Security Portal: Firewalls - Common Configuration ProblemsSep 05, 2000, 19:43 (0 Talkback[s])
(Other stories by Kurt Seifried)
"There are many common configuration problems with firewalls, ranging in severity and scope. By far the most common problems relate to what should be blocked or allowed. This is often problematic because needs change; you may need to allow video-streaming, for example, and unless done properly, the addition of new firewall rules can seriously undermine the security provided by a firewall."
"Before any changes are made to a firewall, you should sit down with whoever is responsible and ensure that the changes will not have unintended side effects. I find that the best way to do this is to print out the rules and make sure the new rules fit logically into the existing structure. For example, my rules typically start with rules to block private and non-routed networks (like 10.*, 127.*, and so on), followed by ICMP-related rules. Then I have rules that allow traffic in (SSH, email, WWW and so on); then, depending on the security required, I block the first 1024 ports (which are usually the most interesting ones), or I have a default deny policy."