A firewall is designed to protect network resources. Through a firewall, information can be securely shared amongst servers and workstations. They are a common form of security for any organization that has data to protect from mainly external sources. Firewalls are designed to block incoming traffic by preventing access through open ports. After installing a firewall, however, it is not necessarily safe to say that the organization is now protected against denial-of-service attacks. How can the network administrator know if the firewall is doing its job?
- The system that supports the firewall must be properly maintained. The network administrator should create a list of all field replaceable components for this system. Once this list is compiled, the components should be located in a safe storage area so that in the event of a system failure the components can be readily available. An ideal situation would be to have a totally redundant firewall system so that in the event of primary system failure, security would not be compromised.
- Whenever a change is made to the firewall configuration, perform a backup immediately to reflect that change. For example, there may be rules set up to perform specific functions. Whenever an update to any rule is made, the network administrator should perform an immediate backup of the configuration.
- Have the firewall vendor test both the firewall software and system hardware periodically for any "leaks." The testing procedure should include scanning the firewall system to determine the presence of known vulnerabilities and, if any are found, the immediate application of patches or fixes. Alternately, the network administrator should also have third-party certified vendors perform the same tests to ensure that the firewall's vendor does not have a bias. The tests should be performed when there is the least network traffic, because test scripts can possibly overload a network. The person conducting the tests should be supervised by either the CIO or the network administrator. In this way, questions can be asked about the testing procedure and results presented by the tests.
- The results of the tests should be stored in a secure location to prevent any unauthorized persons from gaining access to it
- As part of the testing phase, the firewall alarms and thresholds should also be tested. Delays in receiving alarms via e-mail or pager should be observed.
- Some vendors may require remote access to the firewall in order to perform testing procedure whenever there is a problem. This should be avoided unless there is written assurance from the vendor and approval by the client company's legal advisor.
Adesh Rampat has 10 years of experience with network and IT administration. He is a member of the Association of Internet Professionals, the Institute for Network Professionals and the International Webmasters Association. He has also lectured extensively on a variety of topics.