Information Technology Reference
In-Depth Information
table 9.8
FW B
eneits with respect to iA Core principles
IA Element
FW Role
Confidentiality
Ensuring secrecy of message content is only an FW concern in
a virtual private network (VPN), where an encrypted tunnel is
established over public network facilities.
Integrity
Ensure that content and transmitted information is
unchanged. Such content includes e-mails, session
authentication and maintenance, Web site information, and
static information (e.g., E-brochure).
Availability
FWs ensure availability of protected resources by blocking
undesirable traffic that may introduce denial of service (e.g.,
SYN flood).
Possession
Provide a level of intellectual property protection by
restricting traffic flows used for file transfer (e.g., FTP).
Authenticity
Support authenticity at OSI L3 by prohibiting IP address
spoofing; internal network IP addresses attempting to enter
from an external network are typically blocked by an FW.
Utility
Ensures the utility of a resource by blocking undesirable
traffic that may cause harm
Nonrepudiation
An FW does not provide for nonrepudiation.
Privacy
Protects privacy by ensuring only appropriate traffic enters
the protected network; unauthorized traffic is blocked.
Authorized use
An FW does not provide for authorized use directly, but
contributes to defense-in-depth protecting against theft of
services that incur cost to the organization. For example, an
FW defends against unauthorized entry into the corporate
network that may result in theft of computing resources,
use of specialized applications, access to the public
switched telephone network (toll fraud), or access to voice
adjuncts (unauthorized use of voice mail or interactive
voice response [IVR]).
context of security mechanism aggregation (defense-in-depth). Table 9.8 presents
some benefits of firewalls in context of the IA core principles.
The snapshot in Table 9.8 supports product selection. A comprehensively
applied IA
2
includes policies for FW and appropriate use; business processes that
address data flow, applications, appropriate use; and people, one example being
executive backing.
The result of the applied IA
2
Process is a firewall blueprint that includes imple-
mentation and operations using best practices, verification that the FWs are work-
