What strategies should be implemented for ordinary hotel hardware firewalls?

Generally speaking, routine inspections of hardware firewalls mainly focus on the following contents: 1. Hardware firewall configuration file No matter how comprehensive and rigorous you consider when installing the hardware firewall, once the hardware firewall is put into use In the actual use environment, the situation is changing at any time. Hardware firewall rules are constantly changing and adjusting, and configuration parameters will also change from time to time. As a network security manager, it is best to write a set of security policies that modify firewall configurations and rules and strictly implement them. The hardware firewall configuration involved should be as detailed as possible, such as which traffic is allowed and which services require proxies.

In the security policy, the steps for modifying the hardware firewall configuration should be stated, such as which authorizations need to be modified, who can make such modifications, when modifications can be made, how to record these modifications, etc. The security policy should also specify the division of responsibilities. For example, if one person makes specific changes, another person is responsible for recording, and a third person checks and tests whether the modified settings are correct. A detailed security policy should ensure that modifications to hardware firewall configurations are programmed and avoid errors and security vulnerabilities caused by configuration modifications.

　2. Hardware firewall disk usage If log records are kept on the hardware firewall, it is important to check the disk usage of the hardware firewall. If logging is not maintained, it becomes even more important to check the disk usage of the hardware firewall. When log records are retained, abnormal growth in disk usage is likely to indicate a problem with the log clearing process, which is relatively easy to handle. If the disk usage increases abnormally without keeping logs, it means that the hardware firewall may have been compromised by someone installing a Rootkit tool.

Therefore, network security managers first need to understand the disk usage of the firewall under normal circumstances, and based on this, set an inspection baseline. Once the disk usage of the hardware firewall exceeds this baseline, it means that the system has encountered security or other problems and requires further inspection.

3. CPU load of hardware firewall Similar to disk usage, CPU load is also an important indicator to judge whether the hardware firewall system is running normally. As a security manager, you must understand the normal value of the CPU load of the hardware firewall system. A too low load value does not necessarily mean that everything is normal, but an excessively high load value indicates that there must be a problem with the firewall system. Excessive CPU load is likely caused by problems such as a DoS attack on the hardware firewall or a disconnection from the external network.

4. Daemon programs of hardware firewall systems. Under normal operation, each firewall has a set of Daemon programs, such as name service programs, system log programs, network distribution programs or authentication programs, etc. . During routine inspections, you must check whether these programs are all running. If you find that some wizard programs are not running, you need to further check what causes these wizard programs not to run and which wizard programs are still running.

5. System files There are no more than three situations in which key system files can be changed: modifications made by managers in a purposeful and planned manner, such as modifications caused by planned system upgrades; changes by managers occasionally Modifications to system files; modifications to files by an attacker.

Regularly check system files and check system file modification records to detect attacks on the firewall in time. In addition, it should also be emphasized that it is best to include records of system file modifications in the modification of the hardware firewall configuration policy.

6. Exception log The hardware firewall log records information about all allowed or denied communications and is the main source of information on the operating status of the hardware firewall. Due to the large amount of data in this log, checking exception logs should usually be an automated process. Of course, what kind of events are abnormal events must be determined by the administrator. Only when the administrator defines abnormal events and records them, the hardware firewall will retain the corresponding logs for future reference.

Routine inspections in the above six aspects may not immediately detect all the problems and hidden dangers that the hardware firewall may encounter, but persistent inspections are very important for the stable and reliable operation of the hardware firewall. If necessary, administrators can also use packet scanners to confirm whether the hardware firewall configuration is correct or not. They can even go further and use vulnerability scanners to simulate attacks to assess the capabilities of the hardware firewall.