Firewalls are arguably the most important component that can be implemented to harden a network. Historically firewalls have been implemented on the perimeter of a network, providing protection and defenses against external threats. Firewalls allow you to define a protected network. In other words, you want to control the traffic that can enter and exit the network and protect the network from traffic that originates from an external source. Today, however, the role of a firewall in a network is evolving as administrators recognize that many threats to a network come from internal sources. As a result, firewalls are now being implemented within networks to segment and protect resources in the same manner that they have traditionally been used for segmenting and protecting against external threats. A great example of this is using a firewall between the network containing HR resources (the protected network) and the rest of the network (the unprotected network), thus controlling which systems, if any, can access those protected resources.
At the same time, the role of the firewall in hardening a network is not simply a case of How do I use the firewall to protect my resources? Your firewall must also be protected, intrusions must be detected , statistics must be gathered for management, and reliable logs must be created for post-mortem analysis or to pursue legal actions. As a result, this chapter looks at methods to harden your firewall and protect it from exploits and unauthorized access. Utilizing the firewall to harden your network perimeter and interior networks will be covered later in Chapters 11 and 12, respectively.
Many, many different firewall vendors are out there, and the concepts conveyed in this chapter are relevant for all of them. However, I have limited space I can devote to providing specific command syntax and examples, so I cannot cover them all. In deciding which firewalls to cover, I selected the top two market share leaders in commercial firewalls, as well as an open -source firewall solution. As a result, I will provide specific command examples for the following firewalls, where possible:
Cisco Secure PIX Firewall Operating System 6.3(1) A hardware-based firewall that is the current market share leader of all firewalls
Check Point SecurePlatform NG with Application Intelligence Build 142 A software-based firewall that is currently the number-two market share leader
Iptables 1.2.7a running on Red Hat Linux 9.0 An open-source software-based firewall that is popular in Linux/Unix shops