Home > Articles

  • Print
  • + Share This
This chapter is from the book

The Security Policy

As mentioned before, the security policy encompasses both the rule base that dictates what traffic is allowed, and the global properties that introduce additional behavior into the firewall.

A firewall administrator should understand how to develop a rule base, and how to manage the global properties to effectively secure the network.

A Skeleton Rule Base

Check Point recommends that there be a few standard rules in your rule base, for both security reasons and ease of management.

The first recommended rule is the stealth rule. The purpose of the stealth rule is to disallow any communication to the firewall itself, protecting it from attacks. This rule should be placed near the top of the rule base, with the only rules above it being those that permit or require access to the firewall.

A stealth rule looks like the one shown in Table 3.2.

Table 3.2 The Stealth Rule

Source

Destination

Service

Action

Track

Install On

Time

Any

Firewalls

Any

Drop

Log

Policy Targets

Any


Here, the stealth rule matches anything pointed at the firewall itself and drops it with a log entry. The Firewalls object is assumed to be a group containing all the Check Point objects under management.

Check Point also recommends the use of a cleanup rule, which drops and logs all traffic not caught by other rules. Recall that the default behavior of FireWall-1 is to drop any packet that is not explicitly permitted, without logging it. From a security and troubleshooting standpoint, having a log of dropped packets is extremely beneficial. Table 3.3 shows the cleanup rule.

Table 3.3 The Cleanup Rule

Source

Destination

Service

Action

Track

Install On

Time

Any

Any

Any

Drop

Log

Policy Targets

Any


Note that the rule specifies Any for the Source, Destination, and Service fields. Any packet that doesn’t get matched by a previous rule will be matched by this one. Because the action is set to Log, you will have a record of the packet details.

Implicit and Explicit Rules

Normally only the rules you enter are shown in the rule base. These are called explicit rules, because they were created explicitly. However, there are many rules that are also enforced by the firewall that you do not see. These are called implicit rules (or implied rules), and they either are a part of every policy or are added and removed as part of features and options that you configure in other parts of the interface.

To view the implicit rules, pull down the View menu and select Implied Rules.

Whether or not you are viewing the implicit rules has no bearing on what gets pushed out to the enforcement points. All enforcement points receive the implied rules, and they cannot be disabled.

  • + Share This
  • 🔖 Save To Your Account

Related Resources

There are currently no related titles. Please check back later.