Reasonable configuration Firewall _ Web surfing

Today, we are in the information age, but also can be said to be the virus and hackers in the era, it is indeed a bit pessimistic but today's network indeed, from the Internet to the intranet, from the PC to the Internet mobile phone platform, no place is safe. Every time the network virus attack, will let the home user, the Enterprise user, 800 hotline even is the operator Tourian. But after another viral crisis, people have begun to think about the safety of the network. Now any enterprise to build a network will take into account the purchase of firewalls, and more and more home users on their own computers and even the broadband access to the firewall, I believe that in the near future, we can see the phone will also appear on the firewall.

But firewalls are not a barrier to psychological comfort, and only firewalls can really keep the threat out of the door. For many small and medium-sized enterprises, the configuration of firewalls often does not reflect the business needs of the enterprise. If the protection of the firewall implementation settings are not combined with the needs of the enterprise in a serious and fully defined, the security filtering rules added to the firewall may allow unsafe services and communication through, thereby causing the enterprise network unnecessary danger and trouble. Firewall can be compared to do a filter network of data, if the prior formulation of a reasonable filtering rules, it will intercept the irregular data packets, thus playing a role in filtering. On the contrary, if the rules are not correct, it will backfire.

　　 What functions should the SME firewall have:

How to implement the firewall configuration rationally? First, let's take a look at what the small-business firewalls typically should have:

1. Dynamic packet filtering technology, dynamic maintenance of all communication through the firewall status (connection), based on the connection of filtering;

2. It can be used as the location of deployment NAT (Network address translation), and use NAT technology to correspond the limited IP address dynamically or statically with the internal IP address, to alleviate the problem of address space shortage;

3. You can set a policy for data access between trusting domains and untrusted domains;

4. You can define a rule plan so that the system can automatically enable and close the policy at some point;

5. With detailed log function, provide the firewall conforms to the rule message information, the system Management information, the system fault information record, and supports the log server and the log export;

6. With IPSec VPN function, it can realize remote access secure across the Internet;

7. With the mail notification function, you can notify the network administrator by sending a message to the system;

8. A TCP half connection, UDP message and ICMP message are discarded with the attack protection function on the irregular IP, TCP datagram or exceeding the experience threshold;

9. Java, ActiveX, cookies, url keywords, and proxy filters in the web.

The above is the small and medium-sized enterprise firewall should have some protection characteristics, of course, with the technology development of small and medium-sized firewall functions will become more and more rich; but there is a multi-function firewall without reasonable configuration and management, then this is just an IT device.

　　 How to implement a firewall configuration

How do I implement a firewall configuration? We discuss the following aspects:

　　 Rule Enforcement

The implementation of the rules is seemingly simple and requires detailed information statistics before it can be implemented. In the process we need to understand the company's internal and external applications as well as the corresponding source address, destination address, TCP or UDP port, and according to the different application of the frequency of execution rate in the rules table to sort the location, before the implementation of the configuration. The reason is that the firewall for rule lookup is sequential execution, if the common rules in the first place can improve the efficiency of the firewall. In addition, virus warnings should be received from the virus Monitoring Department in a timely manner, and the policy of the firewall should be updated as a necessary tool for policy formulation.

　　 Rule enablement Schedule

Usually some strategies need to be enabled and closed at special times, such as 3:00. And for the network administrator may be sleeping at this time, in order to ensure the normal operation of the policy, you can use the rules to enable the plan to set the time to enable the rule. In addition, in some enterprises in order to avoid the peak of Internet and attack peak, often put some applications in the evening or early morning to implement, such as remote database synchronization, remote information collection, etc., encountered these requirements network administrators can make detailed rules and enable the program to automatically maintain the security system.

　　 Log Monitoring

Log monitoring is a very effective means of security management, often many administrators think that as long as the log information can be collected, such as all alarms or all with the policy matching or mismatched traffic, etc., such practices appear to be very perfect log information, But you can think about the daily access to the firewall data packets are millions or more, how do you in these dense entries to analyze the information you need? Although some software can analyze logs to obtain graphics or statistical data, but these software often need to go two times to develop or develop, and expensive. So only the most critical log is the one that really works.

Generally speaking, the system alarm information is necessary to record, but for traffic information should have a choice. Sometimes to check a problem we can create a new strategy that matches the problem and observe it. For example: The intranet found worm virus, the virus may be targeted at a host system UDP port attack, network administrator although the virus has been cleared, but in order to monitor whether there are other host infected, we can add a strategy for the port and log to detect the flow within the network.

In addition, a corporate firewall can respond to messages that exceed experience thresholds, such as discard, alarm, log and other actions, but all alarms or logs need to be carefully analyzed, the system alarm support based on empirical value to determine, such as for workstations and servers generated by the number of sessions is completely different, So it is sometimes found that the system tells a mail server to send an attack on a port, and most likely it is the server that is repeatedly sending back messages that are not responding.

　　 Equipment Management

For enterprise firewalls, device management can usually be accessed through the Remote Web management interface and by pinging the Internet extranet, but this approach is less secure because it is possible that the built-in Web server for the firewall will be the object of the attack. Therefore, it is suggested that remote network management should be managed by IPSec VPN to manage the internal port network.