Eicon Networks S92 Manuel d'utilisateur télécharger pdf (Page 95)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 95

ConfiguringtheN orton3_IDSFirewall:

Refertot he“ProductsPreparation”section forinformationonNortonPersonalFirewall2002.

Refertot he“ProductsPreparation”section forinformationonWindows2000hardening.

Norton3_IDSsitsbetweentheinternal coreswitch andtheInternal_Devsegment.

SecurityPolicy:

Thepoliciestobeenforcedhereare:

1. NoconnectiontowardsInternal_Devcaneverbeinitiatedfromanyother

segment.

2. OutboundaccessrequestsmadebyInternal_Devarenotrestrictedbythis

firewall,butby otherfirewallsonthenetwork.

3. Whenthedevelopersaccesstheinternet,JavaandActiveXcodesareblocked.

4. Dropandlogeverythingelse.

DefiningtheZones:

n Inournetwork,Internal_Dev (192.168.20.0)itselfmustbetrustedsothatitcan

makeoutgoingrequests. Itsrequeststowardstheinternetshouldberestrictedat

ISA_Cache.ItsrequeststowardsPublic_Servicesshouldbefilteredat

FW2_B2C.

n Fornetworkmaintenanceandotheradministrativepurposes,Internal_Admin

(192.168.19.0)mustbeallowedtoaccessInternal_Dev. Therefore,192.168.19.0

shouldbeintheTrustedlist.

n NorequeststowardsInternal_DevcaneverbemadefromInternal_Clients

(192.168.17.0),Critical_Resources(192.168.21.0),  Public_Services

(192.168.8.0),RAS_Net(192.168.22.0)nor Core_Net(192.168.16.0).These

subnetsshouldallbeRestricted.

n WhetherornottrafficcanbeinitiatedfromInternal_Serversdependsonthe

serverapplicationsinuse.SinceInternal_Serversisprettysecureunderthe

protectionoftheVisNeticfirewall,andjustincasethatcertainmaintenance

traffichastooriginatefromtheserverstotheclients,wewillhave

1 2 ... 90 91 92 93 94 95 96 97 98 99 100 ... 208 209

Pas de commentaire

Eicon Networks S92 Manuel d'utilisateur Page 95