World is Welcome To The World of Linux

Journey into the world of linux

Menu
  • About
  • Welcome
Menu

Firewall Security Policy

Posted on June 26, 2010 by Ganesh Sharma

If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!

For network security there are some rules which we covered under security policy. The firewall policy is altogether different. We must say that security policy resides at conceptual level and firewall policy resides at technical implementation level and is a subset of security policy. Here I am going to discuss the firewall policy which covers theoretical implementation of network security policy.

What is Firewall Security Policy

The firewall security policy is actual technical implementation guideline for the rules laid out in organization security policy. During implementation of firewall you create firewall rules which act in accordance with your security policy. The main function is to allow or disallow the types of traffic and connections as per security policy.

If a firewall is a packet filter type then firewall policy decides which packets are allowed to pass through the firewall. And if its an application proxy or gateway type then it will decide which type of services will be allowed to be accessed through the firewall.

Firewall Policy Types

The firewall policy can be divided into two categories:

  1. Allow by default.
  2. Deny by default.

Allow By Default

The policy which is allow by default, allows every type of packets and services to pass through the firewall. The ones which we don’t want to permit will be denied explicitly. This type of policy is Insecure by default because anything new and uncovered in rules will pass through the firewall. The kind of policy is normally used for research and development purposes.

Deny By Default

This type of firewall policy is to deny all packets and services to pass through the firewall. Anything which we want to allow will be allowed explicitly. Also this kind of policy is Secure by nature because we’ve already denied any forthcoming unseen threats by default. The usage of this type of policy is widely accepted and agreed upon. The only threats which remain uncovered under this type of policy is the ones which use the exploits of service or packets which are allowed to pass through the firewall.

The firewall policy rules are well guided by the usage requirements of your organization. Below are some common rules which you may want to implement in your firewalls. Here is the list of few:

  1. No telnet access allowed through the firewall. Because telnet is insecure by nature and passes the data in clear text.
  2. By default the FTP connections to or from your network should be prohibited unless special cases are there like uploading error logs to the vendor ftp sites and so on.
  3. Only secure Email access should be allowed through the firewall.
  4. No direct connection should be allowed for a service between internal client and outside service. If you have to, then use proxy server instead.

The list can be expanded as per your organization’s requirements.

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

  • Date Command Tutorial(Video)
  • grep Command Tutorial – 1(Video)
  • Introduction To ls Command(Video)
  • Chapter 3
  • Set Position Of Poll Module Into Joomla

Recent Comments

  • Kansas City Trailer Proz on Physical Volume In AIX – A Primer
  • Create volume group in AIX | myunixsheet on How To Create Volume Group
  • Restore of AIX backup on other Unix system - TecHub on What is mksysb And What Are Its Components
  • Firewall Unleashed - InfoSec Institute on Packet Filtering Firewall: An Introduction
  • Manwendra on Proxy Firewall and Gateway Firewall: Introduction

Archives

  • January 2019
  • June 2010
  • May 2010
  • February 2010
  • May 2009
  • April 2009
  • March 2009
  • February 2009
  • January 2009
  • December 2008
  • November 2008

Categories

  • 30 Days To Joomla WebSite Setup
  • A Journey To The World of Linux System Administration
  • Aix
  • Backups
  • Books
  • Firewalls
  • Introduction
  • Joomla
  • Joomla Backup
  • Joomla Web Technology
  • Linux
  • LPAR and Virtualization
  • LVM
  • Pluggable Authentication Modules
  • section navigator pro
  • Security
  • Security Knowledge Base
  • Tips and Tricks
  • Uncategorized
  • World is Welcome Products

Meta

  • Log in
  • Entries RSS
  • Comments RSS
  • WordPress.org
©2023 World is Welcome To The World of Linux | WordPress Theme by SuperbThemes