Firewall systems must be configured so that they are visible to internal network management systems. This is a requirement so that security and network management alerts and reports can be accessed and acted on in a timely manner. Firewall management by monitoring the network is critical to the success of maintaining a healthy network environment which is part of the firewall security standards guideline.
Firewall systems must be correctly configured to generate alerts (as well as logging) when network security or firewall specific events occur. These generated alerts must be available and accessible within the corporate network to ensure that they are acted on in a timely manner. Firewall management systems must be transparent to all internal parts of the corporate network.
The corporate should have a network monitoring tools such as Statscout, and NetIQ’s AppManager and End2End throughout the global network, which one of the functions is to perform firewall management. For this reason these applications must not be restricted by internal firewall systems or packet filters.
Statscout uses SNMP to periodically poll network devices (SNMP agents) to retrieve (read only) system and network related information which is then stored on a centralized management server. The main advantage of Statscout over many other NMS products is that it is mainly focused on providing accurate network performance and uptime statistics.
Statscout delivers comprehensive real-time and historical reports on network bandwidth utilization, traffic classification, response times and error conditions. Being a finely tuned SNMP management product, it has the added benefit of producing minimal overhead traffic on the network and has a user friendly web interface.
NetIQ’s End2End product suite provides the ability to perform network connectivity and response time analysis via the use of End2End network agents. These End2End agents watch the network, and proactively identify if network services are not functioning efficiently or if response times are suffering. NetIQ’s End2End provides a graphical reporting system and alerting system to identify deterioration in network service levels.
Both Statscout and NetIQ’s End2End provide real-time and historical trend information with alerting and reporting capability. This can be used to develop a baseline to which service level agreements and network performance characteristics can be measured against.
Firewalls however must be configured to block network management from (external) un-trusted or unauthorized sources. This has been highlighted in recent security bulletins advising of the vulnerabilities associated with network management protocols such as SNMP.
The minimum requirement with regards to “Firewall Network Management Systems” is:
1. Firewalls must be configured to permit internal trusted network management systems
2. Firewall systems must be configured to automatically generate event and alert reports.
3. Firewall(s) must be configured to block network management from un-trusted networks and unauthorized sources (eg. SNMP from the internet and unauthenticated corporate email coming from an external (masqueraded) source).
Without a network based monitoring tool, network performance cannot be successfully measured. A suitable network capacity planning strategy thus cannot be determined.
In the previous article, the internal firewall has been discussed. The next article about the need of dedicated firewall is another series of firewall security guidelines for your organization. Due to the security nature of a firewall, firewall must be security hardened and must be dedicated, it must not be used for alternative purposes
Recent Comments