Firewall Rules Analysis Using Athena Firepac

By: MS.LOCALE
Firewall rule-set

Simply put a rule-set for a firewall specifies what services to let through, and which ones to keep out. A rule defines the parameters against which each connection is compared, resulting in a decision on what action to take for each connection. There are two types of rules, ACCEPT and REJECT. ACCEPT rules define packet types that will be accepted by the firewall and REJECT rules define packet types to be reject. You can think of these rules as exceptions to the default policy. Since a REJECT default policy is being used the type of rules that will be needed are ACCEPT rules. The first step in creating firewall rules is to list the services that should be allowed with their sources and destinations. Some examples of these rules are

• Allow incoming packets from the administrator\'s host to the firewall and internal network.

• Allow incoming SSH packets from one specific host to the internal network.

• Allow outgoing HTTP(S), FTP, SSH and NTP packets from the internal network.

• Allow outgoing SMTP packets only from the internal mail server.

• Allow outgoing DNS packets only from the internal name server.

Managing Firewall Configuration

Once you setup your firewall, you will get numerous requests from people in your organization to add “just one more service”. Before you know it you end up with additional set of rules that affect your policies beyond comprehension.  To overcome these problems you can put a process in place to avoid indiscriminate changes to the firewall rule-set and imp
Firewalls On Servers
lement the most restrictive firewall policies. Of course keep in mind that even the most restrictive firewall policies do not guarantee that your systems and networks cannot be attacked and compromised. There are numerous ways that savvy hackers can penetrate firewalls, but a properly configured firewall will certainly reduce the risk of a potentially debilitating security compromise.

So, What Is Our Policy?

As a network administrator when you start out to define the firewall policy, you always want to keep it simple to understand and manage. You describe group of people you want to service, describe what service each group needs, define how each of these services will be kept secure and finally write some rules which will make all other types of access a violation. Over the years a number of rules are added to the original rule-set which keeps making your policies more complex. While most of the standard firewalls will not have more than a few hundred rules, there are known cases where a firewall has as many as 50000 rules.

The first and foremost problem with managing firewalls with that many rules is, these rules are processed top down. So while you may define a new rule to allow certain services, there may be a generic rule that blocks such service from being allowed across all destinations. The proper configuration of such firewalls demands significant network administration skills as well as level of understanding of organizational infrastructure. But beyond a certain level, understanding and interpretation of resultant policies is beyond human comprehension. This is where a tool like Athena FirePAC becomes a network administrator’s best friend.

Visit resources page on http://www.athenasecurity.net for more information about the types of reports the tool can generate for you.

Featured Topics: Comprehension • Exceptions • Firewall Rules • Incoming Packets • Internal Mail Server • Name Server • Ntp • Packet Types • Parameters • Risk • 

Related Articles

Comptia Security+ Article on Firewall Security Advantages and Firewall Functions (98.3739)
The firewall protects an internal network from malicious hackers or software on an external network. Firewalls filter potentially harmful incoming or ...

Firewall Bypass Software (62.791)
It's nice to surf the net, browse cool websites and play online games. But do you ever think that your computer is at risk by the time you are doing a...

Acquaint Yourself With Windows Firewall (56.5907)
Windows Firewall is a personal firewall, included with Microsoft’s Windows XP, Windows Server 2003, and Windows Vista. Its main function is to monit...

Firewall Software and Internet Security (48.9155)
Learn how to use firewall software to prevent network attacks and to block the viruses, spyware, worms, trojans and all other kinds of malware. Remove...

Best Free Firewall Software (48.7517)
You don’t have to spend a fortune to protect your home or business network from hacker intrusions. Comodo Firewall Pro is a free firewall software p...