Firewall

Why

A firewall is to restrict the attack vector to specific networks fo assets.

Firewalls should monitor network segments they see as customs posts between countries.

Make sure the firewalls in line with the network design.

Principles

  • By default access
  • Last rule in the firewall
    • Everything (*)
    • To all (*)
    • Type all traffic (*)
    • Drop
  • Every firewall rule must be in the inventory and auditable
  • Reviews of firewall changes

Process

  1. By default: no entry
  2. Allow what is strictly necessary
    1. Motivation why the access is necessary
    2. The destination owner gives permission to turn the connection open (this is a summary)
    3. Entry in the inventory of firewall rule

Succession

  1. Rules that never match or hit, evaluate whether it is necessary
  2. Rules suddenly more matches to see what the reason
Last modified: Thursday, 31 December 2020, 4:55 PM