• DISCOVER
  • CREATE
IN-FOCUS
CONCEPTS
PROCESS
ROLES
CONTEXT
RATIONALE
HANDS-ON LAB
CHALLENGE
CONTRIBUTING FACTORS
COURSE OF ACTION
Key Concepts:
  • Planning and selection of an appropriate firewall for an organization
  • Best practices for managing enterprise and personal firewalls
  • Security appliances that work with firewalls
  • Best practices for managing VPN connectivity
  • Risks in using remote access technologies in the context of an enterprise

Network Security,
Firewalls, and VPNs

Firewall Implementation and Management

Firewall Implementation and Management
Firewall and VPN Implementation
Firewall and VPN implementation requires careful planning, management, and extensive documentation. This, in turn, ensures successful deployment, resolves future problems, detects and thwarts attacks, and prepares for disasters.

Reflect on answers to the following questions related to firewall and VPN implementation. Then, click each question to reveal its answer. After going through the concepts, click the ACTIVITY button to attempt a simple activity.
  • Should you buy or build a firewall?
  • What are some firewall security vulnerabilities and countermeasures?
  • What items related to firewalls need monitoring?
  • What criteria are used to select tools for monitoring firewalls?
  • What tools are used to monitor a firewall?
A custom-built—do-it-yourself—firewall doesn't require dedicated hardware and uses open source code, making it less expensive than a prebuilt—off-the-shelf—firewall. However, a prebuilt firewall is more likely to work without additional hardware and device driver configuration or a host operating system.
Firewalking is a technique used by hackers for disguising port scans and lets them know if a firewall probe is successful. However, firewalking can also be used by security personnel to test the vulnerability of a firewall and increase defenses. Packet inspection can be defeated by fragmentation and overlapping attacks; use dynamic filtering with virtual reassembly and analysis as a countermeasure. VPN tunneling, although necessary for remote communications, is a security risk. Enforce firewall deny-by-default rules for inbound and outbound communications, use host and network intrusion detection systems (IDSs), and use white-list controls to secure VPN tunnels.
To ensure the proper security of firewalls, the following items need to be monitored:
  • Verification of configuration settings, including encryption
  • Authorization and authentication
  • Logs
  • Network traffic and bandwidth
  • Network access control
  • VPNs for remote access
The following are the possible criteria used to select firewall-monitoring tools:
  • Speed, flexibility, and simplicity
  • Real-time applications and bandwidth
  • Strong authentication
  • Detailed logging
  • Customized, unique, or complicated filtering
  • Major threats
A firewall is a critical element of a network that needs security. The tools and software used for firewall security are dictated by budget and threat evaluation. However, the nature of exploits and attack methodologies can change quickly, which limits the useful lifespan of any recommendation. The tools used to monitor or test firewalls are Nmap or Zenmap, Netstat, Tcpview, Fport, Snort, Nessus®1, Wireshark, NetWitness Investigator, Netcat, Backtrack, and Syslog. Click here to know more about these tools.

I Nessus is a Registered Trademark of Tenable Network Security, Inc.
Troubleshooting Firewalls
Firewall management includes testing, monitoring, and troubleshooting a firewall. Review the following firewall troubleshooting techniques. Then, click the ACTIVITY button to perform a simple activity.
Firewall troubleshooting, like any form of troubleshooting, is more about the process than about the actual result. Most firewall problems are relatively easy to troubleshoot if you plan a detailed troubleshooting procedure with extensive documentation. The foundation of successful troubleshooting is preparation. Click here to know more about troubleshooting a firewall.

Successful firewall troubleshooting depends on good documentation and planning. Click here to know more about the documentation needed for troubleshooting a firewall.
Firewall Implementation
Firewall implementation is a complex process involving various phases and sections. Review the following firewall implementation phases.
The following are a list of phases or sections involved in firewall implementation:
  • Survey of the use of a firewall
  • Scope
  • Address space
  • Technologies in use
  • Support skill set
Click the RESOURCES icon to know more about each of these phases.

