S 2.72 Requirements on a firewall

Initiation responsibility: Head of IT Section, IT Security Management

Implementation responsibility: IT Security Management, Administrators

Before purchasing a firewall, the following points should be taken into consideration:

• It must be possible to conceal the structure of the network requiring protection (computer number, name and mail addresses) so that no conclusions can be drawn regarding the internal network structure and the internal users. This can be achieved by using an application gateway, for example, and two DNS servers.

• The firewall should be able to protect certain computers against attacks without these computers having to be in the network requiring protection. No user-specific filter rules have to be established for these computers. This can be, for example, information servers connected to a dedicated interface of a packet filter or the application gateway (multi-homed gateway) (see also S 2.77 Secure Configuration of Other Components).

• The components must be centrally administered via a trustworthy path (e.g. via a separate network or an encoded connection) and they must be understandable (e.g. via a graphic interface on a separate computer). Administration should be performed on a separate computer, i.e. the required management platform should be on a separate computer so that no complex and thus error-prone software, such as X-Windows, has to be on the firewall.

• A firewall configuration which consists of at least two separate units is recommended. The units must be arranged one after the other so that both units must be passed for a connection between the two networks. The units should work with different operating systems and different formats for the description of filter rules.

The two units can, for example, be a packet filter and an application gateway. This ensures that errors made during the administration of a component can be intercepted by the other correctly configured component.