On Wed, 31 Dec 2003, Dilip M wrote:
> I have successfully implemented a Firewall following steps in:
> We have web/mail server behind firewall.
> ITS WORKING FINE!!
> But i would like to know that few things
> Is this enough for corporate offices ?
> What all extra rules I need to have to protect our n/w from attacks ?
Ultimately it will depend on how paranoid you are. Most people initially
( holds true for me anyways) focus on outside traffic getting inside.
Then the first time your firewall is brought to it's knees (cpu load 100+)
because a MS-blast infection is churning out thousands of pings with your
firewall managing all those nat connections, the light will come on.
Traffic flow needs to looked in both directions for every pair of
interfaces your firewall has. Example, for three interfaces 6 traffic
flows would need to be studied.
Do a diagram of your layout and needs, then apply some critical thinking
about what needs to head where. I usually do this in an outline form. I
think also that a modest knowledge of tcp/ip is required for the firewall
implementation to be successfull. Lord knows there are numerous websites
that about the intracacies of tcp/ip.
Looking at the policy examples on the above URL tells me this is as simple
as a ruleset can be. Terms like vpn, liveupdate, and others quickly
complicate the ruleset. In other words, this is just a starting point.
But my guess is that that's just what Vadim meant it to be.