What is a firewall?

A firewall is better described as an activity than as a technology. The hardware and software used to allow or deny network packets is simply a tool to achieve a specific network security goal.

There are many network security goals. A firewall can be described as a method of regulating traffic between two networks. The two networks involved are often an organization's private network and the public Internet, but could also be two distinct networks within the same organization, for example, sales and research & development.

What is involved in implementing and maintaining a firewall?

Before a firewall can be implemented, the specifics surrounding the desired regulation of traffic must be defined. Firewall policy development and documentation is the first step in designing a firewall solution. Development of the firewall policy will result in a collection of requirements the proposed solution must address. Some questions:

  • What is the purpose of the firewall?
  • What traffic will be regulated?
  • Who has the authority to define what is allowed and what is restricted?

Only when a clear understanding of the specific goals of the firewall has been reached does it make sense to move to the next step. The technical architecture will outline in relatively general terms how the proposed firewall will operate. Some questions:

  • How many network segments will be regulated?
  • Are there public Internet services involved?
  • Will there be remote access or VPN connections through/around the firewall?
  • What are the anticipated traffic levels between segments?
  • What are the consequences of firewall failure?
When a technical architecture has been defined, hardware/software selection can begin. At this point, the focus is on the capabilities of a particular hardware/software platform to deliver the requirements outlined previously. Some additional considerations:
  • Can the requirements be met with an integrated appliance vs a server-based software product?
  • Are there hardware platform or network operating system integration issues?
  • What are the budget limitations?

Once a product is selected, the technical design will define in precise detail exactly how the solution will be implemented, and will operate. This phase will require some testing to confirm that the solution does indeed operate as expected. Some technical design issues:

  • If the solution is server-based, exactly what hardware will be used, and how will it be configured?
  • Which server operating system will be used? At which patch level?
  • How will network security be defined at the operating system level?
  • What are the physical requirements?
  • How will physical security be addressed?
  • What is the planned approach for fault-tolerance?
With the policy defined and the technical solution designed, development and implementation of production controls, monitoring systems, change management processes, and incident response procedures will ensure that the solution delivers the required level of protection, and any security breaches are appropriately handled. Some considerations:
  • Who has physical and logical access to the production environment?
  • How is the system monitored for unacceptable events? (i.e. security breach, power failure)
  • Exactly how are changes approved, implemented and tested?
  • When a security event occurs, exactly what actions are taken, by whom, and in what timeframe?
With the preparation work complete, the actual implementation can occur. At this point, implementing the solution should be as simple as following the previous documentation. Intrusion testing should be performed after implementation, but prior to production.

Once the solution is in production, regular log analysis and reporting will be required to monitor traffic, both for security and capacity planning reasons.

 

 

Copyright 2001-2005 lanmark network solutions inc.