Firewall Best Practices
Posted on Friday, November 25, 2011
This article was posted in Security
- There should physical security for the firewall.
- Deny all the traffic and allow only those ports, protocols and services which are required.
- Services & software which are not specifically required should be uninstalled or disabled.
- Limit the number of applications that run on the firewall to let firewall perform at it best. Should avoid using services which can be configured on other dedicated machines instead of firewall.
- Syslog Server should be implemented in separate zone (Management zone) so that logs cannot be manipulated by malicious user.
- Log should be monitored regularly and should be kept for long period.
- Alrerting should be configured.
- Login Password should be of minimum 8 characters using a combination of alphabets, numeric & special characters such as $ & # This should be changed frequently.
- Access-list should be as much specific as it can be.
- Should have backup configuration in soft copy on TFTP Server as well as hard copy. There should be process for restoring the configuration directly from TFTP Server.
- Should have the backup of ios files of firewall and and should have process for restoring the ios .
- Should create different security zones for additional security.
- Instead of configuring telnet for remote management Secure Shell or SSH should be configured.
- Different privilege level should be configured for different users for limited access.
- Should be used stateful inspection should be enabled.
- Application proxy should be configured for added security.
- Should perform security tests regularly on your firewall to find out loop holes & flaws. These should be done from every interface of the firewall.