AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Search in comments
Filter by Custom Post Type
Posts

Network Security Tip of the Week [4]

by

This week’s network security tip focuses on implementing a “deny” firewall rule at the end of the ruleset as a method to prevent traffic from going where its not wanted in the network.  Justin, a senior security professional from Trinidad suggests, “End your rule base with a clean-up rule or a ANY ANY DENY rule.”

Matt, a Sr. Systems Engineer from the US expands on this: “Deny policies at the end of your rule set help make sure you catch traffic that’s trying to go to the wrong zone, so it is important to have every combination covered. Make sure you have enough deny policies between your zones with this factorial math equation: (number of zones)! / (number of zones -2)! = (number of possible two-way combinations). 3 zones with deny policies each way would mean you need 6 policies – 3! / 1! = 6. 10 zones means you need 90 unique policies – 10! / 8! = 90.”

As always, please share your own tips by commenting on this blog or sending us a Direct Message on Twitter via @AlgoSec.

 

Subscribe to Blog

Receive notifications of new posts by email.