IT Baseline Protection Manual - The Information Warfare Site

Safeguard Catalogue - Organisation Remarks
____________________________________________________________________ .........................................
S 2.78 Secure operation of a Firewall
Initiation responsibility: Head of IT Section, IT Security Management
Implementation responsibility: IT Security Management, Administrators
In order to ensure correct operation of a firewall, the adherence to the required
safeguards should be checked on a regular basis. In particular, the
organisational provisions for the operation of the firewall should be regularly /
randomly checked to ensure that these are being adhered to. Regular checks
should be carried out as to whether new accesses have been created bypassing
the firewall.
Regular tests should also be carried out to ensure that all filter rules have been
correctly implemented. It should be ensured that only those services stated in
the security policy are permitted.
In the event that alterations are to be made to the security policy at a later date,
these must be closely monitored and checked for side effects, in particular.
The demands placed on packet filters and application gateways when these
were purchased should be implemented. They should be updated regularly and
checked for completeness.
The default setting of the filter rules and the configuration of the components
must ensure that all connections not explicitly allowed are blocked. This must
also apply in the event of complete failure of the firewall components.
The following should generally apply: "Everything is forbidden unless
explicitly permitted". A user with no entry in an access list, for example, has
no way of using the Internet.
The following points should also be observed:
- In order to prevent the eavesdropping of, or alterations to, the
authentication information, the Administrator and Auditor may only
authenticate themselves via a trustworthy path. This can be directly via the
console, for example, an encoded connection or a separate network.
- Integrity tests of the software used must be carried out in regular intervals.
The firewall must be switched off in case of errors.
- The firewall must be tested for its behaviour in case of a system crash. In
particular, an automatic restart must not be possible and it must be possible
to store the access lists on a write-protected medium. The access lists are
the main data for the operation of the firewall and must be specially
secured so that no old or faulty access lists are used when the unit is
restarted as the result of an attack.
In case of failure of the firewall, it must be ensured that during this time no
network connections can be made from, or to, the protected network.
- The components used may only contain programs which are required for
the operation of the firewall. The use of these programs must be
documented and justified in detail. The software for the graphic user
interface, for example, should be removed as well as all superfluous
____________________________________________________________________ .........................................
IT-Baseline Protection Manual: Oktober 2000