BEING A FIREWALL ENGINEER.
AN OPERATIONAL APPROACH.
Second Edition, 2021
A Comprehensive guide on firewall operations and best practices
Jithin Aby Alex
About the Author
Jithin Aby Alex, CISSP, CEH
Security Professional, having experience in managing security operations, implementing and handling major security solutions and products in various environments and regions. I have used my experience, professional connections, and publicly available information for writing this book. I thank you for purchasing this book and thanks for the support. I hope this book will be informative to you and I wish you all the best.
Please visit www.jaacostan.com for my articles and technical write-ups.
Copyright Jithin Aby Alex
All Rights Reserved. No part of this publication may be reproduced, distributed, or transmitted in any other form or by any other means including photocopying or any other electronic or mechanical methods without prior written permission from the Author.
Disclaimer: Although the author has made every effort to ensure that the information in the book was correct at the time of writing, the author does not assume and hereby disclaim any liability to any party for any loss, damage, or disruption caused by errors or omissions, whether such errors result from negligence, accident or any other cause. The author makes no representations or warranties concerning the accuracy or completeness of the contents of this work. All the diagrams, IP addresses, numbers, names, etc. used in this book are only for illustration purposes. All the names, proprietary terms, reference links used here belong to the respective owners. All other trademarks are the property of their respective owners.
There is always room for improvement.
Contents
1.0 Introduction
The security landscape is rapidly evolving and changing. During the early 2000, most of the companies invest in their perimeter packet filtering firewall with big faith. To be frank, it was enough to do the job. But as time passes, various new cybersecurity challenges emerged, threat landscapes changed, threat actors and methods become very sophisticated. Traditional packet filtering technologies couldnt able to prevent the attacks. Fortunately, the firewall appliance market has been also evolved. Instead of verifying the 5-tuples (source and destination IPs, Source and Destination ports, and the protocol), the firewalls become more intelligent to take decisions and filtering of traffic based on application, identity, and various other parameters.
When it comes to network security, one of the major and critical devices that every organization implements is a Firewall. You may find hundreds of firewall products in different categories such as Next-generation firewalls, Virtual firewalls, Appliances, Cloud-based, etc. A firewall is considered the basic element of network security. Well, having firewalls improves the security posture of your organization. However, that is not just enough. From a network security point of view, proper security can be achieved by having a combination of the right product with the right configurations, the right administrator, and last but not the least, the right management approach and processes. Firewalls along with other security solutions such as endpoint security make your defense-in-depth architecture strong.
Though there are no prerequisites for understanding the topics mentioned in this book, I assume the readers have a basic idea of IT and networking.
Please note that this book is not a configuration guide and is not written from a configuration point of view. This book gives you a broad overview of Firewalls, packet flows, hardening, management & operations, and the best practices followed in the industry. Though this book is mainly intended for firewall administrators who are into the operations, this book gives a quick introduction and comparisons of the major firewall vendors and their products.
In this book, I have covered the following topics.
Various Job roles related to Firewalls.
What makes you a firewall expert?
Know the major firewall vendors and their models.
Understand the packet flow or order of operation in each firewall.
Understand the different types of firewalls.
Understand the daily tasks of a firewall administrator
Understand device hardening.
Guidelines on hardening the firewalls.
Explains major hardening standards and compliances.
Understand the Change Management process.
Illustration on How to make a firewall change (incorporating Change management process) with a real-world example.
Lets get started.
2.0 Who is a firewall Engineer?
A firewall engineer is a person who is responsible for the configuration and operations of the firewall on a day-to-day basis. The routine tasks are adding or removing firewall rules, verifying the hardenings, troubleshooting connections, etc.
Besides knowing how to configure and maintain a firewall, the firewall professional should know advanced networking concepts in depth. A few expectations from a firewall professional are listed below.
Should know how various protocols or services work. Rules are implemented based on the IP, ports, and service details. If you are not sure how the service works, then it could be hard to troubleshoot. Note that, an efficient engineer should be able to troubleshoot and fix issues promptly.
Understand the packet flows. This is very important. When you are dealing with a firewall appliance, you should know how that product process the packets. This is also handy during troubleshooting. For example, if there is an issue with some communication, you could be able to find out whether the issue happens after or before NAT.
Should know how to use protocol analyzers. Having good knowledge of tcpdump or Wireshark is handy.
Thoroughly understand the ISO/OSI model.
Should know various dependencies related to services, traffic flows, etc.
Should be able to foresee the effect of a change in the network. Very important, you may implement a change in the firewall but a small change could sabotage the entire network. Know what you are doing. If someone asks, why did you put this rule, and what is it for? Then you should be able to confidently answer the question.
Very important, must know the Change management process.
The above points are minimal skills required for an operational engineer. But if you work in the implementations, then you should know more knowledge on networking, protocols and integrations.
2.1 Understand the Job description.
I just added this section for pouring in some basic ideas on different job roles, especially for beginners. When looking for a job related to Network security or Firewalls, you might encounter different titles such as Firewall Engineer, Firewall Consultant, Firewall Specialist, Firewall Analyst, Firewall Expert, etc.
If you are a professional looking for a position, its best to go through the job description rather than the actual job title. Companies do create their definitions for the job roles. Some job roles are very exaggerated as well. In short, all such jobs are looking for people with hands-on expertise in firewalls.
The Job responsibilities can be categorized mainly into three. Presales, Post-sales, and Operations.