Eicon Networks S92 Uživatelský manuál stáhnout pdf (Strana 68)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 68

4. PropertiesmarkedBEFORELASTintheSecurityPolicyProperties

5. RuleBaselastrule

6. PropertiesmarkedLASTintheSecurityPolicyProperties

7. ImplicitDropRule

Onewaytocleartheconfusionistodisableallthepropertiesoptionsandbuildevery

rulefromscratch.Withinthecontextoftherulebase,sinceFireWall1examinesthe

RuleBasesequentially,rulesmustbecarefullyarrangedintheappropriateorderto

preventunwantedtrafficfromenteringthenetwork.

InGIAC’sexamplehere,thepolicyforEcommerce,EmailandDNSarenot

conflictingwitheachothers,sotheorderbetweenthemdoesnotmatter.However,

Rule4willdenyeverything,soitmustbeplacedatthebottom,ornothingwillbe

abletopassthroughthefirewall.

Infact,placingthemostfrequentlyencounteredrulesatthetopisgood

performancewide.However,forasmallandpreciserulebaseliketheonewehave

here,itreallydoesnotmatter.

Therearecertainspecialrulesthataretoberetained.Theserulesare:

n Stealthrule,whichispositionedasthefirstruleintherulebasetopreventtraffic

fromaccessingthefirewallitselfdirectly.

n Implicitdroprule,whichisaddedtothebottomoftheRuleBasebydefaultto

dropallcommunicationattemptsnotdescribedbytheotherrules.

RuleElements:

TodefinearuleintheFW1rulebase,thefollowingcomponentsmustfirstbe

defined:

n Source– thesourcenetworkobject(s)

n Destination –thedestinationnetworkobject(s)

n Service–theapplicationprotocol(s)

n Action –drop,accept,alert…etc

n InstallOn  thefirewallitself

1 2 ... 63 64 65 66 67 68 69 70 71 72 73 ... 208 209

Žádné komentáře

Eicon Networks S92 Uživatelský manuál Strana 68