Abstract
Irrespective of the type of firewalls one deploys one has to test and maintain it carefully. One never knows that a hacker has entered the network unless one carefully monitors the firewall logs. Doing so is sometimes an unglamorous, thankless job. However, using applications such as Firedaemon and Fwlogwatch, both of which are profiled in this chapter, one can receive automatic alerts. Fwlogwatch can even automatically reconfigure your firewall in case of a scanning attack. Even if one chooses not to automatically block traffic, using the testing and logging tools discussed in the chapter one can maintain one's firewall so that it is blocking and allowing the right traffic for the business. Firewall should not allow any packets to pass from outside the network into the internal network if the source address is the same as any host in the internal network. Leaving your packet-filtering firewall open to spoofing attacks largely obviates the reason for having a firewall, so you should take every step to test exactly what your firewall drops and allows. If you require, for example, your end users to have access to the World Wide Web, you will find that it is necessary to allow ephemeral ports (any port over 1023) to access the Internet. However, if you are using private IP addresses (e.g., the 192.168.45.0 network), no system outside of the firewall should ever be able to assume this IP address and access your internal network's ephemeral ports.
Sign-in/Register to access full text options 
Talk to us
Join us for a 30 min session where you can share your feedback and ask us any queries you have
Schedule a call
