Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
49 views3 pages

Block by Default: Firewall Rules Are Define That What Kind of Internet Traffic Is Allowed or

Uploaded by

Mahitha G
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
49 views3 pages

Block by Default: Firewall Rules Are Define That What Kind of Internet Traffic Is Allowed or

Uploaded by

Mahitha G
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 3

firewall is s a network security system that monitors and controls incoming and outgoing network

traffic based on predetermined security rules. A firewall typically establishes a barrier between a
trusted network and an untrusted network, such as the Interneting and outgoing network traffic
based on predetermined security rules.

Second definition firewall is a network security device that monitors incoming and outgoing
network traffic and decides whether to allow or blockspecific traffic based on a defined set of
security rules.

Firewall rules are define that what kind of Internet traffic is allowed or


blocked. ... A firewall rule can be applied to traffic from the Internet to your
computer (inbound), or from your computer to the Internet (outbound).
A rule can also be applied to both directions at the same time.

Best practices for firewall rules configuration

Block by default
Block all traffic by default and explicitly enable only specific traffic to known services. This
strategy provides good control over the traffic and reduces the possibility of a breach because
of service misconfiguration

Allow specific traffic


The rules that you use to define network access should be as specific as possible. This strategy
is the principle of least privilege, and it forces control over network traffic. Specify as many
parameters as possible in the rules.
A layer 4 firewall uses the following parameters for an access rule:

o Source IP address (or range of IP addresses)


o Destination IP address (or range of IP addresses)
o Destination port (or range of ports)
o Protocol of the traffic (TCP, ICMP, or UDP)
Specify as many parameters as possible in the rule used to define network access. There are
limited scenarios where  any  is used in any of these fields.
Specify source IP addresses
If the service should be accessible to everyone on the Internet, then any source IP address is
the correct option. In all other cases, you should specify the source address.
It’s acceptable to enable all source addresses to access your HTTP server. It’s not acceptable to
enable all source addresses to access your server management ports or database ports. The
following is a list of common server management ports and database ports:

Server management ports:

o Linux®SSH : Port 22
o Windows® RDP: Port 3389
Database ports:

o SQL® Server : Port 1433


o Oracle® : Port 1521
o MySQL® : Port 2206
Be specific about who can reach these ports. When it is impractical to define source IP
addresses for network management, you might consider another solution like a remote access
VPN as a compensating control to allow the access required and protect your network.

Specify the destination IP address


The destination IP address is the IP address of the server that runs the service to which you
want to enable access. Always specify which server or servers are accessible. Configuring a
destination value of  any  could lead to a security breach or server compromise of an unused
protocol that might be accessible by default. However, destination IPs with a destination value
of  any  can be used if there is only one IP assigned to the firewall. The value  any  can also be used
if you want both public and  servicenet  access to your configuration.
Specify the destination port
The destination port corresponds to the accessible service. This value of this field should never
be  any . The service that runs on the server and needs to be accessed is defined, and only this
port needs to be allowed. Allowing all ports affects the security of the server by allowing
dictionary attacks as well as exploits of any port and protocol that is configured on the server.
Avoid using too wide a range of ports. If dynamic ports are used, firewalls sometimes offer
inspection policies to securely allow them through.

You might also like