YuChakTinMichael‘sGIACGCFWProjectAssignment
Page 95
ConfiguringtheN orton3_IDSFirewall:
Refertot he“ProductsPreparation”section forinformationonNortonPersonalFirewall2002.
Refertot he“ProductsPreparation”section forinformationonWindows2000hardening.
Norton3_IDSsitsbetweentheinternal coreswitch andtheInternal_Devsegment.
SecurityPolicy:
Thepoliciestobeenforcedhereare:
1. NoconnectiontowardsInternal_Devcaneverbeinitiatedfromanyother
segment.
2. OutboundaccessrequestsmadebyInternal_Devarenotrestrictedbythis
firewall,butby otherfirewallsonthenetwork.
3. Whenthedevelopersaccesstheinternet,JavaandActiveXcodesareblocked.
4. Dropandlogeverythingelse.
DefiningtheZones:
n Inournetwork,Internal_Dev (192.168.20.0)itselfmustbetrustedsothatitcan
makeoutgoingrequests. Itsrequeststowardstheinternetshouldberestrictedat
ISA_Cache.ItsrequeststowardsPublic_Servicesshouldbefilteredat
FW2_B2C.
n Fornetworkmaintenanceandotheradministrativepurposes,Internal_Admin
(192.168.19.0)mustbeallowedtoaccessInternal_Dev. Therefore,192.168.19.0
shouldbeintheTrustedlist.
n NorequeststowardsInternal_DevcaneverbemadefromInternal_Clients
(192.168.17.0),Critical_Resources(192.168.21.0), Public_Services
(192.168.8.0),RAS_Net(192.168.22.0)nor Core_Net(192.168.16.0).These
subnetsshouldallbeRestricted.
n WhetherornottrafficcanbeinitiatedfromInternal_Serversdependsonthe
serverapplicationsinuse.SinceInternal_Serversisprettysecureunderthe
protectionoftheVisNeticfirewall,andjustincasethatcertainmaintenance
traffichastooriginatefromtheserverstotheclients,wewillhave
Commentaires sur ces manuels