e Project: Improving a Rule Base

Description: You have accepted a position as network administrator for a law firm. Unfortunately, the previous administrator did not leave much documentation of the network infrastructure and its configuration. You have spent many hours documenting the transmission media, data storage, and device configuration. You have examined the firewall in an attempt to understand the existing rules and their purpose, and to see whether rewriting the rule base could speed up the firewalls performance and improve security.

Table 9-14 shows the notes you have made about the firewall rule base.

The firewall works correctly, but some simple changes to the rule base could improve its performance dramatically. The network has IP addresses from 210.100.101.0 to 210.100.101.255. The firewall is at 210.100.101.1, the Web server is at 210.100.101.2, the DNS server is at 210.100.101.3, the SMTP server is at 210.100.101.4, and the POP3 server is at 210.100.101.5.

Table 9-14:

You have noted some questions that you need to address as you consider modifying the firewall rule base:

a. Which rules cover the same sort of communication?

b. Which rules are too far down the list and should be moved up?

c. Which rules give the firewall more work than necessary? (Hint: Look in the Track column.)

Using as few rows as possible, write a new rule base that addresses the questions in the preceding steps.

Rule Destination IP ProtocolAction Track Alert None Source IP Comments 210.100.101.1 Deny Blocks access to firewall 210.100.101.0 to Any 210.100.101.255 Blocks network access to Web server using S-HTTP S-HTTP Deny AllowNo 210.100.101.0 toAny 210.100.101.255 HTTP S-HTTP Allows network access to all Web sites AllowLog Allows all computers to access the Web server using HTTP 4 Any 210.100.101.2 HTTP Allow Enables network to make queries to DNS server UDP 210.100.101.0 to 210.100.101.3 210.100.101.255 Allow Any except 210.100.101.0 to 210.100.101.255 Enables DNS server to make lookups on the Internet but not in the network 210.100.101.3 TCP AllowNone 210.100.101.0 to 210.100.101.5 210.100.101.255 Allows network access to POP3 server TCP AllowNone Allows any computer to access the SMTP server Any 210.100.101.4 TCP 9 Deny Cleanup rule