Firewall Security Standard

Developed by

This information contained in this document is the prop

confidential and shall not be copied, published or made available to third p
whole or in part without the written permission of ABC Ltd.

Classification: Confidential
Distribution Controls
This distribution of this document is controlled to authorized control leaders only.

Updates and replacement of this document is managed by the Systems & Information Security
Manager. Plan recipients who cease to responsible for the scope
surrender all copies of the document to the Systems & Information Security Manager.

Document History

Version Date Update Details Author Censorsh Approbation

ip

1.0 Establish IT Security Policy Document

This version supersedes all previous versions issued prior to the date indicated above
Contents
1. Purpose..................................................................................................................................... 4
2. Scope........................................................................................................................................ 4
3. Standard....................................................................................................................................4
4. Review.......................................................................................................................................6
5. Emergencies..............................................................................................................................6
 1. Purpose

To e s t a b l i s h a u n i f o r m s e t o f s t a n d a r d s f o r i m p l e m e n t i n g a n d
firewall standard, including but not limited to type and nature of traffi
a l l o w e d o r d e n i e d a c c e s s t o A B C LT D n e t w o r k . A l s o , t o m a i n t a i n t h e s t
network and increase the security for identified resources.

2. Scope

This standard covers the minimum security configuration requirements for firewall.

3. Standard

All opened ports must have accompanying documented justification.

Unnecessary ports must be blocked to avoid any kind of misuse.
Access to ABC LTD network firewalls allowed only to certain network and information
security personnel as per their Roles and Responsibilities.
All administrative access to ABC LTD network firewalls will be governed by the
following rules:
o All administrative users must authenticate via ___________.
o A backup administrator account shall be used only for console access.
o All administrative access shall be encrypted, at a minimum, via the
following methods:
 Method-1: _______________
 Method-2:________________
o All administrative access shall be restricted to networks and hosts
o Each network firewall will present the login banner when a user logs in to
the device:
Anti-spoofing filters (blocked private addresses, internal addresses appearing from
the outside) must be enabled.
Noise drops (e.g. discard OSPF and HSRP chatter) should be enabled
Alert must be generated to system administrator about traffic that is suspicious
Logging should be enabled and that the logs are reviewed to identify any potential
patterns that could indicate an attack.
Latest patches and updates related to firewall product should be tested and installed
as per firewall management procedure.
Firewall rule-set must comply with ABC LTD IT Security Policy
State tables should be reviewed to ensure that appropriate rules are set up in terms
of source and destination IP’s, source and destination ports and timeouts.
Timeouts should be appropriate so as not to give the hacker too much time to launch
a successful attack.
Hot standby firewall should be available in case of primary firewall failure.
Default user name and passwords should be reset.
The firewall should be appropriately configured to know which hosts are on which
interface.
Firewall access control lists should be reviewed to ensure that the appropriate traffic
is routed to the appropriate segments.
There should be deny rule for traffic destined to critical internal addresses from
external sources
The rule should be set specifying that only traffic originating from IP’s within the
internal network be allowed. Traffic with IP’s other than from the internal network is to
be dropped.
The traffic originating from IP’s other than from the internal network are logged.
The readdressing option should be enabled such that internal IP addresses are not
displayed to the external untrusted networks.
The rule should be set to block ICMP echo requests and replies.
The rule should be set to block outgoing time exceeded and unreachable
messages.
Loose source routing and strict source routing (lsrsr & ssrr) are blocked and logged
by the firewall.
 The following spoofed and illegal addresses are blocked:
o Standard unroutables
 255.255.255.255
 127.0.0.0
o Reserved addresses
 240.0.0.0
o Illegal addresses
 0.0.0.0
o UDP echo
o ICMP broadcast
 The traffic from the above addresses is not transmitted by the interface.
 Running and startup configurations must be synchronized.
 To deny all outgoing traffic and will have exceptions based upon the specific
business requirements of ABC LTD
To deny all incoming traffic and will have exceptions based upon the specific
business requirements of the ABC LTD

4. Review

This standard will be maintained in accordance with the Security Policy [ITS-ABC LTD-
02].

5. Emergencies

In emergency situation, actions may be taken by the Incident Response Team in

accordance with the procedures in the Incident Response Procedure.