Firewall Policy

Firewall Policy

am 31.03.2008 14:41:40 von mhyasseen

Hi
I am an undergraduate student. I have a project related to the
firewall policy. Although I have got some material, I required some
more reference regarding the following topics. Any help would be
appreciated.
(1) What will be size of the firewall policy for an enterprise
network.
(2) What rules in general contain in the rule set i.e., accept. or
deny
(3) What are rules which are at the top of the rule set and which one
are the end of the rule set,
(4) and why the rules at the bottom of the ruleset have the lowest
priority than the rules at the top of the ruleset.

Yaseen

Re: Firewall Policy

am 31.03.2008 17:02:45 von Ansgar -59cobalt- Wiechers

mhyasseen@gmail.com wrote:
> I am an undergraduate student. I have a project related to the
> firewall policy. Although I have got some material, I required some
> more reference regarding the following topics. Any help would be
> appreciated.
> (1) What will be size of the firewall policy for an enterprise
> network.

This question doesn't make any sense. What do you mean by "size of the
firewall policy"?

> (2) What rules in general contain in the rule set i.e., accept. or
> deny

Both.

> (3) What are rules which are at the top of the rule set and which one
> are the end of the rule set,

That entirely depends on your particular requirements. Firewalls don't
come as "one size fits all" solutions.

> (4) and why the rules at the bottom of the ruleset have the lowest
> priority than the rules at the top of the ruleset.

Because the rules on top match first (normally, that is).

Read a good book on firewalls (e.g. [1]), and make sure you have at
least a basic understanding of networking before you do.

[1] http://www.oreilly.com/catalog/fire2/

cu
59cobalt
--
"If a software developer ever believes a rootkit is a necessary part of
their architecture they should go back and re-architect their solution."
--Mark Russinovich

Re: Firewall Policy

am 31.03.2008 20:45:51 von unknown

Post removed (X-No-Archive: yes)

Re: Firewall Policy

am 01.04.2008 06:37:13 von comphelp

mhyasseen@gmail.com writes:

> Hi
> I am an undergraduate student. I have a project related to the
> firewall policy. Although I have got some material, I required some
> more reference regarding the following topics. Any help would be
> appreciated.
> (1) What will be size of the firewall policy for an enterprise
> network.

The hard part of the answer will be answering this in a way that
doesn't suggest too strongly that your teacher is an idiot for asking
such an inane question.

It varies quite a bit. Not all firewalls deal with rules the same
way. Enterprises vary greatly in their fw complexity dependent upon
whether they're hosting their own internet services how many locations
they have, whether they're dealing with partner extranets, and sch.

> (2) What rules in general contain in the rule set i.e., accept. or
> deny

Fall through of deny any any is a best practice as a default. Aside
from that if there's a web server accepting traffic to tcp/80 and
tcp/443 on it is pretty common. Other than that, it varies by the
companies vpn solution if any, if they're exchaning data with
partners, if they have an ftp server, etc etc

> (3) What are rules which are at the top of the rule set and which one
> are the end of the rule set,
>
> (4) and why the rules at the bottom of the ruleset have the lowest
> priority than the rules at the top of the ruleset.

See 1.

--
Todd H.
http://www.toddh.net/

Re: Firewall Policy

am 01.04.2008 09:45:40 von JC

Juergen Nieveler a écrit :
> Ansgar -59cobalt- Wiechers wrote:
>
>
>>.....
>
>
> Although usually, the lowest rule of the ruleset

will be

Best HAVE TO BE
"Reject all".
>
> Juergen Nieveler