ANSWER QUESTIONS AND RESPOND TO BOTH Your CISO was very.docx
1. ANSWER QUESTIONS AND RESPOND TO BOTH PEERS!!!! Your CISO was
very happy with the
ANSWER QUESTIONS AND RESPOND TO BOTH PEERS!!!!Your CISO was very happy with
the recommendations that you made in Week 3. They have accepted your recommendations
as valid, but have requested additional information on the firewall solution. The CISO is now
asking for:Firewall best practices that you will implement to ensure confidentiality,
integrity, and availability (CIA, page 6, first mention in textbook).The best firewall to
support his requirement for detailed logging.The firewall type.Your plan for managing
it.RESPOND TO ANDREWWell no firewall is going to be able to ensure that confidentiality,
integrity, and availability (CIA) will be protected on its own. The firewall is just part of the
holistic security architecture. Confidentiality has to do with data privacy, the benefit a
firewall has on this aspect is the ability to stop network traffic from untrusted sources into
the network, fighting off things like phishing attacks. Conversely it can also be a screen to
the internal network by not allowing certain information leave a local area network (LAN).
Firewalls that are acting in other capacities such as a gateway also ensure that information
is not accessible between two separate networks in a LAN. In terms of integrity I honestly
don’t see firewalls as being able to provide much. Data encryption, hashing, checksums,
digital signatures all ensure data integrity. A firewall, as far as I’m aware, has no method of
data integrity verification. The best I can offer is from the reading where a firewall can be
configured as a fail-safe so if there is a breach it stops allowing traffic to traverse. Please let
me know if I am mistaken. Looking at availability, this is a firewalls bread and butter, acting
on a deny by default allow by exception method. Firewalls monitor traffic between LANs
and WANs based off of the configuration.Looking at best practice for firewalls keeping the
CIA triad in mind we need to first assess the network and determine firewall placement.
Typically one is going to go at the gateway to the internet and act as our first defense. The
bastion host idea is something I would implement to thwart all well-known malicious
signatures, stop sketchy requests and connections. I would also configure a demilitarized
zone for all public facing servers to protect internal LANs. Finally, within the LAN I would
set up firewalls as necessary between departments where simple access control may not be
effective. I would focus on the outbound connections and ensure that rules are configured to
stop traffic leaving the network that may be dangerous in an external agencies hands.The
best type of firewall for defense of the internal network is the next generation firewall
(NGFW). Typically these come with numerous other functions that affirm the defense in
2. depth concept and provide a one size fits most. NGFW provide packet filtering, built in
intrusion prevention systems (IPS), built in sandboxing, and large malicious traffic
signature libraries. They allow for administrators to have visibility over users, hosts,
networks, and devices; they can pinpoint where breaches occurred and they will work on
applications and web traffic alike (Cisco, 2022). NGFWs also come with the ability to learn
and establish baselines for normal network traffic to identify anomalies and provide
warnings. They can analyze patterns to identify issues or at least notify the administrators
of what’s going on. Third party services will offer cloud space for monitoring and push
updates to clients when libraries are updated with new attack signatures automatically.I
would recommend any Cisco commercial product, as they have a simple and effective
method for all aforementioned characteristics of firewalls to include logging.In managing
the firewall I would start with policy, a subsection in the overall security policy.
Configuration rules and set up instructions with all of the pertinent information to include
OS type and year and service pack information. It will address the log monitoring and
review procedures with the responsible parties indicated. A clear logical diagram of where
hardware and software firewalls reside. I would also ensure that risk decisions are
annotated, for example the security team suggested a newer bastion host and management
declined, I want all of that documented. The last piece from a management perspective is all
transactional data for who did what on the software or hardware, periodic logging of the
audits, and any recommended changes.RESPOND TO CHRISTOPHERThe principal of
information security is to protect the confidentiality, integrity, and availability of
information from harm. Confidentiality is assurance of data privacy. Integrity is assurance
of data non-alteration. Availability is assurance in the timely and reliable access to data
services for authorized users. It ensures that information or resources are available when
required.Addressing the CISO concern policy there would need to be a firewall policy in
place. Establishing this policy is primordial in the success of a system because it establishes
tangible goals. Employees need to read and understand the policy so it should be relatively
easy to understand.I would implement firewall rules that are relevant to the organization; a
security stance that would benefit the security of the organization without affecting
functionality. Because with too many rules this can easily happen. The rules and protocols
should include communication between internal systems as well as communication with
external systems to determine, chokepoints or weakest points that would need a hardware
firewall in combination with an installed software firewall.The policy also will include a
disaster or compromise procedures to allow for immediate action when or if an intrusion is
detected. Patching and installing latest updates to antivirus, antispyware and other security
tools on all workstations needs to be done consistently. Remote access to the network
should be limited. A good defense-in-depth concept should be applied where use of ISD, IPS,
auditing, NAT, multifactor authentication and secure VPN reimplementation addition, any
unused ports should be disabled. “The ideal firewall solutions for small business integrate a
hardware firewall with software controls into a comprehensive security solution that
includes virtual private network (VPN) support, antivirus, anti-spam, anti-spyware, and
content filtering capabilities” (Cisco). I would recommend using a Cisco firewall as they
have a trusted history and are an industry standard. Support for Cisco products is also
3. readily available. Most firewalls will have some sort of detailed logging capability already
incorporated with the firewall and would use the logging capability that comes with the
Cisco firewall. I would suggest setting up to automatically or manually moving log files from
the firewall to a secure storage location. Vigilant monitoring needs to be performed by the
network administrators to keep the network secure. Using a tool like NMAP would be a
good choice to monitor network traffic. “Nmap is commonly used for security audits, many
systems and network administrators find it useful for routine tasks such as network
inventory, managing service upgrade schedules, and monitoring host or service uptime.”
(NMAP).
