For network security there are some rules which we covered under security policy. The firewall policy is altogether different. We must say that security policy resides at conceptual level and firewall policy resides at technical implementation level and is a subset of security policy. Here I am going to discuss the firewall policy which covers theoretical implementation of network security policy.
What is Firewall Security Policy
The firewall security policy is actual technical implementation guideline for the rules laid out in organization security policy. During implementation of firewall you create firewall rules which act in accordance with your security policy. The main function is to allow or disallow the types of traffic and connections as per security policy.
If a firewall is a packet filter type then firewall policy decides which packets are allowed to pass through the firewall. And if its an application proxy or gateway type then it will decide which type of services will be allowed to be accessed through the firewall.
Firewall Policy Types
The firewall policy can be divided into two categories:
- Allow by default.
- Deny by default.
Allow By Default
The policy which is allow by default, allows every type of packets and services to pass through the firewall. The ones which we don’t want to permit will be denied explicitly. This type of policy is Insecure by default because anything new and uncovered in rules will pass through the firewall. The kind of policy is normally used for research and development purposes.
Deny By Default
This type of firewall policy is to deny all packets and services to pass through the firewall. Anything which we want to allow will be allowed explicitly. Also this kind of policy is Secure by nature because we’ve already denied any forthcoming unseen threats by default. The usage of this type of policy is widely accepted and agreed upon. The only threats which remain uncovered under this type of policy is the ones which use the exploits of service or packets which are allowed to pass through the firewall.
The firewall policy rules are well guided by the usage requirements of your organization. Below are some common rules which you may want to implement in your firewalls. Here is the list of few:
- No telnet access allowed through the firewall. Because telnet is insecure by nature and passes the data in clear text.
- By default the FTP connections to or from your network should be prohibited unless special cases are there like uploading error logs to the vendor ftp sites and so on.
- Only secure Email access should be allowed through the firewall.
- No direct connection should be allowed for a service between internal client and outside service. If you have to, then use proxy server instead.
The list can be expanded as per your organization’s requirements.