Selecting Services For Your Security Policy Objectives; Incoming Service Guidelines - Watchguard Firebox X1000 User Manual
Vpn gateway
Hide thumbs
Also See for Firebox X1000:
- Reference manual (264 pages) ,
- Quick start manual (38 pages) ,
- Hardware manual (30 pages)
Table of Contents
Advertisement
Chapter 8: Configuring Filtered Services
https://support.watchguard.com/advancedfaqs/svc_main.asp
Selecting Services for your Security Policy
Objectives
The WatchGuard Firebox System, like most commercial
firewalls, discards all packets that are not explicitly
allowed, often stated as "that which is not explicitly
allowed is denied."
This stance protects against attacks based on new, unfamil-
iar, or obscure IP services. It also provides a safety net
regarding unknown services and configuration errors
which could otherwise threaten network security. This also
means that for the Firebox to pass any traffic, it must be
configured to do so. You must actively select the services
and protocols allowable, configure each one as to which
hosts can send and receive them, and set other properties
individual to the service.
Every service brings tradeoffs between network security
and accessibility. When selecting services, balance the
needs of your organization with the requirement that com-
puter assets be protected from attack.
Incoming service guidelines
Enabling incoming services creates a conduit into your net-
work. The following are some guidelines for assessing
security risks as you add incoming services to a Firebox
configuration:
•
A network is only as secure as the least secure service
allowed into it.
•
Services you do not understand should not be trusted.
•
Services with no built-in authentication and those not
designed for use on the Internet are risky.
114
WatchGuard Firebox System
Hide quick links:
Advertisement
Table of Contents
