Information Technology Reference
In-Depth Information
table 9.7 Applied
iA
2
Summary: Firewalls
IA
2
Topic
Description
Mechanism
Firewall (FW); packet filter or proxy
Drivers
Secure communications; secure Internet access; segregate
key business functions (e.g., production) from other parts
of the organization
IA
2
view
Applicable IA
2
views: Systems and applications, information/
data, infrastructure (technical)
IA core principles
Applicable IA core principles:
Confidentiality-integrity-availability (CIA)
Authenticity (A)
Privacy-authorized use (PA)
Compliance
requirements
Legislative, policy, guidelines, executive order, presidential
directive, or others specifically mentioning the FW or
concerns regarding secure traffic management
ELCM application
Describe applicable ELCM elements: O&M
Verification
Applicable verification methods include formal C&A on the
FW and integration testing of the FW in enterprise network
environment. Penetration testing verifies the FW rules work
as intended.
Operations
Applicable IA operations cycle phases: Defend, monitor
explicitly permitted is denied. Subsequent rules specify what Internet Protocol (IP)
traffic to permit. A proxy firewall is more complex, but more granular on enforcing
filtering rules. A proxy actually simulates the application, for example, SMTP. The
proxy firewall launches an SMTP application that performs the same functions as
any SMTP program that adheres to the industry standard. The firewall adminis-
trator may then tweak the available features to filter on nuances of SMTP traffic.
Table 9.7 provides an applied IA
2
summary for firewalls.
9.7.1
Applied IA
2
: Firewalls
The appropriate selection of the FW type is dependent on the organization, poten-
tial threats, IA budget, and level of knowledge within the organization. Moreover,
research must evaluate vendors and products against many criteria, which include
Common Criteria rating, third-party performance testing, licensing and pricing
arrangements, industry standing, and longevity projections (i.e., will the vendor be
in business 12 months from now?). See Figure 9.5 for an example view of FWs in a
