Eicon Networks S92 Manuel d'utilisateur télécharger pdf (Page 87)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 87

ConfiguringtheOtherDevices

ConfiguringtheN orton1_IDSFirewall:

Refertot he“ProductsPreparation”section forinformationonNortonPersonalFirewall2002.

Refertot he“ProductsPreparation”section forinformationonWindows2000hardening.

Norton1_IDSsitsbetweentheinternal coreswitch andtheInternal_Clientssegment.

SecurityPolicy:

Thepoliciestobeenforcedhereare:

1. NoconnectiontowardsInternal_Clientscaneverbeinitiatedfromanyother

segment(exceptfromInternal_Admin).

2. OutboundaccessrequestsmadebyInternal_Clientsarenotrestrictedbythis

firewall,butbyotherfirewallsonthenetwork.

3. Whentheclientsaccesstheinternet,JavaandActiveXcodesareblocked.

4. Dropandlogeverythingelse.

TheconfigurationofNortonFirewall2002requiresemphasisontheconceptof

trustedzonesandsecurity levels.Thereisnosophisticatedmechanismfordefining

individualrules.Thegoodthingaboutthisapproachisthesimplicityofconfiguration

andadministration.Thedrawbackisthelackofflexibilityandprecisecontrol.

Therefore,thisfirewallisonlyusedatthedepartmentallevelforprotectingusers,not

services.

DefiningtheZones:

ToproperlyconfiguretheNortonFirewallatthislocation,thekeyistodefinethe

TrustedZonesandtheRestrictedZones. TrustedZonescanenjoyalmostallsortsof

access,andaretypicallytheinternalnetworksegments.RestrictedZones,ontheother

hand,aretheexternalnetworksthatarenottobetrusted.Connectionscannotbe

initiatedfromthesezonestopass through thefirewall.

1 2 ... 82 83 84 85 86 87 88 89 90 91 92 ... 208 209

Pas de commentaire

Eicon Networks S92 Manuel d'utilisateur Page 87