Firewall network security provides guidelines for secured firewall in a computer networking infrastructure. Secured Internet Security Firewall in each entry point of the private network must be well-managed to provide protection against threats from external public (un-trusted) networks, such as the Internet. Networks must be segmented if distinct security boundaries are to be enforced.
A firewall is a system that controls the flow of traffic between networks and provides a mechanism for protecting hosts against network based security threats. It should be noted that Firewall network security cannot control (and protect against) traffic that does not flow through the security gateway (eg. a dialup modem will bypass any firewall), nor can it protect against internal or authorized attacks.
Firewalls are only as secure as the Firewall network security system and the implemented security policy (firewall rule base). Due to the number and variety of developing threats and security vulnerabilities being easily distributed on the Internet, Internet Security Firewall can never provide 100% protection against all possible threats, so that’s why Firewall network security is very essential in protecting the corporate networks.
Firewall topology
Firewall network security should cover the use of a suitable firewall, firewall topology and Firewall network security policy. This will be critical in ensuring protection against network security threats. A secured Internet Security Firewall must be used to provide protection against threats from external public (un-trusted) networks, such as the Internet. Networks must be segmented if distinct security boundaries are to be enforced. Read more detail about firewall topology here.
Firewall functional requirements
The corporate firewalls must adhere to certain minimum Firewall network security standards. This is a requirement to ensure that internal corporate assets are protected with a suitably supported and configured firewall. The minimum Firewall network security standard must define the functional requirements of a firewall that is to be used on the corporate network. Read more detail about firewall functional requirementshere.
Default firewall configurations
External facing firewalls must be configured by default to deny all traffic not specifically permitted by the Firewall network security policy. This is to ensure that maximum network security is enforced against all un-trusted and unauthorized networks. In order to protect against Internet based attacks all external facing firewalls must be configured to deny all traffic which is not explicitly permitted. Read more detail about default firewall configuration here.
Internal firewall connections
The Firewall network security standard in the use of internal firewall systems within the corporate is not encouraged. Internal Firewall network security systems should be avoided due to the potential risk in affecting the corporate core network services and applications such as email system; Domain Name System and domain controllers.
If an internal firewall is to be used then it must be configured accordingly as to not impede network services (e.g. the corporate Active Directory and Exchange Messaging) which are deemed critical to the operations of the corporate global network. If an internal firewall is being deployed then its Firewall network security policy configuration must be verified to ensure that the corporate cores services are not restricted. Read moredetail about internal firewall connections.
External facing firewall connections
Firewall network security standards about External facing firewalls must be configured to protect internal assets from Internet (eg. any public or un-trusted network) based security risks. This includes providing firewall connections on all external connections to the global corporate network. Read more detail about external facing firewall in Firewall network security standards.
Firewall auditing
One of the tasks in the Firewall network security standards that are essential to do is regular auditing. Regular security auditing of the corporate firewall systems must be undertaken to ensure that the firewall is performing its intended function and security has not been compromised. The auditing of the firewall system must be carried out by security personnel and include analysis of the firewall platform and its configured rule base, logging and alerting security measures. Read more detail about regular firewall auditing here.
Firewall logging
Firewall logging is essential in the Firewall network security standards. The collection and maintenance of firewall logs is critical in determining the security of a firewall system and the assets it protects. All suspicious activity as well as firewall configuration management must be logged in sufficient detail to assist with the identification of unauthorized access attempts. Logs must be routinely backed up and stored in a secure location. Read more detail about firewall logging here.
Contingency planning
Firewall network security standards require the management of disaster recovery and business continuity plan. Contingency planning must be prepared which address the response and action procedures that are to be taken in the event of various network firewall security related issues. These events include system\host compromise, security attacks, system malfunction and firewall (gateway) outages. Read more detail about firewall contingency planning here.
Firewall access privileges
Privileges to modify the firewall configuration (rule base) must be restricted to authorized security personnel. All firewalls should have at least two people who are adequately trained and are proficient in managing the internet security firewall system(s) and have a strong understanding of network and information security. Read more detail about firewall access privileges in Firewall network security standards here.
Firewall network management system
Internet security firewall systems must be configured so that they are visible to internal network management systems. This is a requirement so that security and network management alerts and reports can be accessed and acted on in a timely manner. Read more detail about firewall network management in Firewall network security standards here.
Dedicated firewall
Internet security firewall must be dedicated and hardened security systems. Due to the security nature of a firewall, it must not be used for alternative purposes (even in small or remote environments), such as a web, file and print or email services. Read more detail about dedicated firewall in Firewall network security standards here.
Firewall changed control
An Internet security firewall system must follow approved change management principles. This relates to hardware, software and configuration changes made on the firewall system(s). Read more detail about firewall changed control in the Firewall network security standards here.
The other solution for the business offices is a complete solution internet security appliance such as Safe@Office. Safe at Office 500 Series – a total internet security appliance for small to medium business organization, secure network access –anytime, anyplace. Besides the security appliances, the corporate organization can also adopt the security software for the corporate – BitDefender. The need of network management and security software in a large corporate organization is a need as part of the information security management.
