January 17, 2012

1.2.2 Firewall Rules

You create firewall rules to allow a computer to send traffic to, or receive traffic from, programs, system services, computers, or users. Firewall rules act like ACLs and are used to dictate what traffic can pass between the firewall and the internal network. Firewall rules can be created to take one of three actions for all connections that match the rule's criteria:

  • Block the connection.
  • Allow the connection.
  • Allow the connection only if it is secured.

The rules can be applied to inbound traffic or outbound traffic and any type of network (LAN, wireless, BPN, remote access). The rule can be configured to specify the computers or users, program, service, or port and protocol. You can also configure the rule to be applied when any profile is being used or only when a specified profile is being used.

The rules of a firewall follow the first-match-apply rule system. The final rule in a firewall set should be a default deny. In this way, anything that is not specifically allowed or that was not explicitly denied by an earlier rule is always blocked by default.

On a regular basis, you should audit the firewall rules and verify that you are obtaining the results you wish and make any modifications needed.

Depending on the type of firewall, separate inbound and outbound rules must be created, unless the firewall supports stateful inspection.

References:

  • http://technet.microsoft.com/en-us/library/dd421709(WS.10).aspx
  • CompTIA Security+ Review Guide: Exam SY0-301, Second Edition by James M. Stewart
  • CompTIA Security+ Study Guide: Exam SY0-301, Fifth Edition by Emmett Dulaney

No comments:

Post a Comment