Using Network Access Policy Rules
157
You must have already registered the Firewall before Activating the Web
Site Filter.
Using Network
Access Policy Rules
Network Access Policy Rules are the tools you use to control traffic
between the LAN, DMZ and WAN ports of your Firewall.
Use this list to help you create rules.
■
State the intent of the rule.
The following are examples of intent for rules:
■
This rule will restrict all IRC access from the LAN to the Internet.
■
This rule will allow a remote Lotus Notes server to synchronize over
the Internet to an internal Notes server.
■
Is the intent of the rule to allow or deny traffic?
■
What is the flow of the traffic: from the LAN to the Internet, or from
the Internet to the LAN?
■
List which IP services will be affected.
■
List which computers on the LAN will be affected.
■
List which computers on the Internet will be affected.
The more specific, the better. For example, if traffic is being allowed from
the Internet to the LAN, it is better to allow only certain machines on the
Internet to access the LAN.
Once you have defined the logic of the rule, it is critical to consider the
security ramifications created by the rule:
■
Will this rule stop LAN users from accessing critical resources on the
Internet?
For example, if IRC is blocked, are there users that require this service?
■
Is it possible to modify the rule to be more specific?
For example, if IRC is blocked for all users, will a rule that blocks just
certain users be more effective?
■
Will this rule allow Internet users access to resources on the LAN in a
manner that may create an undue security vulnerability?
For example, if NetBIOS ports (UDP 137, 138, 139) are allowed from
the Internet to the LAN, Internet users may be able to connect to PCs
with file sharing enabled.
DUA1611-0AAA02.book Page 157 Thursday, August 2, 2001 4:01 PM
Содержание 3C16111 - SuperStack 3 Firewall Web Site Filter
Страница 18: ...18 DUA1611 0AAA02 book Page 18 Thursday August 2 2001 4 01 PM ...
Страница 50: ...50 DUA1611 0AAA02 book Page 50 Thursday August 2 2001 4 01 PM ...
Страница 96: ...96 CHAPTER 6 USING THE FIREWALL DIAGNOSTIC TOOLS DUA1611 0AAA02 book Page 96 Thursday August 2 2001 4 01 PM ...
Страница 122: ...122 CHAPTER 8 ADVANCED SETTINGS DUA1611 0AAA02 book Page 122 Thursday August 2 2001 4 01 PM ...
Страница 150: ...150 CHAPTER 10 CONFIGURING HIGH AVAILABILITY DUA1611 0AAA02 book Page 150 Thursday August 2 2001 4 01 PM ...
Страница 152: ...152 DUA1611 0AAA02 book Page 152 Thursday August 2 2001 4 01 PM ...
Страница 166: ...166 CHAPTER 11 ADMINISTRATION AND ADVANCED OPERATIONS DUA1611 0AAA02 book Page 166 Thursday August 2 2001 4 01 PM ...
Страница 174: ...174 DUA1611 0AAA02 book Page 174 Thursday August 2 2001 4 01 PM ...
Страница 178: ...178 CHAPTER 13 TYPES OF ATTACK AND FIREWALL DEFENCES DUA1611 0AAA02 book Page 178 Thursday August 2 2001 4 01 PM ...
Страница 190: ...190 CHAPTER 14 NETWORKING CONCEPTS DUA1611 0AAA02 book Page 190 Thursday August 2 2001 4 01 PM ...
Страница 192: ...192 DUA1611 0AAA02 book Page 192 Thursday August 2 2001 4 01 PM ...
Страница 206: ...206 APPENDIX D TECHNICAL SUPPORT DUA1611 0AAA02 book Page 206 Thursday August 2 2001 4 01 PM ...
Страница 212: ...212 INDEX DUA1611 0AAA02 book Page 212 Thursday August 2 2001 4 01 PM ...
Страница 214: ...DUA1611 0AAA02 book Page 214 Thursday August 2 2001 4 01 PM ...