Improving Web Application Security: Threats and - CGISecurity

Chapter 15: Securing Your Network 409FirewallThe role of the firewall is to block all unnecessary ports and to allow traffic only fromknown ports. The firewall must be capable of monitoring incoming requests toprevent known attacks from reaching the Web server. Coupled with intrusiondetection, the firewall is a useful tool for preventing attacks and detecting intrusionattempts, or in worst-case scenarios, the source of an attack.Like the router, the firewall runs on an operating system that must be patchedregularly. Its administration interfaces must be secured and unused services must bedisabled or removed.SwitchThe switch has a minimal role in a secure network environment. Switches aredesigned to improve network performance to ease administration. For this reason,you can easily configure a switch by sending specially formatted packets to it. Formore information, see “Switch Considerations” later in this chapter.Router ConsiderationsThe router is the very first line of defense. It provides packet routing, and it can alsobe configured to block or filter the forwarding of packet types that are known to bevulnerable or used maliciously, such as ICMP or Simple Network ManagementProtocol (SNMP).If you don’t have control of the router, there is little you can do to protect yournetwork beyond asking your ISP what defense mechanisms they have in place ontheir routers.The configuration categories for the router are:● Patches and updates● Protocols● Administrative access● Services● Auditing and logging● Intrusion detectionPatches and UpdatesSubscribe to alert services provided by the manufacturer of your networkinghardware so that you can stay current with both security issues and service patches.As vulnerabilities are found — and they inevitably will be found — good vendorsmake patches available quickly and announce these updates through e-mail or ontheir Web sites. Always test the updates before implementing them in a productionenvironment.