Professional Documents
Culture Documents
Objectives
Explain how to edit a rule base Describe how to manage log files List measures for improving firewall performance and security Explain how to install and configure Microsoft ISA Server 2006 Explain how to manage and configure Iptables for Linux
Keep rules that cover domain objects near the bottom of the rule base
Reducing Rules
Check for duplicate or unnecessary entries Consolidate rules
Goal: reduce number of rules with Log as the action to bare minimum
Log only events attempting to access restricted resources
Firewalls may include a GUI interface to customize log file display Firewalls offer many types of logging data
First seven types in Table 7-4 are must-haves
Tactical Perimeter Defense 9
10
11
12
Log file analyzers can be built into firewall or addons ZoneLog Analyser: add-on analyzer
Known port lists Filters Custom reports IP address resolution
13
14
15
16
17
19
20
21
Figure 7-8 The Advanced Tab and the Log Settings dialog box
22
23
24
25
Security policy should state software licensing requirements explicitly Enforce requirements Include licensing issues and requirements in security training
26
29
30
32
33
34
35
36
Monitoring Servers
Monitoring integrated into ISA Server management console
Connectivity Alerts Sessions System performance Customized report generation Logging Configuration of array members
37
38
39
Built-in Chains
Types of built-in chains
Output: packet received inside network has destination address on external network Input: packets from external network has destination address on internal network Forward: packet need to be routed to another location
40
41
42
User-Defined Chains
Some commands for configuring rules
-A chain rule: adds a new rule to the chain -I chain rulenumber rule: places a new rule in a specific location -R chain rulenumber rule: replaces a rule with a new rule in the specified location -D chain rulenumber: deleted a rule at the position specified by rulenumber -D chain rule: deletes a rule
43
44
45
Summary
Improving a firewall configuration
Optimize rule base and fine-tune logging
Log files
Text-based, ODBS, W3C Extended, firewall interface Fine-tune log files to log only essential information Analysis tools: summaries of raw data, generation of reports
46
Summary (cont.)
Testing a firewall
Before and after it goes online Before installing on network
Configuring a firewall
Advanced features: data caching, remote management, application filtering, load balancing, etc.