Firewall can protect network environment. But what constitutes a good firewall? The answer actually depend on the site security requirements. However, one should always check for the following attributes in a firewall:
1. The firewall should be able to support a 'deny all services except those specifically permitted' design policy, even if that is not the policy used.
2. The firewall should be flexible. It should be able to accommodate new services and needs if the security policy of the origination warrants so.
3. The firewall should contain advanced authentication measures.
4. The firewall should employ filtering techniques to permit or to deny services to specified host systems as and when needed.
5. The firewall should use proxy services for File Transfer Protocol (FTP) and TELNET (TELecommunication NETwork), so that advanced authentication measures can be employed and centralized. If services such as gopher or HTTP are required, the firewall should contain the corresponding proxy services.
6. The firewall should accommodate public access to the site, such that public information servers can be protected by the firewall but can be segregated from site systems that do not require the public access.
7. The firewall should contain mechanisms for logging traffic and susoicious activity, and should contain machanisms for log reduction so that logs are readable and understandable.
8. If the firewall requires an operating system such as Unix, a secured version of the operating system should be part of the firewall.
No comments:
Post a Comment