firewall implementation

User Generated

Xriva7229

Writing

Tarleton State University

Description

Discussion: Firewall Implementation Planning

Chapter 9

Learning Objectives and Outcomes

You will learn about firewall implementation planning, including a survey of use, scope, address space, technologies in use, availability, and support skill set.

Discussion Requirements

You are provided a handout containing various discussion points. (Firewall Implementation Planning)

Tasks

Discuss the pros and cons of firewall deployments by answering the following questions:

  • What are the relevant issues surrounding firewall deployments?
  • How does one balance security requirements with usability requirements?

Summarize your thoughts in a Microsoft Word document and submit it to your instructor.

Respond to at least two other students’ views to engage in a meaningful debate regarding their choices or to defend your choice.

Required Resources

Text Sheet: Firewall Implementation Planning

Submission Requirements

  • Format: Microsoft Word
  • Font: Arial, Size 12, Double-Space
  • Citation Style: MLA
  • Length: 1–2 pages

Unformatted Attachment Preview

Firewall Implementation Planning Survey of Use A firewall is a network security device or software that imposes a technological barrier to access and use of network assets while permitting authorized communications. It can be programmed to permit or deny communications based upon rules and other criteria. It can be used as a perimeter defense of a network or internally at a transition point to make a section of the network private. It may act as a proxy server hiding the true network addresses. Scope Firewalls provide protection for Internet-facing servers. This includes Web servers, e-mail servers, File Transfer Protocol (FTP) servers, and more. An organization must protect against attackers who try to gain access to information and resources within the internal network, such as servers and workstations. Servers can host massive amounts of data that can be invaluable if attackers can gain access to it. Database servers may host personally identifiable information (PII) about customers including their credit card data. Domain Name System (DNS) servers host information such as the Internet Protocol (IP) addresses and names of all systems in the network. Firewalls can permit or deny communication traffic by: ▪ Port ▪ Type of communication: Transmission Control Protocol (TCP) or User Datagram Protocol (UDP) ▪ Direction (inbound or outbound) ▪ Application ▪ Originating IP address ▪ Several other criteria depending on the flexibility of the firewall product in use Firewalls can redirect traffic (address forwarding), masking the actual addresses of the network they protect (proxy server). Firewalls that are stateful may inspect datagrams and some even do virtual reassembly when large amounts of data are fragmented into many datagrams. Firewall implementation planning must include: ▪ A well-defined security policy that sets standards for the network, users, and so on ▪ Bandwidth of the network ▪ Firewall strategy: single firewall, multi-homed firewall for a perimeter network, two firewalls in a demilitarized zone (DMZ) ▪ Firewall features that meet business and security needs. Consider: ▪ Security assurance: Independent assurance that the relevant firewall technology fulfills its specifications © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Page 1 Firewall Implementation Planning ▪ Privilege control: The degree to which the product can impose user access restrictions ▪ Authentication: The ability to authenticate clients and allow different types of access control for different users ▪ Audit capabilities: The ability to monitor network traffic, generate logs, and provide statistical reports ▪ Flexibility: Open enough to accommodate the security policy of your organization, as well as allow for changes ▪ Performance: Fast enough so that users don’t notice the screening of packets ▪ Availability: Able to perform under ordinary and extraordinary (attack) situations ▪ Scalability: Able to handle additional workload to accommodate organizational growth ▪ Initial purchase: Cost of the firewall and staff training Tip: Have a single firewall device with redundant components or pair the firewall with redundant firewalls incorporating either failover or load-balancing mechanisms. Address Space You will need to assign IP addresses to the interfaces in your firewalls. Find out if your Internet service provider (ISP) will give you a Dynamic Host Configuration Protocol (DHCP) address or a static IP address. Most ISPs use DHCP to dynamically allocate IP address space, so you would get a non-static IP address, which applies to your untrusted interface/network segment like the Internet. A trusted (internal) interface uses a different address. If the firewall routing device is in the DMZ, use static IP addressing. If you set up network address translation (NAT), you will need to know how many nodes or machines you will have on each network. The three network spaces defined by the Internet Engineering Task Force for NAT networks are: ▪ 10.0.0.0 - 10.255.255.255 (10/8 prefix) ▪ 172.16.0.0 - 172.31.255.255 (172.16/12 prefix) ▪ 192.168.0.0 - 192.168.255.255 (192.168/16 prefix) ▪ In the DMZ, select a network space appropriate for the number of hosts/networks you will require. Technologies in Use A stateful firewall keeps track of network connections such as TCP streams and UDP communication travelling across it. The firewall is programmed to distinguish legitimate packets for different types of connections. Only packets matching a known connection state will be allowed by the firewall. © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Page 2 Firewall Implementation Planning An application firewall operates by monitoring and potentially blocking the input, output, or system service calls, which do not meet the configured policy of the firewall at Open Systems Interconnection (OSI) layer 7 (applications). Typically, it monitors one or more specific applications or services (examples: Web and database services). A stateful firewall can provide access controls to any type of network traffic while an application firewall is highly specialized. There are two types of this kind of firewall; network-based and host-based. Support Skill Set Information technology (IT) professionals responsible for network security need to have a broad set of skills. They also need to understand concepts such as compartmentalization and be vigilant in producing relevant support documentation. They need to be very familiar with the concepts of systems security, network infrastructure, access controls, assessments and audits, cryptography, and organizational security. In many cases, they need to understand physical security because physical access to equipment like firewalls by the uninvited can severely undermine the security of the entire network. Vendors that sell firewalls provide support for them. This includes providing prompt access to technical expertise for installation, use, and maintenance. It may also include training. Compare support options from your prospective vendors to ensure you will be provided with the support you need. © 2014 by Jones & Bartlett Learning, LLC, an Ascend Learning Company. All rights reserved. www.jblearning.com Page 3
Purchase answer to see full attachment
User generated content is uploaded by users for the purposes of learning and should be used following Studypool's honor code & terms of service.

Explanation & Answer

Attached.

Student’s Last Name 1
Student’s Name
Professor’s Name
Subject
DD MM YYYY

Student’s Last Name 2
1. What are the relevant issues surrounding firewall deployments?
A firewall, even an extravagant and ground-breaking one, is just one of your protective
weapons, and it's never again adequate to concentrate on edge security alone. With the
expansion of cell phones and progressively refined types of fraud, organize security needs to
wind up comprehensive. Your security group ought to consider ensuring information
uprightness and information privacy inside and between workgroups, just as guaranteeing
legitimate client confirmation consistently—without making it unthinkable for your
organization to work. Specifically, cli...


Anonymous
I use Studypool every time I need help studying, and it never disappoints.

Studypool
4.7
Trustpilot
4.5
Sitejabber
4.4

Similar Content

Related Tags