Eicon Networks S92 Instrukcja Użytkownika Pobierz pdf (Strona 85)

YuChakTinMichael‘sGIACGCFWProjectAssignment

Page 85

2,

DonotenabletheSynDefenderGateway option.ItisnotlikelytoseeSynflood

attacksagainstthisfirewallfromtheinsidenetwork.

3,

Configurethefollowingrules:

n Allow AdminaccesstoallserversinPublic_Servicesviaanytraffic.

n AllowStaffaccesstoWWWviaHTTPandHTTPS.

n AllowStaffaccesstoDNSviaDNSquery.

n AllowDevaccesstoWWW viaHTTP andHTTPS.

n AllowDevaccesstoDNS viaDNSquery.

n AllowRAS_UseraccesstoWWWviaHTTPandHTTPS.

n AllowRAS_UseraccesstoDNSviaDNSquery.

n AllowInt_EmailtoreceiveSMTPalertsfromIDS.Weneedthisrulesothatthe

alertscanbeforwardedtotheadministrator’smailbox.Keepinmindthough,

thatwiththisruleinplace,theIDSmustbeabsolutelysecure,oranintrusion

pathtotheinsidenetworkwillcometrue.

n AllowInt_EmailtoinitiateSMTPrequeststoEmail.Weneedthisrulesothat

theinternalemailsystemcaninitializecommunicationwiththeexternalonefor

sendingoutboundemailsandretrievinginboundqueuedemails

4,

Dropandlogeverythingelse. ThisrulemustbetheLASTrule.

Exceptforthelast“Dropeverythingrule”,theorderoftheruleswedefineddoes

notmattergiventhesmallnumberofrulesandtheirnonconflictingnature.

5,

VerifythepolicyviaPolicy – Verify.

6,

Installthepolicy viaPolicy –Install.InstallthepolicyontoSELF.

7,

Performsomebasictesting.

1 2 ... 80 81 82 83 84 85 86 87 88 89 90 ... 208 209

Brak uwag

Eicon Networks S92 Instrukcja Użytkownika Strona 85