I'm looking for some best practices or Security guidelines for Firewall and VPN. Trying to study a little more about network security and write a sort of decalogue (set of rules). Usefull to follow when implementing a new system. Any ideas?
Thanks.
Asked
Active
Viewed 226 times
1 Answers
8
- Start with a two-way deny-all, then only add allow rules when a) requested, b) documented, c) reviewed by someone else and d) review their validity every quarter/6-months/year/whatever.
- Syslog and retain every deny for at least a quarter.
- Try to only allow through standard ports.
- Ensure all FW actions are authorised and audited.
- Dependant on volume maybe use Splunk to analyse where your denies are coming from, can be useful but can get expensive.
- Document everything to within an inch of its life, there's nothing as horrifying to new sysadmins as an undocumented FW.
Chopper3
- 101,299
- 9
- 108
- 239
-
+1 to starting with deny all. There're few things harder to debug than a firewall with accept all as the base rule – Paul D'Ambra Sep 23 '11 at 10:18
-
Thanks for your infos!! Have you any links or documents? like Cisco man or SANS docs? – Possa Sep 23 '11 at 10:20
-
I don't know about that last point...well, not the point itself, but rather the assertion. – Bart Silverstrim Sep 23 '11 at 11:59