Page 377 - StudyBook.pdf
P. 377

Infrastructure Security: Devices and Media • Chapter 6  361


                 Table 6.1 Firewall Technologies
                                                       Application
                 Requirement       Packet Filtering    Layer Gateways       Stateful Inspection

                 Communication     Partial             Partial              Yes
                 Information
                 Communication-
                 derived State     No                  Partial              Yes
                 Application-      No                  Yes                  Yes
                 derived State
                 Information       Partial             Yes                  Yes
                 Manipulation


                 Packet-filtering Firewalls

                 A packet-filtering firewall can be configured to deny or allow access to specific
                 ports or Internet Protocol (IP) addresses.The two policies that can be followed
                 when creating packet-filtering firewall rules are “allow by default” and “deny by
                 default.”“Allow by default” allows all traffic to pass through the firewall except
                 traffic that is specifically denied. ”Deny by default” blocks all traffic from passing
                 through the firewall except for traffic that is explicitly allowed.
                    Deny by default is the best security policy, because it follows the general secu-
                 rity concept of restricting all access to the minimum level necessary to support
                 business needs.The best practice is to deny access to all ports except those that are
                 absolutely necessary. For example, if configuring an externally facing firewall for a
                 Demilitarized Zone (DMZ), Security+ technicians may want to deny all ports
                 except port 443 (the Secure Sockets Layer [SSL] port) in order to require all con-
                 nections coming in to the DMZ to use Hypertext Transfer Protocol Secure
                 (HTTPS) to connect to the Web servers.Although it is not practical to assume that
                 only one port will be needed, the idea is to keep access to a minimum by fol-
                 lowing the best practice of denying by default.
                    A firewall works in two directions. It can be used to keep intruders at bay, and
                 it can be used to restrict access to an external network from its internal users.Why
                 do this? A good example is found in some Trojan horse programs.When Trojan
                 horse applications are initially installed, they report back to a centralized location to
                 notify the author or distributor that the program has been activated. Some Trojan
                 horse applications do this by reporting to an Internet Relay Chat (IRC) channel or




                                                                              www.syngress.com
   372   373   374   375   376   377   378   379   380   381   382