Eicon Networks S92 Uživatelský manuál stáhnout pdf (Strana 98)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 98

ConfiguringtheVisNetic _1Firewall:

Refertot he“ProductsPreparation”section forinformationon VisNeticFirewall. 

Refertot he“Products Preparation”section forinformationonWindows2000hardening.

VisNetic_1sitsbetweenthecoreswitchandthefollowingsegments:

n 192.168.18.0(Internal_Servers)

n 192.168.21.0(Critical_Resources)

n 192.168.22.0(RAS_Net)

SecurityPoliciesandOrders:

Thepoliciestobeenforcedhereare:

1. OnlyInternal_Admincanfreelyaccessallsegmentsbehindthisfirewall with

anyprotocol he/shelikes.

2. ExternalpartnersandsupplierscanaccessonlytheCritical_Resourcessegment.

SuchaccessmustoriginatefromCore_NetviaW2K_VPN,usingHTTP and

HTTPS astheprotocols. Theiraccessmustberestrictedbyapplicationlevel

authenticationandauthorization.

3. Internal_ClientsandInternal_DevcanaccessInternal_Serverswithanyprotocol,

althoughtheiraccessmustberestrictedbysystemlevelauthenticationand

authorization.

4. Internal_ClientsandInternal_DevcanaccessCritical_ResourcesonlyviaHTTP

andHTTPS. Theiraccessmustberestrictedbyapplicationlevelauthentication

andauthorization.

5. RASuserswhoconnectviaRAS_NetcanaccesstheInternal_Serverssegment

withanyprotocol,althoughtheiraccessmustberestrictedbysystemlevel

authenticationandauthorization.TheiraccesstoPublic_Servicesissubjectto

filteringatFW2_B2C.

6. Dropandlogeverythingelse.

SincetherulebaseforVisNeticiseffectiveonaperinterfacebasis,orderofrulesis

relevantonlywithinthecontextofindividualinterface.Ruleswithineachinterface

areprocessedsequentially,whichisexactlythesameasthewayrulesareprocessedin

1 2 ... 93 94 95 96 97 98 99 100 101 102 103 ... 208 209

Žádné komentáře

Eicon Networks S92 Uživatelský manuál Strana 98