Dedicated Firewall

Firewalls should be dedicated systems designed to protect the internal systems they shield

Firewalls must be dedicated and hardened security systems. Due to the security nature of a firewall, it must not be used for alternative purposes (even in small or remote environments), such as a domain name server, directory services, file and print or email services. This is due to the security risks associated in running additional services or applications on any firewall system. Justification by assessing the security risks would be better. To reduce the chances of security compromise, firewalls must have only the bare minimum of software resident on them.

Firewalls should be dedicated systems designed to protect the internal systems they shield. By running additional services (email, web, ftp, domain controller AD etc.), additional security vulnerabilities are exposed. For this reason a firewall should be a dedicated platform that has been system hardened and is running the bare number of services and protocols in order to perform its intended function.

Firewalls have to be well managed to be effective. Besides firewalls themselves should be dedicated systems, there needs to be a specialized and dedicated team tasked with the responsibility of managing the firewall and ensuring that someone is acting on any warning messages.

Because hackers and other intruders will be likely to use the latest attack techniques, the dedicated firewalls must be running the latest software to help combat these attacks. The Firewall administration team must ensure that all firewalls are supported by prompt software maintenance and updates.

Vendor-provided upgrades and patches must be tested on non-production systems before use.

The dedicated firewall administration team responsible for managing should subscribe to the relevant sources providing current information about firewall vulnerability which appear to affect the corporate firewalls can be promptly addressed.

The minimum requirement with regards to “Dedicated Firewalls” is:

1. All firewalls must be dedicated systems with a hardened kernel (operating system).
2. Firewalls platforms must not function as multi-purpose (eg. web, email, file and print or domain controllers) servers.

The previous article about internal firewall has been discussed, and to continue discussing about dedicated firewall you should also read about firewall change control. A change management procedure is required to ensure that firewall configuration changes do not impact the business or generate any security vulnerabilities.

Suggested readings:

• Business firewall – firewall for business and corporation
• router connection – the guideline
• firewall ports – the knowledge