Policy Enforcement Using Access Control Lists
Now we’re going to look at policy enforcement using Access Control Lists.
We want the ability to stop and reroute traffic based on packet characteristics, based on the information that’s flowing across the network.
We can do this with access control lists on incoming or outgoing interfaces. In other words, depending on if this is going to be your connection to the outside world, or to an intranet, you can define where this control is going to be. You can do this together with NetFlow to provide high-speed enforcement on network access points.
NetFlow is basically a way of making information travel faster by identifying a lot of different packets are going to have similar characteristics. You can also do violation logging. You can keep something called a Syslog file that will keep track of violations to your Security Policy.
If you had an Access Control List that simply dropped packets that were unacceptable but without a way of logging that and telling you about it, then you may miss some alerts today to potentially more malicious behavior in the future. And so it’s very important to have logs that you review periodically.
Let’s take a look at firewalls next.
Importance of Firewalls
What is a firewall? Why do I want one?
Firewalls are used to build trusted perimeters around information and services. Your Internet security solution must be able to allow employees to access Internet resources, while keeping out unauthorized traffic. The most common way of protecting the internal network is by using a firewall between the intranet and the Internet.
What Is a Firewall?
So what are the basic requirements of an Internet firewall? First, a firewall needs to be able to analyze all the traffic passing between the internal user community and the external network. In this way it can ensure that only authorized traffic, as defined by the security policy, is permitted through. It can also ensure that content which could be potentially harmful to the internal network is filtered out.
A firewall also needs to be designed to resist attacks, since once a hacker gains control of the firewall, the internal network could be compromised. And finally, it should be able to hide the addresses of the internal network from the outside world, making the life of a potential hacker much more difficult.
Importantly, a firewall needs to support all these requirements and have the ability to support the constantly increasing Internet connection speeds and traffic loads, so that it doesn’t become a bottleneck.