Friday, November 29, 2013

 Firewall Policies for a Software Development Company

Major goal of Software Development Company is to design, develop and distribute software applications, framework or platform which belongs to interested domains such as finance, security, travel and tourism, healthcare, public services etc.  Different roles associated with software development company are as follows.
  • Software Development Team (Software Architects, Engineers, Developers, QA Engineers, Business Analysts, Project Managers)
  • Software Deployment and Support Team (Deployment Engineers, App Support Team)
  • Enterprise Management (CEO, HR personnel)
  • Marketing and Sales Team
  • Customers and Clients
Depending on the nature of the business and the above stakeholders, the different segments of network design of Software Development Company can be listed as follows.
  • Wired LAN for enterprise users
  • Wireless LAN for mobile users
  • Branch offices connect via WAN
  • Server Rooms (File servers, Mail servers, App servers)
  • Remote Data Centers and Server farms
  • DMZ which interfaces with general public
  • Home users connected via VPN
  • Extranet for customers and clients
Before a firewall policy is created, some form of risk analysis should be performed to develop a list of the types of traffic needed by the organization and categorize how they must be secured—including which types of traffic can traverse a firewall under what circumstances.
Generally, firewalls should block all inbound and outbound traffic that has not been expressly permitted by the firewall policy. Which kind of traffic should be blocked can be defined by firewall policy and these policies which can be applied by software development organization can be categorized as follows.
  • Policies based on IP address and Protocols
Network traffic can be blocked based on source and destinations address or protocols such as FTP, HTTP
  • Policies based on applications
These policies provide application layer filtering and proxy server functionality.
  • Policies based on user identity
Based on user authentication by using VPN,SSL etc.
  • Policies based on network activity
Based on user activities on the network.

 References :
Karen Scarfone and Paul Hoffman,"Guidelines on Firewalls and Firewall Policy" ,In NIST Special Publication 800-41, Sept 2009

No comments:

Post a Comment