Eicon Networks S92 Uživatelský manuál stáhnout pdf (Strana 30)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 30

DesignPrinciple

AsmentionedbyLanceSpitznerinhisarticle“BuildingYourFirewallRulebase”,

securitypolicydefineswhatistobeenforced

2

.

Thefirewallisatoolfordefininghowthesecuritypolicyisenforced.Beforewe

implementanyfirewallsolution,thesecuritypolicymustfirstbeclearlydefined.As

Lancesaid,thekeytosuccessissimplicity.Complicatedpolicygivesroomto

misconfiguration.

Firewallrulebasesfollowandimplementthedefinedsecuritypolicies.Forevery

rulebase,theprincipleisstraightforward–anythingnotexplicitlyallowedbyaruleis

rejectedbydefault.Thiswaytherulebasecanbekeptassimpleaspossiblewithout

theneedtointroducetonsofcomplicated(andpossiblyconflicting)rules.

Layered Architecture

Itisnotpossibletoencompassprotectionofallsortsforeverysegmentintoasingle

firewall.TheGIAC’snetworkdeploysalayeredprotectionarchitecture,meaning

differentfirewallsareimplementedatdifferentpointsofthenetwork.Theentire

networkissecuredwhentheappropriatesecuritypoliciesareallocatedtothe

appropriatefirewallsuchthateverycornerofthenetworkissecured.

Toimplementthissecurityarchitecture,weneedto:

1. defineoverallsecuritypoliciesfortheenterprisebasedonitstechnical

requirements

2. allocateenforcementdutiestothefirewalls

3. oneveryfirewall,definespecificrulesandsettingsforpolicyenforcement

2

http://www.enteract.com/~lspitz/rules.html

1 2 ... 25 26 27 28 29 30 31 32 33 34 35 ... 208 209

Žádné komentáře

Eicon Networks S92 Uživatelský manuál Strana 30