Special Considerations With Firewalls

Because the compromise of a firewall would be potentially disastrous to subnet security, a number of special considerations need to be taken with regard to firewall configuration and use. The following list, adapted from [GS91], summarizes these items:

• limit firewall accounts to only those absolutely necessary, such as for the administrator. If practical, disable network logins.

• use authentication tokens to provide a much higher degree of security than that provided by simple passwords. Challenge-response and one-time password cards are easily integrated with most popular operating systems.

• remove compilers, editors, and other program-development tools from the firewall system(s) that could enable a cracker to install Trojan horse software or backdoors.

• do not run any vulnerable protocols on the firewall such as tftp, NIS, NFS, UUCP, or X.

• the finger protocol can leak valuable user information, consider disabling finger.

• on e-mail gateways, consider disabling the EXPN and VRFY commands, which can be used by crackers to probe for user addresses.

• do not permit the firewall systems to ``trust'' other systems; the firewall should not be equivalent to any other system.

• disable any feature of the firewall system that is not needed, including other network access, user shells, applications, and so forth.

• turn on full-logging at the firewall and read the logs routinely.