>

High Performance N600 Routers:

  1. D-Link DIR-827 N600 with USB 3.0
  2. True MAC and PC Netgear WNDRMAC N600 Router
  3. Netgear WNDR3800 N600 Premium Edition
  4. Netgear WNDR37AV N600
  5. Netgear WNDR3700 N600
  6. Netgear WNDR3400 N600
  7. D-Link DIR-825 N600
  8. Belkin N600 DB
  9. D-Link DIR-4500 Gamer Lounge
  10. Asus RT-N56U Black Diamond
  11. Buffalo WZR-HP-AG300H
  12. Apple Time Capsule
  13. Linksys E3200 N600
  14. Linksys E2500 N600
  15. Apple Airport Extreme
  1. Netgear DGND3700 N600 Adsl2 Modem Router
  2. Surfboard SBG6580 DOCSIS 3 Cable Modem
  3. Linksys X2000 ADSL modem router
  4. Actiontec GT701D adsl modem router
  5. TP-Link TD-8960N Adsl modem router
  6. TP-Link TD-8961ND Adsl modem router

Popular:

  1. Most popular home wireless range extender
  2. D-link Dap-1360 range extender
  3. Netgear WN3000Rp Range Extender
  4. Wnce2001 Wnce3001 Universal Internet Adapter
  5. Top 10 Wireless Routers
  6. The wireless network and router diagram

«  
  »

Firewalls Security Standards


Firewalls Security Standard Guidelines for the Corporate

The use of a suitable firewall, firewall topology and security policy is critical in ensuring protection against network security threats. A secured firewall must be used to provide protection against threats from external public (un-trusted) networks, such as the Internet. Networks must be segmented if distinct security boundaries are to be enforced.

A firewall is a system that controls the flow of traffic between networks and provides a mechanism for protecting hosts against network based security threats. It should be noted that firewalls cannot control (and protect against) traffic that does not flow through the security gateway (eg. a dialup modem will bypass any firewall), nor can it protect against internal or authorized attacks. Firewalls are only as secure as the firewall system and the implemented security policy (firewall rule base).

Due to the number and variety of developing threats and security vulnerabilities being easily distributed on the Internet firewalls can never provide 100% protection against all possible threats. A suitable firewall must be used to interconnect to any external, public or un-trusted network (i.e. the Internet). This is mandatory due to the security threats that exist and the sensitive nature of information located within the corporate. A DMZ (De-Militarized Zone) must be used to provide segmentation of the network when hosting public resources, such as Internet web servers.

Firewalls Security - External Firewall with 1 DMZ

Firewalls Security - External Firewall with 1 DMZ

Multiple DMZ’s may be used if a requirement exists for multiple network segments with differing security policies (levels). This has applications for extranets, intranets, web hosting and remote access gateways (as shown below).

Firewalls Security - External firewall with 2 DMZs

Firewalls Security - External firewall with 2 DMZs

The minimum requirements in the firewalls security standards are:

1. A suitable firewall must be used for all external connections. External facing firewalls must be configured to protect internal assets from Internet (eg. any public or un-trusted network) based security risks. All external facing firewalls must be configured to DENY all traffic unless explicitly permitted.

2. External facing firewalls must not expose internal components such as inside IP addresses and private DNS to the Internet. Network Address Translation (NAT) must be used to hide Internal addresses.

3. Traffic must be individually ALLOWED (permitted) based on the traffic classification parameters which include:

a. Application type (protocol and port)

b. Direction (source / destination)

c. Action (permit / deny)

d. Authentication requirements

e. Virus scanning (content filtering)

f. Logging level

4. External facing firewall must be configured for anti-spoofing (IP-masquerading) to defend against common IP based security attacks.

5. Regular security auditing of the firewall systems must be undertaken to ensure that the firewall is performing its intended function and security has not been compromised. The auditing of the firewall system must be carried out by security personnel and include analysis of the firewall platform and its configured rule base, logging and alerting security measures.

6. The collection and maintenance of firewall logs is critical in determining the security of a firewall system and the assets it protects. All suspicious activity as well as firewall configuration management must be logged in sufficient detail to assist with the identification of unauthorized access attempts. Logs must be routinely backed up and stored in a secure location.

7. Networks with differing security requirements must be segmented and protected with a firewall (eg. Internal (trusted) vs. Internet (un-trusted)).

8. A DMZ is mandatory for systems (eg. web servers) that are accessible from any public (un-trusted) network. These externally accessed hosts must not be placed on the corporate internal (business) networks.

9. Multiple DMZ’s may be used to provide network segments with multiple security classifications (or zones).

10. Firewall systems must be configured so that they are visible to internal network management systems. This is a requirement so that security and network management alerts and reports can be accessed and acted on in a timely manner.

11. Privileges to modify the firewall configuration (rule base) must be restricted to authorized security personnel. All firewalls should have at least two people who are adequately trained and are proficient in managing the firewall system(s) and have a strong understanding of network and information security.

12. Firewalls must be dedicated and hardened security systems. Due to the security nature of a firewall, it must not be used for alternative purposes (even in small or remote environments), such as a web, file and print or email services. This is due to the security risks associated in running additional services or applications on any firewall system.

13. Contingency plans must be prepared which address the response and action procedures that are to be taken in the event of various network firewall security related issues. These events include systemhost compromise, security attacks, system malfunction and firewall (gateway) outages.

A suitable firewall topology ensures the ability to identify security boundaries within the network and to apply a valid security policy (rule base) to the security gateway (firewall).

Today, there are many wireless firewall appliances you can purchase to protect your home wireless network with the proper security features to securely protect your home network from the Internet. Not just that, you can play online game wirelessly (with the addition of wireless game adapter) and securely with the wireless router specifically designed for the gamers (such as DGL4300 or a more powerful DGL-4500 router). Both of the wireless routers are capable of providing basic firewall features such as NAT solution and stateful packet inspection (SPI) to reduce, if not completely protect against network security threats.

The firewall appliances that can provide VPN function are also available lots in the market such as NETGEAR ProSafe® VPN Firewall FVX538. Featuring eight auto-sensing 10/100 Mbps LAN ports, one Gigabit LAN port and two 10/100 WAN ports, the ProSafe® VPN Firewall FVX538 lets multiple computers in your office share two Internet connections.

For your small office wireless network, you can consider NETGEAR’s SRXN3205 ProSafe® Wireless-N VPN Firewall. This firewall appliance provides you two types of virtual private network (VPN) tunnels, Secure Sockets Layer (SSL) and IP security (IPsec), for optimal secure connection to your network.

Ki Grinsing


See also:

April 19th, 2009 | Tags: , , | Category: Wireless Security | Leave a comment

Leave a Reply

 

 

 

You can use these HTML tags

<a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>