
This is the Title of the Book, eMatter Edition
Copyright © 2007 O’Reilly & Associates, Inc. All rights reserved.
38
|
Chapter 2: Designing Perimeter Networks
Ultimately, the firewall you select should reflect the needs of your perimeter net-
work design. These needs are almost always predicated on the assets, threats, and
risks you’ve previously identified, but are also subject to the political, financial, and
technical limitations of your environment.
General Firewall Configuration Guidelines
Precisely how you configure your firewall will naturally depend on what type you’ve
chosen and on your specific environment. However, some general principles should
be observed.
Harden your firewall’s OS
First, before installing firewall software, you should harden the firewall’s underlying
operating environment to at least as high a degree as you would harden, for exam-
ple, a web server. Unnecessary software should be removed; unnecessary startup
scripts should be disabled; important daemons should be run without root privileges
and chrooted if possible; and all OS and application software should be kept patched
and current. As soon as possible after OS installation (and before the system is con-
nected to the Internet), an integrity checker such as tripwire or AIDE should be
installed and initialized.
In addition, you’ll need to decide who receives administrative access to the firewall,
with particular attention ...