7.3 Firewall

Description

Firewalls are used to control communication between two networks. Usually a firewall protects a network against attacks originating from networks requiring a lower degree of protection, e.g. when a sub-network requiring protection is connected to an institution-wide network or when a company network is connected to the Internet.

In this chapter, a firewall is a combination of hardware and software which acts as the sole junction between two separate TCP/IP networks, one of which requires a higher degree of protection. As a firewall of this kind is often used to protect the internal network from attacks through the Internet, it is also called an Internet firewall.

In this chapter, only the threats and safeguards specific to a firewall are described. Furthermore, the threats and safeguards specific to the IT system with which the fire wall is implemented are also to be considered. It is assumed that a firewall is implemented on a Unix system, i.e. the threats and safeguards described in Chapter 6.2 should be observed in addition to those contained below.

Threat Scenario

The following typical threats are assumed for a firewall as part of IT baseline protection:

Organisational Shortcomings:

• T 2.24 Loss of confidentiality of sensitive data of the network to be protected

Human Failure:

• T 3.3 Non-compliance with IT security measures
• T 3.9 Improper IT system administration
• T 3.38 Errors in configuration and operation

Technical Failure:

• T 4.8 Discovery of software vulnerabilities
• T 4.10 Complexity of access possibilities to networked IT systems
• T 4.11 Lack of authentication possibilities between NIS Server and NIS Client
• T 4.12 Lack of authentication possibilities between X Server and X Client
• T 4.20 Data loss due to exhausting storage medium
• T 4.22 Vulnerabilities or errors in standard software
• T 4.39 Software conception errors

Deliberate Acts:

• T 5.2 Manipulation of data or software
• T 5.9 Unauthorised use of IT systems
• T 5.18 Systematic trying-out of passwords
• T 5.24 Replay of messages
• T 5.25 Masquerade
• T 5.28 Denial of services
• T 5.39 Infiltrating computer systems via communication cards
• T 5.48 IP-Spoofing
• T 5.49 Abuse of Source Routing
• T 5.50 Abuse of the ICMP Protocol
• T 5.51 Abuse of Routing Protocols
• T 5.78 DNS-Spoofing

Recommended Countermeasures (S)

For the implementation of IT baseline protection, selection of the required packages of safeguards ("modules") as described in chapters 2.3 and 2.4, is recommended.

A firewall protects the internal network against attacks from outside. In order to protect the internal network against attacks from inside, all necessary safeguards should also be taken even when a firewall is in place. If the internal network is a Unix or a PC network, for example, the safeguards described in Chapter 6.1 and Chapter 6.2 should also be implemented.

The firewall should be sited in a separate server room. The appropriate measures are described in Chapter 4.3.2. If no server room is available, the firewall can alternatively be set up in a server cabinet (see chapter 4.4 Protective Cabinets).

In order to successfully set up a firewall, a series of measures should be taken, including the conception, purchase and operation of a firewall. The steps and measures involved are described below:

1. Concept of the network coupling using a firewall: (c.f. S 2.70 Developing a Firewall Concept)

• Determining the security objectives
• Adapting the network structure
• Basic requirements

2. Security policy of the firewall: (c.f. S 2.71 Determining a Security Policy for a Firewall)

• Selecting the communications requirements
• Selection of Services (Prior to the selection of services, the chapter S 5.39 Safe use of protocols and services should be consulted)
• Organisational regulations

3. Procuring the firewall:

• Selecting the type of firewall (c.f. S 2.72 Demands on a Firewall and S 2.73 Selecting a Suitable Firewall)
• Procurement criteria (c.f. S 2.74 Selection of a Suitable Packet Filter and S 2.75 Selection of a Suitable Application Gateway).

4. Implementation of the firewall:

• Establishing and implementation of filter rules (c.f. S 2.76 Selection and Implementation of Suitable Filter Rules)
• Implementation of the IT baseline protection safeguards for firewall computers (see Chapter 6.2)
• Check implementation of the IT baseline protection safeguards for the IT systems of the internal network (c.f. Chapter 6.1 6.2 and 6.3, for example)
• Observe the conditions for the correct use of the various protocols and services (c.f. S 5.39 Safe use of protocols and services)
• Inclusion of other components (see S 2.77 Correct Configuration of Other Components)

5. Operating the firewall: (see S 2.78 Correct Operation of a Firewall)

• Regular checks
• Adaptation to changes and tests
• Logging of firewall activities (c.f. S 4.47 Logging of firewall activities)
• Contingency planning for the firewall (see also Chapter 3.3)
• Data backup (see also Chapter 3.4 Data Backup Policy)

6. Operation of clients connected to the firewall:

• Alongside the safeguards described in chapter 5 additional safeguards outlined in S 5.45 Security of WWW-browsers should be observed

There can be various reasons for deciding against the installation of a firewall. For example, not only the purchase costs or the high administration expenditure, but also the fact that the existing remaining risks cannot be accepted. If an Internet connection is nonetheless desired, a stand-alone system can alternatively be installed (see S 5.46 Installing stand-alone systems for Internet usage).

The safeguards package for "Firewall" is presented in the following.

Organisation:

• S 2.70 (1) Developing a firewall concept
• S 2.71 (1) Establishing a security policy for a firewall
• S 2.72 (1) Requirements on a firewall
• S 2.73 (1) Selecting a suitable firewall
• S 2.74 (1) Selection of a suitable packet filter (in case of procurement)
• S 2.75 (1) Selection of a suitable application gateway (in case of procurement)
• S 2.76 (1) Selection and implementation of suitable filter rules
• S 2.77 (1) Secure configuration of other components
• S 2.78 (1) Secure operation of a Firewall

Hardware / Software:

• S 4.47 (1) Logging of firewall activities
• S 4.93 (1) Regular integrity checking
• S 4.100 (1) Firewalls and active content
• S 4.101 (1) Firewalls and encryption

Communications:

• S 5.39 (1) Secure use of protocols and services
• S 5.59 (1) Protection against DNS spoofing
• S 5.45 (2) Security of WWW browsers
• S 5.46 (1) Installing stand-alone-systems for Internet use
• S 5.70 (1) Network Address Translation (NAT)
• S 5.71 (1) Intrusion Detection and intrusion response systems

© Copyright by Bundesamt für Sicherheit in der Informationstechnik 2000

Last Update on 6 April 2000