CyberGuard SG570 Instalační příručka Strana 1

Medical Practice Network SecurityFirewall Tutorial1st edition June 2005www.gpcg.org

10Private IP address The Internet uses special Internet addressing schemes to distinguish private local networks from computers participating in the

11STEP 3: Deciding which firewall product you need The choice of firewall depends on your needs, based on: • the risks to your practice information.

12Figure 2: protecting your private network, and protecting your web server with two separate firewalls in two independent networks using a single I

134. Web server as separate (perimeter) network Once you want to provide web services to the outside world, such as online appointment bookings, you

14STEP 4: Understanding firewall technologies Simple versus sophisticated Once you have decided on the general network layout and where to place the

15STEP 5: Understanding different types of firewallsPacket filters Data transferred via TCP/IP protocol is usually sent in the form of ‘packets’. Ea

16Disadvantages of stateful packet filters • Vulnerable to attacks with malformed packets (since it does not know about packet content).• Vulnerable

17Advantages of proxy type firewalls • Protection against malformed packets.• Protection against more protocol based attacks than stateful inspectin

18STEP 6: Understanding network addressing The first question before you set up your firewall will always be: what address range are you using in yo

19Imagine 8-bit (0 – 255) as 8 little switches. Each switch that is ‘on’ has to be matched by the corresponding switch in your address. The number 2

2Medical Practice Network Security - Firewall TutorialINTRODUCTION 4About this tutorial 4What are firewalls? 4Why do you need them? 4What other comp

20STEP 7: Understanding ports and firewall configuration What are ports? Ports are special addresses within a network address that are required to a

21Public ports‘Public ports’ are 49152 - 65535. These are up for grabs so never rely on these ports delivering the same service. However, this is al

22STEP 8: Suggested firewall products Your choice of firewall depends on both your needs and IT skills, and with some solutions it also depends on y

23The list above is not exhaustive – it represents products reviewed up to now. After you make your choice and install your firewall, refer to this

244 Billion products 5 D-Link products6 Draytek products7 Dynalink products 8 INEXQ products9 Linksys products10 Netcomm products11 Netgear products

25STEP 9: Principles of firewall configuration This section explains the steps necessary for configuring any firewall. Product-specific information

26STEP 10: DIY security audit How to find out if your firewall really works The proof of the pudding is in the eating. The proof of your firewall is

27Local Area Security Linux This is a valuable tool chest of network auditing and forensics applications that can be run from CD without needing to

28SentinixBefore you download, read the step-by-step installation guide to make sure you will be able to do it. Alternatively, you might want to try

29SAINTSAINT is one of the top ten SANS certified security auditing tools. It is not to be confused with the free network monitoring tool: NetSaint.

3AcknowledgementsThe General Practice Computing Group would like to thank the following people for contributing to Medical Practice Network Security

30STEP 11: How to audit your firewall – step by step Prepare your test scenario You need two computers plus your pre-configured firewall. We will ca

31• Download PHLAK – this is a 400+ Mb large ISO CD image. Use your CD burning software to create a bootable CD from this ISO image. It will not wor

324 If you start the Nessus program for the first time, it will ask you whether you accept the server certificate. Say yes, because it is the one yo

335 If login is successful you will presented with the certificate for visual verification. In the scenario here it is safe again to simply click OK

34A warning will probably pop up telling you that dangerous features have been disabled (those which might crash a victim during scanning). Accept t

357 In the plugin section, simply enable ‘all but dangerous plugins’ for now. For the first scan, you can leave all other configuration options at t

369 Now, all that is left to do is to click on the ‘Start the scan’ button at the bottom of the Nessus dialog box. It may take anything from several

37STEP 12: Firewall checklist – after installation After installation and configuration of your firewall, but before you connect your private networ

38FURTHER INFORMATION Virtual Private Network Sometimes it may be useful to extend your private network outside your practice building – for example

39Figure 7: Connecting two practices via VPN Another common scenario is connecting to the practice from home or while travelling, using a notebook a

4INTRODUCTION About this tutorialThe information in this tutorial has been put together by the General Practice Computing Group (GPCG) with addition

40Failover/load balancingFailover The failover principle is to have multiple Internet service providers, and let your gateway device handle the conn

41Unfortunately, there is no rule regarding which technology is the most reliant at present in Australia. It depends on a variety of technological a

42GLOSSARYAccess – The ability to use computer information in some manner. Specific access can be granted to each individual user.Application servi

43Network gateway - An inter-networking system that joins two networks together. A network gateway can be implemented completely in software, comple

General Practice Computing Group C/- Royal Australian College of General Practitioners1 Palmerston CrescentSouth Melbourne, Vic 3205Tel: (03) 8699 041

5Security breaches cost you According to the 2004 Australian Computer Crime and Security Survey by the Australian Computer Emergency Response Team (

6Other security measuresEven with a firewall in place, you still need to take other security measures to protect your internal computer systems, inc

7Many ISPs offer fully managed multi-tier firewall services. However, while you may rely on your ISP to provide a network firewall service you may c

8STEP 1: Understanding firewalls in principle • A firewall is a means of shielding your private computer system from an untrusted network, like the

9STEP 2: Understanding how the Internet worksUnderstanding how and why to install a firewall, a basic networking knowledge is required. Here is a si