Posted by: Gaurav Srivastava
· Configure and continue to monitor logs on the device
· Disable services and accounts which are not being used, or are no longer necessary
· Replace insecure services (such as telnet, rsh, or rlogin) with more secure alternatives such as ssh
· Restrict access to services which cannot be disabled where possible
· Make and test backups of the system in a consistent manner
· The use of NAT should be considered a form of routing, not a type of firewall.
· only permit outbound traffic that uses the source IP addresses in use by the organization.
· Compliance checking is only useful in a firewall when it can block communication that can be harmful to protected systems.
· Management of personal firewalls should be centralized to help efficiently create, distribute, and enforce policies for all users and groups.
· Firewall policies should only allow necessary IP protocols through.
· Traffic with invalid source or destination addresses should always be blocked,
· Traffic with an invalid source address for incoming traffic or destination address for outgoing traffic (an invalid “external” address) should be blocked at the network perimeter.
· Outbound traffic with invalid source addresses should be blocked.
· Traffic from outside the network containing broadcast addresses that is directed to inside the network.