Chapter 7 - 03 - Understand Different Types of Firewalls and their Role - 07_ocred_fax_ocred.pdf

Full Transcript

Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Firewall Implementation and Deployment Process
fi 0O Use a step-by-step process to ensure a successful firewall implementation and deployment

O The process helps to minimize any unforeseen issues and identify any potential pitfalls early on

Firewall Implementation and Deployment Process

P When implementing a firewall for the network, organizations must plan their positioning
LU in advance

Confi - Involves configuring various components and features such as hardware, software, policy
o ot configuration, implementing logging, and alerting mechanisms

Mainly focuses on whether the firewall rules are set according to the actions performed
Testing by the firewall

A phased approach to deploy multiple firewalls on a network helps detect and resolve
e Deploying | issues regarding conflicting policies

[~ Managing and Includes maintaining the firewall architecture, policies, software, and other components
— Maintaining deployed on the network

Copyright© by EC-{ L All Rights Reserved. Reproduction
is Strictly Prohibited

Firewall Implementation and Deployment Process
A phased-based approach should be used to implement and deploy a firewall. Use a step-by-
step process to ensure a successful firewall implementation and deployment. The use of a five-
phased approach for implementation and deployment minimizes unforeseen issues and
identifies potential pitfalls. The phases involved in implementing and deploying a firewall
include planning, configuring, testing, deploying, and managing and maintaining.
While planning a firewall implementation, consider all the requirements to determine
which firewall to implement while enforcing network security policies.

After planning, focus on configuring the firewall hardware and software components
and setting up rules for the system to work effectively.
Next, test the firewall prototype and its environment after successfully configuring the
firewall. Assess its functionality, performance, scalability, and security for possible
vulnerabilities and issues in the components.
After resolving all issues encountered during the testing phase, deploy the firewall into
the network.
After successfully deploying the firewall, monitor it for component maintenance and
resolving operational issues throughout its lifecycle, and consider incorporating
enhancements or significant changes when needed.
Steps Involved in Firewall Implementation and Deployment
Planning
When implementing a firewall for the network, organizations must plan their
positioning in advance. It is critical to conduct a security risk assessment to know where

Module 07 Page 791 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

a threat to the network would most likely originate and the reasons behind it.
Depending on the potential origin of threats, a layout for firewall implementation
should then be built. Organizations must determine if they need to implement a firewall
to enforce the new security policies.
If an organization is considering implementing a firewall, remember to outline a
consistent security policy in advance based on the risk assessment. The security policy
must determine how basic communication will take place at the firewall, where the
firewall must sit, and how to configure it.
» Configuring: Configuring a firewall involves configuring various components and
features such as hardware, software, policy configuration, implementing logging, and
alerting mechanisms.

= Testing: Testing a firewall involves examining it for any bugs. The firewall
implementation test mainly focuses on whether the firewall rules are set according to
the actions performed by the firewall. Firewall testing increases the reliability of the
products using the firewall.

= Deploying: It is necessary to ensure the firewall is deployed according to the security
policies of the organization. It is also necessary to alert the users of the deployment of
the firewall. Similarly, the security policy of the firewall should be added to the
network’s overall policy and any configuration changes during implementation should
be included. Employing a phased approach to deploy multiple firewalls on a network
helps detect and resolve issues regarding conflicting policies.
* Managing and Maintaining: Managing a firewall includes maintaining the firewall
architecture, policies, software, and other components deployed on the network.
Update the policy rules when they identify new threats and if requirements change. The
security of the firewall can be ensured by constantly monitoring and addressing the
issues in the network. Additionally, monitor the firewall logs continuously in order to
detect new threats and attacks in the network. Perform a firewall log analysis to detect
security incidents.

Module 07 Page 792 Certified Cybersecurity Technician Copyright © by EC-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls - Technical Controls

Firewall Access Control Lists (ACLs)
m®
I
QO A firewall access control list is a collection of rules or conditions to allow or deny inbound and
@ outbound network traffic
O These rules restrict unauthorized access and malicious traffic entering an internal network

Standard ACLs

v' Block or allow network packets by

Copyright © by | L All Rights Reserved. Reproductionis Strictly Prohibited.

Firewall Access Control Lists (ACLs)
A firewall access control list (ACL) is a collection of rules or conditions to allow or deny inbound
and outbound network traffic. These rules are created when configuring a firewall that is
connected to an internal network to restrict unauthorized access and malicious traffic entering
the internal network. As the firewall matches the rules with network traffic from top to bottom,
most specific rules are configured at the top of the list. In general, ACLs are used for controlling
the traffic of layer 2, layer 3, and layer 4. The following types of ACLs are used for each layer.
= Layer 2: MAC ACLs

= Layer 3: IP ACLs

= Layer 4: TCP/UDP port ACLs

ACLs are configured in firewalls and routers that connect two networks. These rules are
classified into the following two types.
= Standard ACLs: These ACLs block or allow network packets by verifying the source IP
address. They are used for basic protection and for small developments. Standard ACLs
require relatively low processing power.
= Extended ACLs: These ACLs block or allow network packets by verifying the source IP,
destination IP, MAC address, and port numbers.

Module 07 Page 793 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.
Certified Cybersecurity Technician Exam 212-82
Network Security Controls — Technical Controls

Features of ACL:

The ACL features differ from product to product. Some basic features that every ACL provides
include the following.
Predefined rules for filtering malicious traffic based on ICMP traffic, IP address, TCP
ports, and UDP ports
Inbound and outbound traffic filtering based on MAC addresses, IP addresses, and port
numbers
Mirroring of the traffic that matches the specific rule of a physical port

Storage of the logging information of an ACL rule, i.e., how many times the rule has
been enforced

Module 07 Page 794 Certified Cybersecurity Technician Copyright © by EG-Council
All Rights Reserved. Reproduction is Strictly Prohibited.