« Learning Simple NAT | Main | Macbook Pro USB to Serial GUC232A »
April 29, 2006
Guidelines on Firewalls and Firewall Policy
I just finished reading through the National Institute of Standards and Technology (NIST)'s Guidelines on Firewalls and Firewall Policy. It's actually very well written with casual-enough language to hold your attention. I thought I'd sum up some of the key points for blocking traffic in a good firewall design. The following traffic types should always be blocked:
- Inbound traffic from a non-authenticated source system with a destination address of the firewall itself
- Inbound traffic with a source address indicating that the packet originated on a network behind the firewall
- Inbound traffic containing ICMP
- Inbound or outbound traffic from a system using a source address that falls within the private address ranges show n in RFC 1918
- Inbound traffic from a non-authenticated source system containing SNMP
- Inbound traffic containing IP Source Routing information
- Inbound or outbound traffic containing a source or destination address of 127.0.0.1
- Inbound or outbound traffic containing a source or destination address of 0.0.0.0
- Inbound or outbound traffic containing a directed broadcast address
Like I said, really good reading. The whole article can be found at this link:
http://csrc.nist.gov/publications/nistpubs/800-41/sp800-41.pdf
Posted by JC at April 29, 2006 2:00 PM
Trackback Pings
TrackBack URL for this entry:
http://www.cioara.org/cgi-bin/mt-tb.cgi/61
Comments
Jeremy
When are you coming up with CBT nuggets for iptt, I am looking forwar for it.
-Sikandar
Posted by: Sikandar at May 4, 2006 9:16 AM
One comment on this is that people should not block "Inbound traffic containing ICMP" indiscriminately. This is frequent cause of problems because PMTUD fails, often causing problems when traffic traverses a VPN. (note - there are hacks to work around it but it’s better to look at specifically what you are blocking than to just say ICMP)
Posted by: DaveC at May 7, 2006 9:57 AM