Resources
VPN Security Measures
VPNs are purposeful holes in corporate security. They can be dangerous if the host is compromised. Reflect on answers to the following questions related to VPN security measures. Then, click each question to reveal its answer. After going through the answers, click the ACTIVITY button to attempt a simple activity.
  • What is general nature of VPN threats and attacks?
  • What are the general VPN security measures?
Usually, home users and travelers use VPN-enabled devices. If a home computer is compromised, that attack can follow the VPN to the internal network. Similarly, a constant live connection gives hackers more opportunities to penetrate a corporate network through a VPN.
General security measures for a VPN are as follows:
  • Install a personal firewall on home and mobile computers.
  • Use an IDS.
  • Ensure that work-related home computers are set up by an IT team member and not by the end user.
  • Install all the latest security patches.
  • Travelers should not leave a VPN-enabled computer out of sight.
  • Close the VPN connection when not in use.
  • Disconnect or disable the wired network interface if connecting via a wireless interface.
Firewall and VPN Integration
Integrating both a firewall and a VPN is crucial for the network security of an organization. Review the following to know how both the firewall and the VPN complement each other to provide security. Then, click the ACTIVITY button to perform a simple activity.
Firewalls control access to the network through a variety of means. VPNs facilitate secure communication for remote users. VPNs allow a remote user to appear as if it is physically on the target network and can work across the Internet or across an intranet. Different kinds of VPN users represent different levels of risk. Corporate employees using company-owned and managed laptops represent the least amount of risk, whereas authorized partners and customers (more autonomous entities) represent the most risk.

VPNs are not complete security solutions and should be used with a firewall. Some VPN and firewall security products are fully integrated or combination solutions.

Click the RESOURCES icon to know more about various security guidelines and strategies.

Resources

In this section, you will have an opportunity to practice the concepts and processes that you have explored in this lesson.

The Hands-On Lab provides you with an engaging learning experience that is diagnostic and flexible. Following the instructions provided in the Lab Manual, you will be able to practice the steps IT Security Specialists perform on a daily basis and develop the skills required for effective execution and management of IT Security operations.

In this section, you will have an opportunity to apply what you’ve learned in this lesson in the context of analyzing a business situation. Although simplified, a problem scenario provided here depicts the challenges often faced by professionals in the workplace.

In this interactive case study, you will explore a business situation, review critical information related to the problem discussed in the case, decide on the course of action, and receive a decision analysis summary that discusses the implications of your decision. Once you analyze the impact of your decision, explore alternative solutions to learn about other potential ways to address the issue in the case. Complete your work on the case by submitting the graded assignment that will reflect on your process of analyzing the business situation and defining an appropriate course of action.

You have been working on the Corporation Techs network project. Your manager, Mike Hutchins, now wants to brief you about your next task, which is a continuation of the assignment based on the Corporation Techs scenario.

Click the image of the manager to get his instructions.

After you have gone through the challenge, navigate to Contributing Factors from the panel at the top of your screen.

Corporation Techs wants to set up a new network in a remote office for an engineering firm. The IT department wants to integrate the new network with the one set up in the main office. All the best!

Contributing Factors
From where can you gather information on this case? Let's find out by clicking the contributing factors. After you have gone through the contributing factors, navigate to Course of Action from the panel at the top of your screen.

Ask a Consultant
Review Documents
Review Critical Considerations

Select the icon from the top to receive additional
information related to the situation


Tim Hanks

You must develop a network security plan, a basic topology, and a VPN plan for this remote office that we are going to set up for the engineering firm. In addition, you must consider the technologies involved and create a security plan and a network configuration document that indicates firewall and VPN selections.

Click here to view the various components of the remote office.
Consider the following factors before creating the security plan:
  • Ensure proper integration of the firewall and the VPN.
  • Protect the internal network and assets by providing in-depth defense.
  • Ensure safety of the main office and its digital assets in case of a failure at the remote office.
Course of Action
Use the following checklist as a guide to complete this assignment. Note that the tasks that you have completed are already checked in the list.

Tasks

  • Consider the advice of the consultant.
  • Review the critical considerations.
  • Review the components of the remote office.
  • Develop a network security plan.
  • Develop a basic network topology.
  • Develop a VPN plan.
  • Submit the checklist to your instructor.
At the end of this lesson, you should be able to:
  • Describe the elements of firewall and virtual private network (VPN) implementation and management and the threats and attacks against VPNs.
  • Identify tools used for managing and monitoring a firewall and troubleshooting common firewall problems.
  • Identify firewall management best practices.
  • Understand the issues involved with the deployment, placement, and implementation of a VPN.
In this lesson, you will learn about the planning and selection of a firewall best suited to an organization’s requirements. You will also learn about the best practices related to managing enterprise and personal firewalls and managing VPN connectivity. In addition, you will analyze the risks that remote access technologies present to an enterprise.