Scribd
Upload
132 views

Firewall Policy Example 1. Access Control

The firewall policy document outlines rules for access control, assurance, logging, availability, and required functionality. It specifies that internet access from the corporate network must use proxies in firewalls, and only certain departments can access services like WWW and FTP without authorization. The firewall and proxy machines require special protection and monitoring. Detailed logs must be kept for auditing and archived for a year. High availability is needed to ensure the firewall can fulfill requirements like backups and incident response. The policy defines allowed incoming and outgoing services for email, DNS, news, and secure logins.

Uploaded by

aveego
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
132 views

Firewall Policy Example 1. Access Control

The firewall policy document outlines rules for access control, assurance, logging, availability, and required functionality. It specifies that internet access from the corporate network must use proxies in firewalls, and only certain departments can access services like WWW and FTP without authorization. The firewall and proxy machines require special protection and monitoring. Detailed logs must be kept for auditing and archived for a year. High availability is needed to ensure the firewall can fulfill requirements like backups and incident response. The policy defines allowed incoming and outgoing services for email, DNS, news, and secure logins.

Uploaded by

aveego
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 2

Firewall Policy Example

1. Access control
(a) All internet access from the corporate network must occur over proxies situated in
firewalls.
(b) Services are forbidden unless explicitly allowed.
(c) All users are allowed to exchange email with other Internet users.
(d) Only the R & D departments users are allowed to use WWW, ftp and real audio. Other
users require authorisation.

2. Assurance
(a) Firewall and proxy machines are to be installed as sensitive hosts. All unnecessary
services should be stopped in the operating system. Users should not be able to logon
directly to these machines.
(b) The firewall policy and configuration must be accurately documented.
(c) The firewall machines are regularly monitored and audited.
(d) Users and firewall administrators should be aware of the responsibilities and be educated
so that they can assume these responsibilities.

3. Logging
(a) Detailed logs must be kept, if possible on a separate server.
(b) Logs should be automatically analysed when critical errors are found.
(c) Logs should be archived for at least one year.
(d) Non-trivial log entities should be examined daily.
(e) Statistics on firewall usage should be readily available.

4. Availability
(a) The firewall should offer high availability and fulfil its requirements e.g. UPS, back-up,
restores
(b) Processes should exist for change management and incident response.

5. Required functionality
(a) Outgoing services: services required from specific internal hosts (e.g. via proxies) to the
Internet.
(i) email, WWW (http), ftp, telnet, ssh
(ii) DNS
(iii) news (NNTP)
(iv) real audio

(b) Incoming services: services allowed in by proxy hosts on a specially protected subnet.
(i) all users should be able to receive email via secured gateways.
(ii) all users should be able to receive news from another subnet.
(iii) secure logins for a small list of people via SecurID and SSH

(c) Services provided to the Internet (by secured servers in a protected zone)
(i) DNS resolution of firewall/gateway machines
(ii) WWW server
(iii) Anonymous ftp server
(iv) Use ftp server for special projects/collaboration with other companies.

You might also like