Internet Security

Skip to Main Content »

Have a Question? Call Us!
Toll Free: 877.449.5102

Welcome to NTSecurity.com

You're currently on:

  • Home
  • /
  • Learn
  • /
  • Installing_configuring_firewall

Important Points to Consider Before Installing and Configuring a Firewall

16/11/2012 Firewalls play an important role when it comes to security of data from external threats and prevention from intrusions. Almost every small, medium and large scale organization installs one or more firewalls to filter incoming and outgoing packets on the basis of defined rule-sets in order to protect sensitive data from theft and misuse

Importance of Firewalls in Networks

Firewalls play an important role when it comes to security of data from external threats and prevention from intrusions. Almost every small, medium and large scale organization installs one or more firewalls to filter incoming and outgoing packets on the basis of defined rule-sets in order to protect sensitive data from theft and misuse. In organizations where data security is a major concern, administrators take utmost care while planning the security of the network and data. Moreover, after implementing appropriate security measures, administrators also keep a close eye on the entire network communication and the data transactions. They use several monitoring tools to do so.

Efficiency of network security primarily depends on the way it has been designed by the administrators. Since firewalls play major role in the securing a network environment, there are few things that security administrators must always consider before installing and configuring firewalls in the network setups.

Important points that must be considered while implementing firewalls in a network setup are:

  • Technical Qualifications and Experience of Security Administrators – Before hiring any security administrator to manage and maintain the organization’s network security, the organization must closely check their technical qualifications and the relevant experience. Organizations must always hire technically qualified and highly experienced security administrators so that security design and its implementation can be made foolproof. Hiring inexperienced or unqualified security administrators may result in weak network security, hence giving enough surfaces to the intruders and hackers to enter into the network and steal and/or damage its sensitive data.
  • IP Addressing Scheme – Before installing and configuring firewalls, security administrators must always make sure that the private IP addressing scheme has been chosen correctly and it is appropriately configured. In organizations where there are several computers in a network, and a DHCP server is installed to assign dynamic IP addresses to the hosts, security administrators must verify that the DHCP server has been correctly installed and configured. Administrators must also check if the DHCP address pool has sufficient amount of IP addresses available to assign to the host computers and appropriate lease duration for the dynamic IP addresses has been configured as per the requirements. Since firewalls can be configured granularly to forward the packets to and from individual IP addresses, incorrect assignment of IP addresses or their absence may prevent firewalls to perform efficiently.
  • Type of Public IP Addresses – Before installing and configuring firewalls, security administrators must verify the type of public addresses the organization has. Most medium or large scale organizations have static public IP addresses that they have purchased from their ISPs. Such organizations mostly have multiple branches scattered around the globe and communicate with each other through VPN connections. Verifying the type of public IP addresses allow administrators to configure the firewalls more accurately and with precise rule-sets. With the help of static public IP addresses, administrators can allow or deny incoming or outgoing packets on the basis of registered IP addresses.
  • Number of Registered IP Addresses – Security administrators must also check the number of registered IP addresses the organization has, or is planning to have. Knowing the exact number of purchased registered public IP addresses help administrators configure the firewall rule-sets more granularly and efficiently on per address basis.
  • Open and Block Ports – Considering the type of data and its importance, administrators must give a thorough thought while deciding which ports must be blocked, and the ones that should be left open in order to allow smooth and secure communication between internal and external networks. For example, if an organization has its own mailing server that requires SMTP for communication, administrators must open TCP 25 port to allow communication with the mail server. Likewise, if the organization does not require Telnet connections to be made to any of the computers in the network, security administrators must block TCP 23 and TCP 22 port numbers to disable Telnet and Secure Shell (SSH) connections respectively.
  • Documentation – Before implementing planned security design in a network, security administrators must always verify if the proper documentation of the existing network infrastructure has been prepared and is available. Appropriate documentation of the network setup helps security administrators assess the infrastructure and plan and configure firewalls more accurately and without flaws. Administrators must also check with the concerned staff to ensure that there is someone available to prepare documentation after the firewall has been successfully installed and configured. Preparing documentation for security implementation in the network makes it easier for all security administrators to understand the security design, and take appropriate decisions if modifications are required in future.
  • Provisions for Data Recovery – Security administrators must also verify the efficiency of data recovery provisions that an organization has. Since hackers and intruders are not always expected to steal sensitive information, but they can also delete important data or can damage it permanently, organizations must have appropriate backup provisions to restore important information in case of data loss. After configuring the firewalls, security administrators must also back up the firewall settings, which can be restored in case the firewalls have been tampered with or have been misconfigured due to any reason. However, security administrators must reconfigure the firewall if its security has been compromised.
  • Type of Firewall – After assessing the entire network, i.e. IP addressing scheme, required open ports, backup and restoration provisions, etc., security administrators must assess the type of firewall that should be used to prevent intrusions and data theft. In order to do so, security administrators must calculate the total cost of data that the organization has, and must compare it with the cost of the security solution they plan to implement. If the cost of the data is quite high, implementing hardware firewall solution would be an appropriate approach. In some network setups, administrators may use both hardware and software firewalls in order to add additional layer of security to the data.
  • Parameter Network (DMZ) – According to the level of security that an organization may require in order to prevent data, security administrators may also create parameter network or a DMZ. Since a parameter network filters incoming packets by verifying their information against the rule-sets defined in internal and external (Internet facing) firewalls, it makes harder for the intruders and hackers to reach sensitive information that easily. As per the security requirements, administrators can implement three-legged or dual firewall-DMZs. In either case, firewalls may be dedicated hardware devices, software applications installed on computers to work as dedicated firewalls, or both.
  • Implementation – Once security administrators have successfully assessed all the above requirements, they can approach for the final implementation of the firewalls. While installing and configuring firewalls, security administrators must ensure that the concerned person who is responsible for documentation is always available and keeps a close look during the entire installation and configuration process in order to prepare accurate documentation and diagram of secured network setup.
 4.70 out of 5 based on 9 reviews

Important Points to Consider Before Installing and Configuring a Firewall

16/11/2012

Importance of Firewalls in Networks

Firewalls play an important role when it comes to security of data from external threats and prevention from intrusions. Almost every small, medium and large scale organization installs one or more firewalls to filter incoming and outgoing packets on the basis of defined rule-sets in order to protect sensitive data from theft and misuse. In organizations where data security is a major concern, administrators take utmost care while planning the security of the network and data. Moreover, after implementing appropriate security measures, administrators also keep a close eye on the entire network communication and the data transactions. They use several monitoring tools to do so.

