Chapter 8: Configuring Filtered Services
114
WatchGuard Firebox System
https://support.watchguard.com/advancedfaqs/svc_main.asp
Selecting Services for your Security Policy
Objectives
The WatchGuard Firebox System, like most commercial
firewalls, discards all packets that are not explicitly
allowed, often stated as “that which is not explicitly
allowed is denied.”
This stance protects against attacks based on new, unfamil-
iar, or obscure IP services. It also provides a safety net
regarding unknown services and configuration errors
which could otherwise threaten network security. This also
means that for the Firebox to pass
any
traffic, it must be
configured to do so. You must actively select the services
and protocols allowable, configure each one as to which
hosts can send and receive them, and set other properties
individual to the service.
Every service brings tradeoffs between network security
and accessibility. When selecting services, balance the
needs of your organization with the requirement that com-
puter assets be protected from attack.
Incoming service guidelines
Enabling incoming services creates a conduit into your net-
work. The following are some guidelines for assessing
security risks as you add incoming services to a Firebox
configuration:
•
A network is only as secure as the least secure service
allowed into it.
•
Services you do not understand should not be trusted.
•
Services with no built-in authentication and those not
designed for use on the Internet are risky.
Summary of Contents for Firebox X1000
Page 1: ...WatchGuard Firebox System User Guide WatchGuard Firebox System...
Page 12: ...xii WatchGuard Firebox System...
Page 44: ...Chapter 2 Service and Support 22 WatchGuard Firebox System...
Page 61: ...Cabling the Firebox User Guide 39...
Page 68: ...Chapter 3 Getting Started 46 WatchGuard Firebox System...
Page 78: ...Chapter 4 Firebox Basics 56 WatchGuard Firebox System...
Page 156: ...Chapter 8 Configuring Filtered Services 134 WatchGuard Firebox System...
Page 182: ...Chapter 9 Configuring Proxied Services 160 WatchGuard Firebox System...
Page 220: ...Chapter 11 Intrusion Detection and Prevention 198 WatchGuard Firebox System...
Page 242: ...Chapter 12 Setting Up Logging and Notification 220 WatchGuard Firebox System...
Page 256: ...Chapter 13 Reviewing and Working with Log Files 234 WatchGuard Firebox System...
Page 274: ...Chapter 14 Generating Reports of Network Activity 252 WatchGuard Firebox System...