Security Policy Table

With the Firewall Object in place, all network traffic is denied unless it is explicitly allowed by an applied security policy.  This policy specifies which type of IP packets are processed both inbound and outbound.

The Security Policy table displays an ordered list of rules that have been configured by the administrator.

Initially the table is vacant but is easily populated with either a group of pre-defined rules supporting standard security levels or a selection of separate protocol rules for unique needs.

Security Policy Table and logging options

Defaults

A good way to start in defining security policies is to click on the "Defaults" button, and select one of the security level options recommended by Lightspeed Systems.  

These pre-defined options are acceptable to use on traffic control server machines that will perform as border firewall machines. The three default policies allow for “high” “medium” and “low” security settings which also can be edited, added to, or subtracted from in order to customize the Firewall environment.   The primary differences in these 3 security level options are:

• Low Security implicitly allows ALL traffic through standard or recognized service ports (restrictions can be edited into traffic components as necessary).

• Medium Security only the standard TCP traffic through standard or recognized service ports.  All other "non-standard" traffic types or traffic attempting access via "non-standard" service ports will be disallowed (modifications can be edited into traffic components as necessary).

• High Security further disallows POP3, IMAP4, Telnet sessions and most ICMP traffic (modifications can be edited into traffic components as necessary).

NOTE:  Care should be taken in using the "Defaults" button after performing any editing since it replaces any rules that currently exist in the Object.

Table Components

For a given rule in the list, the following information is displayed:

Rule Number - Displays the sequential number of the rule in the table.  The sequence of the rules can be rearranged as noted above.

Rule Name - The rule’s display name that can be set in the Rules Property Dialog

External - This displays the external component that is affected by this rule. "Any Network" means this rule applies to communications involving any external network. Otherwise, this rule applies only to communications involving the specified networks or hosts as defined in the Rule Properties - General Settings.  

Action - This displays the action that the rule will take with traffic as defined in the Rule Properties - Service Settings.  Packets will be handled in one of three ways:

• Drop - The connection request and all other packets will be dropped "silently" meaning that no message will be returned to the requestor regarding the effect of the rule being applied to the packet(s).

• Reject - The connection request packet will be dropped and an ICMP "Host Unreachable" message will be returned to the requestor. Other packets will be dropped "silently".

• Permit - Session connections will be allowed with 'timeout' and 'lifetime' limitations defined in the Rule Properties - Service Settings.

Direction - This displays the traffic flow that will be affected by this rule.  Each rule can have a value of “Inbound,” “Outbound,” or “Either” as specified in the Rule Properties - Service Settings.

Internal - This displays the internal component that is affected by this rule. "Any Network" means this rule applies to communications involving any internal network. Otherwise, this rule applies only to communications involving the specified internal networks or hosts as defined in the Rule Properties - General Settings.

Auditing - This specifies what level of logging will be performed for this rule.  The options "None", "Log" or "Log Summary" are described and set in the Rule Properties - General Settings for the rule.

Ordering / Sequencing Rules

The order of the rules in the table is significant. The rules are applied in the order in which they are displayed (top to bottom).  The ordering of the rules can be adjusted using the "Move Up" or "Move Down" arrows.

A rule defines a security policy for a particular type of IP traffic. There may be more than one rule applied to a given type of IP traffic as necessary to accomplish security goals.  If there is more than one rule for a given type of IP traffic, it is recommended that these be carefully sequenced and grouped together before other rules for other traffic.

Adding / Editing / Deleting Rules

Clicking on the Add button or alternatively the arrow button to its immediate right, brings up a menu of predefined traffic types.  From these lists the user can select the type of traffic they wish to control and specify the rules to manage that particular traffic..  

Clicking on the Edit button when one of the rules in the list is highlighted will take the user to the Rule Properties dialogs within which the specific rule can be modified..

NOTE:  Recorded Statistics Logging must be enabled before any Auditing options of a Security Policy rule will take effect.

The Delete button will remove the highlighted Security Policy from the list.

See Also:

Firewall Object - Overview

Firewall Object - Active Statistics

Firewall Events  - Database Tables

Firewall Sessions Report