Network Firewall is a device or a system that controls the flow of traffic between protected network and un-trusted networks. This is accomplished by forcing all connections between the protected and the un-trusted networks to pass through a single concentrated checkpoint which will control, authenticate, filter and log all traffic according to the policies set. By controlling the flow of traffic through the gateway, the company can significantly reduce, but not eliminate, the amount of unauthorized traffic reaching its internal network via this network firewall system.
What a Network Firewall is good at?
A network Firewall is good at intercepting, controlling and logging network traffic (providing the network traffic channeled through it).
A network Firewall can, if effectively deployed and maintained, limit the risk to an internal network of exploitation of vulnerabilities in the TCP/IP protocol suite by external parties. This is achieved by filtering the network traffic and preventing known harmful traffic from reaching the trusted network.
What a Network Firewall is not good at?
Firewalls cannot provide protection against internal threats, such as misuse of access privileges.
Where access to the network bypasses the firewall, e.g.; a dial up modem, the firewall will also be ineffective.
Network Firewall is not very effective against previously unknown attacks, or attacks for which they are not specifically configured (for example, they can stop Java-based attacks against internal machines only if “Java stripping” is configured on the firewall). They are also not good at identifying potentially malicious purpose from seemingly acceptable looking traffic; e.g. identifying virus infected email.
Network Firewall Purposes
Network Firewall and firewall environments are often discussed in the context of an organization’s connection to the Internet. However, network firewall may have applicability in network environments that do not include or require Internet connectivity. For example, corporate enterprise networks may utilize network firewalls to restrict connectivity to and from internal networks servicing more sensitive functions. By employing network firewalls to control connectivity to these areas, unauthorized access to the respective systems and resources within the more sensitive areas can be prevented.
Firewall Strategy
However the deployment of network firewalls on internal networks does not come without potentially serious implications for the flow of traffic across the internal network and thus must not be undertaken lightly.
Internal facing firewalls should not therefore be deployed without careful thought and planning, nor without an appropriate risk assessment being done. The use of network Firewall to filter traffic between different internal groups within the company should be approached with great caution as the ‘benefits’ of filtering the network traffic may be significantly outweighed by the detrimental effect on the flow of information across the network.
Close liaison with the team responsible for Information Security in your business unit will help in determining whether a firewall is required.
Planning
Key factors to consider when evaluating the need to incorporate a network firewall into the security architecture are the value of the applications and data that would be affected/protected by the network firewall and how any protective measures would impact on other applications and services.
When the network firewall is between the company’s trusted internal network and the un-trusted outside world (i.e. the Internet) the decision is straightforward. Network Firewall should be used on each and every connection to the external network. However when evaluating the necessity for an internal firewall a comprehensive risk analysis should be carried out to establish which applications and data should be protected.
The results of this analysis should detail the relevant applications and data, their classification and how they will be secured. The risk analysis should evaluate: threats, vulnerabilities, and countermeasures currently in place and the impact to the business if either data or application is compromised and the potential impact on the way the business operates.
The risk analysis will help in determining how the network firewall should be configured to manage network traffic (assuming it is decided that a firewall will be an effective measure to adopt).
Internal firewalls should only where there is a specific identified need to address a specific identified threat and this threat cannot be addressed by any other means.
Network Firewalls have to be well managed to be effective. There needs to be a specialized and dedicated team tasked with the responsibility of managing the firewall and ensuring that someone is acting on any warning messages. The management function will also involve monitoring and managing access to the network firewall and making sure that only essential (business case proven) services are enabled. A good precept of firewall deployment is to start with a “deny all” configuration and add exceptions only as required for the smallest set of services which will meet the functional requirements requested.
Be paranoid when designing your network firewall policies and rule sets, assume that everyone from an un-trusted network is trying to get access to your trusted network and act accordingly.
Security through obscurity is no longer good security. You cannot assume that security vulnerabilities will not be taken advantage of.
Practical Considerations
A well thought out administrative framework to manage both the firewall environment and the way it integrates into the rest of the security architecture should be a pre-requisite.
Having a network firewall as the sole or even central component of your security strategy will most likely lead to the development of a security infrastructure which is both brittle and weak.
A network firewall should only be considered as one small part of a comprehensive security strategy.
You should also ensure that the network firewall is used in a way that complements the other components of the security strategy. A security strategy that incorporates a well structured policy and standards framework, together with security awareness training and the creation of a good ‘security culture’ will be infinitely more valuable in reducing cost and risk, than relying on a network firewall as the principal source of security protection.
Conclusion
If you have a network that permits access to an un-trusted network, e.g. the Internet, then firewalls with a default setting of “deny all” should be placed on every connection between the trusted and un-trusted networks (Refer to Firewall Security Standards)
If there are network firewalls on all the ‘external’ connections then the assumption should be that, unless there are compelling reasons to the contrary, network firewalls should not be installed between trusted network segments. Instead of thinking “Firewall is The Answer”, think about how to harden the security of the internal/trusted networks so that when a successful attack/penetration is made through the firewall, the systems’ security is robust enough to minimize any potential damage.
As network environments are continuously changing so must all security measures, including network firewalls be continually re-evaluated. Threats, and their countermeasures, are developing at a rate which requires vigilance and a real commitment to security management.
Recent Comments