IT Baseline Protection Manual - The Information Warfare Site

Data Transmission Systems Firewall
_________________________________________________________________________________________
The firewall should be sited in a separate server room. The appropriate measures are described in
Chapter 4.3.2. If no server room is available, the firewall can alternatively be set up in a server cabinet
(see chapter 4.4 Protective Cabinets).
In order to successfully set up a firewall, a series of measures should be taken, including the
conception, purchase and operation of a firewall. The steps and measures involved are described
below:
1. Concept of the network coupling using a firewall: (c.f. S 2.70 Developing a Firewall Concept)
-
- Determining the security objectives
- Adapting the network structure
- Basic requirements
2. Security policy of the firewall: (c.f. S 2.71 Determining a Security Policy for a Firewall)
- Selecting the communications requirements
- Selection of Services
(Prior to the selection of services, the chapter S 5.39 Safe use of protocols and services
should be consulted)
- Organisational regulations
3. Procuring the firewall:
- Selecting the type of firewall
(c.f. S 2.72 Demands on a Firewall and S 2.73 Selecting a Suitable Firewall)
- Procurement criteria
(c.f. S 2.74 Selection of a Suitable Packet Filter and S 2.75 Selection of a Suitable
Application Gateway).
4. Implementation of the firewall:
- Establishing and implementation of filter rules (c.f. S 2.76 Selection and Implementation of
Suitable Filter Rules)
- Implementation of the IT baseline protection safeguards for firewall computers (see Chapter
6.2)
- Check implementation of the IT baseline protection safeguards for the IT systems of the
internal network (c.f. Chapter 6.1 6.2 and 6.3, for example)
- Observe the conditions for the correct use of the various protocols and services (c.f. S 5.39
Safe use of protocols and services)
- Inclusion of other components (see S 2.77 Correct Configuration of Other Components)
5. Operating the firewall: (see S 2.78 Correct Operation of a Firewall)
- Regular checks
- Adaptation to changes and tests
- Logging of firewall activities (c.f. S 4.47 Logging of firewall activities)
- Contingency planning for the firewall (see also Chapter 3.3)
_________________________________________________________________________________________
IT-Baseline Protection Manual: Otober 2000