Efficiency of network security primarily depends on the way it has been designed by the administrators. Since firewalls play major role in the securing a network environment, there are few things that security administrators must always consider before installing and configuring firewalls in the network setups.

Important points that must be considered while implementing firewalls in a network setup are:

  • Technical Qualifications and Experience of Security Administrators – Before hiring any security administrator to manage and maintain the organization’s network security, the organization must closely check their technical qualifications and the relevant experience. Organizations must always hire technically qualified and highly experienced security administrators so that security design and its implementation can be made foolproof. Hiring inexperienced or unqualified security administrators may result in weak network security, hence giving enough surfaces to the intruders and hackers to enter into the network and steal and/or damage its sensitive data.
  • IP Addressing Scheme – Before installing and configuring firewalls, security administrators must always make sure that the private IP addressing scheme has been chosen correctly and it is appropriately configured. In organizations where there are several computers in a network, and a DHCP server is installed to assign dynamic IP addresses to the hosts, security administrators must verify that the DHCP server has been correctly installed and configured. Administrators must also check if the DHCP address pool has sufficient amount of IP addresses available to assign to the host computers and appropriate lease duration for the dynamic IP addresses has been configured as per the requirements. Since firewalls can be configured granularly to forward the packets to and from individual IP addresses, incorrect assignment of IP addresses or their absence may prevent firewalls to perform efficiently.
  • Type of Public IP Addresses – Before installing and configuring firewalls, security administrators must verify the type of public addresses the organization has. Most medium or large scale organizations have static public IP addresses that they have purchased from their ISPs. Such organizations mostly have multiple branches scattered around the globe and communicate with each other through VPN connections. Verifying the type of public IP addresses allow administrators to configure the firewalls more accurately and with precise rule-sets. With the help of static public IP addresses, administrators can allow or deny incoming or outgoing packets on the basis of registered IP addresses.
  • Number of Registered IP Addresses – Security administrators must also check the number of registered IP addresses the organization has, or is planning to have. Knowing the exact number of purchased registered public IP addresses help administrators configure the firewall rule-sets more granularly and efficiently on per address basis.
  • Open and Block Ports – Considering the type of data and its importance, administrators must give a thorough thought while deciding which ports must be blocked, and the ones that should be left open in order to allow smooth and secure communication between internal and external networks. For example, if an organization has its own mailing server that requires SMTP for communication, administrators must open TCP 25 port to allow communication with the mail server. Likewise, if the organization does not require Telnet connections to be made to any of the computers in the network, security administrators must block TCP 23 and TCP 22 port numbers to disable Telnet and Secure Shell (SSH) connections respectively.
  • Documentation – Before implementing planned security design in a network, security administrators must always verify if the proper documentation of the existing network infrastructure has been prepared and is available. Appropriate documentation of the network setup helps security administrators assess the infrastructure and plan and configure firewalls more accurately and without flaws. Administrators must also check with the concerned staff to ensure that there is someone available to prepare documentation after the firewall has been successfully installed and configured. Preparing documentation for security implementation in the network makes it easier for all security administrators to understand the security design, and take appropriate decisions if modifications are required in future.
  • Provisions for Data Recovery – Security administrators must also verify the efficiency of data recovery provisions that an organization has. Since hackers and intruders are not always expected to steal sensitive information, but they can also delete important data or can damage it permanently, organizations must have appropriate backup provisions to restore important information in case of data loss. After configuring the firewalls, security administrators must also back up the firewall settings, which can be restored in case the firewalls have been tampered with or have been misconfigured due to any reason. However, security administrators must reconfigure the firewall if its security has been compromised.
  • Type of Firewall – After assessing the entire network, i.e. IP addressing scheme, required open ports, backup and restoration provisions, etc., security administrators must assess the type of firewall that should be used to prevent intrusions and data theft. In order to do so, security administrators must calculate the total cost of data that the organization has, and must compare it with the cost of the security solution they plan to implement. If the cost of the data is quite high, implementing hardware firewall solution would be an appropriate approach. In some network setups, administrators may use both hardware and software firewalls in order to add additional layer of security to the data.
  • Parameter Network (DMZ) – According to the level of security that an organization may require in order to prevent data, security administrators may also create parameter network or a DMZ. Since a parameter network filters incoming packets by verifying their information against the rule-sets defined in internal and external (Internet facing) firewalls, it makes harder for the intruders and hackers to reach sensitive information that easily. As per the security requirements, administrators can implement three-legged or dual firewall-DMZs. In either case, firewalls may be dedicated hardware devices, software applications installed on computers to work as dedicated firewalls, or both.
  • Implementation – Once security administrators have successfully assessed all the above requirements, they can approach for the final implementation of the firewalls. While installing and configuring firewalls, security administrators must ensure that the concerned person who is responsible for documentation is always available and keeps a close look during the entire installation and configuration process in order to prepare accurate documentation and diagram of secured network setup.
Rating :
4.70 out of 5