What Should a Firewall Contain?

Once the decision is made to use firewall technology to implement an organization's security policy, the next step is to procure a firewall that provides the appropriate level of protection and is cost-effective. However, what features should a firewall have, at a minimum, to provide effective protection? One cannot answer this question entirely with specifics, but it is possible to recommend that, in general, a firewall have the following features or attributes:

• The firewall should be able to support a ``deny all services except those specifically permitted'' design policy, even if that is not the policy used.
• The firewall should support your security policy, not impose one.
• The firewall should be flexible; it should be able to accommodate new services and needs if the security policy of the organization changes.
• The firewall should contain advanced authentication measures or should contain the hooks for installing advanced authentication measures.
• The firewall should employ filtering techniques to permit or deny services to specified host systems as needed.
• The IP filtering language should be flexible, user-friendly to program, and should filter on as many attributes as possible, including source and destination IP address, protocol type, source and destination TCP/UDP port, and inbound and outbound interface.
• The firewall should use proxy services for services such as FTP and TELNET, so that advanced authentication measures can be employed and centralized at the firewall. If services such as NNTP, X, http, or gopher are required, the firewall should contain the corresponding proxy services.
• The firewall should contain the ability to centralize SMTP access, to reduce direct SMTP connections between site and remote systems. This results in centralized handling of site e-mail.
• The firewall should accomodate public access to the site, such that public information servers can be protected by the firewall but can be segregated from site systems that do not require the public access.
• The firewall should contain the ability to concentrate and filter dial-in access.
• The firewall should contain mechanisms for logging traffic and suspicious activity, and should contain mechanisms for log reduction so that logs are readable and understandable.
• If the firewall requires an operating system such as UNIX, a secured version of the operating system should be part of the firewall, with other security tools as necessary to ensure firewall host integrity. The operating system should have all patches installed.
• The firewall should be developed in a manner that its strength and correctness is verifiable. It should be simple in design so that it can be understood and maintained.
• The firewall and any corresponding operating system should be updated with patches and other bug fixes in a timely manner.

There are undoubtably more issues and requirements, however many of them will be specific to each site's own needs. A thorough requirements definition and high-level risk assessment will identify most issues and requirements, however it should be emphasized that the Internet is a constantly changing network. New vulnerabilities can arise, and new services and enhancements to other services may represent potential difficulties for any firewall installation. Therefore, flexibility to adapt to changing needs is an important consideration.