Hello,

I need two responses of at least 150 words each for the below students discussions for this week. Also in the bold below are the questions the students at answering.

Scenario:

Your CISO was very happy with the recommendations that you made in Week 3. They have accepted your recommendations as valid, but have requested additional information on the firewall solution. The CISO is now asking for:

1. Firewall best practices that you will implement to ensure confidentiality, integrity, and availability (CIA, page 6, first mention in textbook).
2. The best firewall to support his requirement for detailed logging.
3. The firewall type.
4. Your plan for managing it.

Student one:

Hello,

After my CISO is pleased with my recommendation, I will then have him/her sign my proposed Standing Operating Procedure (SOP) in which I outline and document the responsibilities and policies. This SOP will be the guideline to which IT members and employees should adhere. That way, the CIA triad (sometimes called AIC triad to avoid the confusion with the other three-letter agency) will be implemented to the letter. Availability, Integrity, and Confidentiality are crucial components of organization security and IT members should regularly maintain and monitor the organization’s firewall(s) to ensure the firewall system is working properly. It is worth noting that IT members should configure their firewalls based on the need and type of data the organization wants to protect and secure. Personally, I would configure the firewall with deny all rule and manually accept or block traffic as I see fit. However, it is recommended for enterprise network to configure the firewall with deny by default/allow with exception rule. This rule ensures malicious packets are automatically blocked by default.

I believe most firewalls on the market can perform adequate logging tasks, and usually an IT member can tweak logging through real time experience over time (Stewart, 2014). Also, it is recommended to log and monitor everything while deploying a versatile UTM firewall type. Incidentally, UTM firewall can manage myriads of security services from a single interface such as content filtering, detailed logging, firewall filtering, antivirus scanning, and anti-spam filtering (Stewart, 2014).

Firewall management is a crucial step to ensure an organization’s firewall is doing its job. One cannot expect a firewall to block malicious traffic without applying updates and patches to it. As I mentioned in week three, it is better to perform pen-testing on your organization’s firewall to ensure your system can resist any hacking activities. Not to mention that there are tools an IT member can utilize to monitor the performance and the dependability of a firewall like using Nmap to check the state of ports, Snort to detect firewall breaches, Nessus to scan for vulnerabilities, and Wireshark to sniff for any packets that enter and leave a firewall (Stewart, 2014).

Reference:

Stewart, J. M. Network Security, Firewalls and VPNs. [VitalSource Bookshelf]. Retrieved from https://online.vitalsource.com/#/books/97812841077…

Regards,

Said

Student two:

Firewall best practices that you will implement to ensure confidentiality, integrity, and availability (CIA, page 6, first mention in textbook).

The best practice of any firewall is the use of blocked traffic default behavior. As in, rather than rely on the ability of a technician to determine which traffic to block, it is simpler to block all traffic. From this position, the firewall is then modified to accept specific traffic relevant to a given organization/purpose. Consider this, the Wannacry ransomware utilized Port 445 (SMB). If this protocol had been denied by default, as well as all other ports not needed, then the ransomware wouldn’t have succeeded. A second best practice is to ensure that the firewall updates autonomously with released updates or hot fixes relevant to the CIA Triad.

The best firewall to support his requirement for detailed logging.

The majority of firewalls, especially commercial related ones, therefore logging will be a matter of specific associated levels. The given common levels of logging are:

Fatal – Catastrophic issue, remediation required. (I.e. corruption)

Error – Serious Issue, investigate. (I.e. dropped connections)

Warn – There may be a problem, consider investigation.

Debug – Detailed information relating to debugging or general maintenance.

Trace – Basically promiscuous mode for a firewall log, all data collected and reported.

With non-critical systems, it is most likely that the logging would pivot towards an Error, or above level. This reduces the auditing processes and alleviates the work load of IT personnel. With the critical systems, the logging process would most likely be of a Warn and higher level as to ensure effective remediation efforts. Along with this level, the likelihood of achieving agreed “up” time increases as well. In either critical or noncritical systems, the enabling of Debug would be wise for allocated maintenance interval timeframes preapproved through the change management process.

Your plan for managing it.

The management of a firewall should focus on automation for both maintenance and upgrading. With this given automation, the manual inspection of processes should focus on evaluation rather than implementations. This ensures a reduction in human error likelihood, such as failing to enable “hot fixes”. A failure to audit is a much less devastating than a failure to apply updated defenses responding to fringe threats.

-Joshua