Auditing Your Firewall Setup
You've just finished implementing your new, shiny firewall. Or perhaps you've just inherited several new firewalls with the company merger. Either way, you are probably curious as to whether or not they are implemented properly. Will your firewalls keep the barbarians out there at bay? Does it meet your expectations? This paper will help you find out. Here you will find a guide on how to audit your firewall and your firewall rulebase. Examples provided here are based on Check Point FireWall-1, but should apply to most firewalls.
|
|
Building Your Firewall Rulebase
Building a solid rulebase is a critical, if not the most critical, step in implementing a successful and secure firewall. Security admins and experts all over the Internet argue what platforms and applications make the best firewalls. We compare stateful inspection tables, application based filtering, fragmentation and reassembly, etc. However, all of this is meaningless if your firewall rulebase is misconfigured. Far too often in my security audits I see $50,000 firewalls exposing organizations to great risk, all because of a misconfigured rule. That is the purpose of this paper, to help you plan, build, and maintain a solid and secure firewall rulebase. The information covered here applies to most firewalls, but I will be using Check Point FireWall-1 as an example. Regardless of what type of firewall you use, the basic concepts of rulebase design remain the same.
|
|
|
|
|
|
Check Point Firewall 1 on Linux, Part 1
This is the first in a series of three articles that will examine Check Point Firewall-1 for Linux. This installment will consist of a brief introductory overview of Firewall-1, and a discussion of installation, post-installation tasks, as well as single and multi-system installations. Subsequent articles in this series will focus on concepts such as network objects, firewall rules, address translation rules, and NAT, features and limitations of Firewall-1, file and directory layout, rulesets, migrating existing Firewall-1 installation to Linux, and back-up and standby configurations.
|
|
Check Point Firewall-1 on Linux, Part 2
Check Point Firewall-1 has been the market-leading firewall system since its introduction in 1994. The main advantage of Firewall-1 is its comprehensive and easy to understand GUI, which has made it a firewall system of choice for many corporate IT managers. This is the second in a series of three articles that will examine Check Point Firewall-1 for Linux. The first article consisted of a brief introductory overview of Firewall-1, and a discussion of installation, post-installation tasks, as well as single and multi-system installations. This installment will cover Firewall-1 concepts such as network objects, firewall rules, address translation rules, and NAT, as well as features and limitations of Firewall-1. The final article will then discuss aspects of Firewall-1 such as file and directory layout, rulesets, migrating existing Firewall-1 installation to Linux, and back-up and standby configurations.
|
|
Check Point Firewall-1 on Linux, Part 3
This is the third and final article in a series devoted to the exploration of Check Point Firewall-1 for Linux. In the first article we discussed single and multi-system installation and post-installation tasks. The second article explored Firewall-1 concepts such as network objects, firewall rules, address translation rules, and NAT, as well as features and limitations of Firewall-1. In this installment, we will go over aspects of Firewall-1 such as file and directory layout, rulesets, migrating existing Firewall-1 installations to Linux, and backup and standby configurations.
|
|
|
|
|
|
|
|
|
|
HTTPS (SSL) user authentication in Check Point FireWall-1 NG
From the performance point of view it is recommended to handle HTTPS traffic with different HTTP Security Server (e.g. the process listening on 443 port). However, it is possible to handle both HTTPS and HTTP traffic with the same HTTP Security Server.
|
|
Intrusion Detection for Check Point FireWall-1
Firewalls do a good job of keeping the bad guys out. But wouldn't it be nice to know when the bad guys are knocking on your door? This article covers just that, how to determine when the bad guys are probing your network. We discuss how you can use the IDS script alert.sh to track when you are being probed, and by whom. If you would like to see actual intrusion detection results, click here.
|
|
|
|
Page: 1 2
|
Actions
Category Stats