Summary


In this chapter we have discussed the importance of a security policy and how to write one for your organization. Remember that the most important aspect of defining a security policy is involvement. Because the default policy of Check Point NG is to deny everything, with community involvement you can better define the requirements, and as a result, only permit communication that is necessary for business activities while denying all others.

As you implement and translate your written policy into something that can be enforced by Check Point NG, you will have to define network objects. Much of this information should have been gathered during the design of your policy and includes items like workstations, gateways, users, and services. Eventually, the rules you write will use these objects to match packets for processing and applying actions.

A firewall object must be defined for each firewall you are installing a policy on. In a simple, standalone installation where the management server and firewall module reside on the same machine, the firewall object is created for you during software installation. You will need to configure the interfaces topology and anti-spoofing and possibly SYNDefender within your firewall object definition.

FW-1 provides several tools to manipulate the security policy. There are several different methods of adding a rule to the rule base, disabling rules, cutting and pasting rules, and querying the rule base. Once you have the policy defined and you are ready to start the firewall enforcing the policy, you must install the policy onto the firewall objects that you have previously defined.

The installation of a policy is a process that converts the GUI rule base, which is represented as the *.W file, into an INSPECT script language *.pf file. The *.pf file is then compiled into INSPECT code, and is represented as a *.fc file that can be understood and enforced by the specified Check Point NG modules.




The Best Damn Firewall Book Period
The Best Damn Firewall Book Period
ISBN: 1931836906
EAN: 2147483647
Year: 2003
Pages: 240

flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net