tasks for network firewalls (check all tasks completed): _1. An Agenda for Action for Network Firewalls
0 kommentar(er)
