Firewall Configuration and Administration防火墙的配置与管理ppt课件.ppt

《Firewall Configuration and Administration防火墙的配置与管理ppt课件.ppt》由会员上传分享，免费在线阅读，更多相关内容在教育资源-天天文库。

1、FirewallConfigurationandAdministration1LearningObjectivesSetupfirewallrulesthatreflectanorganization’soverallsecurityapproachIdentifyandimplementdifferentfirewallconfigurationstrategiesUpdateafirewalltomeetnewneedsandthreatsAdheretoprovensecurityprinciplestohelpthefirewallprotectnetworkresources2Le

2、arningObjectives(continued)UsearemotemanagementinterfaceTrackfirewalllogfilesandfollowthebasicinitialstepsinrespondingtosecurityincidentsUnderstandthenatureofadvancedfirewallfunctions3EstablishingFirewallRulesandRestrictionsRulesgivefirewallsspecificcriteriaformakingdecisionsaboutwhethertoallowpacke

3、tsthroughordropthemAllfirewallshavearulesfile—themostimportantconfigurationfileonthefirewall4TheRoleoftheRulesFileEstablishestheorderthefirewallshouldfollowTellsthefirewallwhichpacketsshouldbeblockedandwhichshouldbeallowedRequirementsNeedforscalabilityImportanceofenablingproductivityofenduserswhilem

4、aintainingadequatesecurity5RestrictiveFirewallsBlockallaccessbydefault;permitonlyspecifictypesoftraffictopassthrough6RestrictiveFirewalls(continued)FollowtheconceptofleastprivilegeSpelloutservicesthatemployeescannotuseUseandmaintainpasswordsChooseanapproachOpenOptimisticCautiousStrictParanoid7Connec

5、tivity-BasedFirewallsHavefewerrules;primaryorientationistoletalltrafficpassthroughandthenblockspecifictypesoftraffic8FirewallConfigurationStrategiesCriteriaScalableTakecommunicationneedsofindividualemployeesintoaccountDealwithIPaddressneedsoftheorganization9ScalabilityProvideforthefirewall’sgrowthby

6、recommendingaperiodicreviewandupgradingsoftwareandhardwareasneeded10ProductivityThestrongerandmoreelaboratethefirewall,theslowerthedatatransmissionsImportantfeaturesoffirewall:processingandmemoryresourcesavailabletothebastionhost11DealingwithIPAddressIssuesIfservicenetworkneedstobeprivatelyrathertha

7、npubliclyaccessible,whichDNSwillitscomponentsystemsuse?Ifyoumixpublicandprivateaddresses,howwillWebserverandDNSserverscommunicate?LettheproxyserverdotheIPforwarding(it’sthesecuritydevice)12ApproachesT