Routine inspection of hardware firewalls

Hardware firewall is an important barrier to protect the internal network security. Its security and stability, directly related to the security of the entire internal network. Therefore, routine checks are important to ensure the security of a hardware firewall.

There are many hidden troubles and faults in the system before the outbreak of such or such a sign, the task of routine inspection is to find these security risks, and as far as possible the problem positioning, to facilitate the resolution of the problem.

In general, the routine inspection of a hardware firewall is primarily for the following:

1. Configuration files for hardware firewalls

No matter how comprehensive and rigorous you consider when installing a hardware firewall, the situation is changing at any time once the hardware firewall is put into the actual use environment. The rules of the hardware firewall always change and adjust, and the configuration parameters will change frequently. As a network security manager, it is best to write a set of security policies to modify the firewall configuration and rules, and strictly implement them. The hardware firewall configuration involved, it is best to detail the details of which traffic is allowed and which services use the agent.

In the security policy, specify the steps to modify the hardware firewall configuration, such as which authorizations need to be modified, who can make such changes, when to make changes, how to record these changes, and so on. The security policy should also specify the division of responsibilities, such as a person's specific modification, another person responsible for the record, and a third person to check and test the correct settings after the modification. Detailed security policies should ensure that hardware firewall configuration changes are programmed and can avoid errors and security vulnerabilities caused by modification of configuration.

2. Disk usage of hardware firewalls

If logging is maintained on a hardware firewall, it is important to check the disk usage of the hardware firewall. If logging is not preserved, it becomes even more important to check the disk usage of the hardware firewall. In the case of journaling, the unusual increase in disk consumption is likely to indicate a problem with the log cleanup process, which is relatively fine. In the event that the log is not preserved, if the disk footprint grows abnormally, the hardware firewall may have been installed Rootkit tool, has been breached.

Therefore, the network security Manager first needs to understand under the normal situation, the firewall disk occupies the situation, based on this, sets a check baseline. Once the disk footprint of a hardware firewall exceeds this baseline, it means that the system is experiencing security or other problems that require further examination.

3. CPU load of hardware firewall

Similar to disk usage, CPU load is an important indicator of whether the hardware firewall system is functioning properly. As a security manager, you must understand the hardware firewall system CPU load is the normal value, the low load does not necessarily mean that all normal, but the high load value indicates that the firewall system must have problems. Excessive CPU load is most likely the result of a Dos attack or disconnect from the external network connection of a hardware firewall.