Tip

Performing firewall maintenance

A firewall is designed to protect network resources. Through a firewall, information can be securely shared amongst servers and workstations. They are a common form of security for any organization that has data to protect from mainly external sources. Firewalls are designed to block incoming traffic by preventing access through open ports. After installing a firewall, however, it is not necessarily safe to say that the organization is now protected against denial-of-service attacks. How can the network administrator know if the firewall is doing its job?

  • The system that supports the firewall must be properly maintained. The network administrator should create a list of all field replaceable components for this system. Once this list is compiled, the components should be located in a safe storage area so that in the event of a system failure the components can be readily available. An ideal situation would be to have a totally redundant firewall system so that in the event of primary system failure, security would not be compromised.

     

  • Whenever a change is made to the firewall configuration, perform a backup immediately to reflect that change. For example, there may be rules set up to perform specific functions. Whenever an update to any rule is made, the network administrator should perform an immediate backup of the configuration.

     

  • Have the firewall vendor test both the firewall software

    Requires Free Membership to View

  • and system hardware periodically for any "leaks." The testing procedure should include scanning the firewall system to determine the presence of known vulnerabilities and, if any are found, the immediate application of patches or fixes. Alternately, the network administrator should also have third-party certified vendors perform the same tests to ensure that the firewall's vendor does not have a bias. The tests should be performed when there is the least network traffic, because test scripts can possibly overload a network. The person conducting the tests should be supervised by either the CIO or the network administrator. In this way, questions can be asked about the testing procedure and results presented by the tests.

     

  • The results of the tests should be stored in a secure location to prevent any unauthorized persons from gaining access to it

     

  • As part of the testing phase, the firewall alarms and thresholds should also be tested. Delays in receiving alarms via e-mail or pager should be observed.

     

  • Some vendors may require remote access to the firewall in order to perform testing procedure whenever there is a problem. This should be avoided unless there is written assurance from the vendor and approval by the client company's legal advisor.

Adesh Rampat has 10 years of experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.


This was first published in May 2001

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.