【 Weak current College 】 hardware firewall routine inspection of main content

Hardware firewall is to protect the internal network security an important barrier. Its security and stability has a direct bearing on the entire internal network security. Therefore, day-to-day routine checks to ensure that a hardware firewall security is very important. System in a lot of trouble and trouble will appear before the outbreak of the signs, routine inspection task is to find these security risks and issues as possible, facilitate problem solving. In General, hardware firewall for routine checks for the following:
　　
Hardware firewall's disk usage
　　
If you remain on the hardware firewall logging, then check the hardware firewall's disk usage is very important. If you do not retain logging, then check the hardware firewall's disk usage becomes even more important. Keep logging, exception disk consumption growth is likely to indicate that the log purge process problems, this relatively better deal. Without retention log, if disk consumption exception growth, hardware firewall may have been installed Rootkit tools that have been compromised.
　　
Therefore, network security management personnel first need to understand that under normal circumstances, the disk usage of the firewall, and on this basis, the setting of a check. Hardware firewall disk consumption exceeding the baseline, it means that the system is experiencing a security or other issues that require further examination.
　　
Hardware firewall's profile
　　
No matter how you install a hardware firewall is when considering how comprehensive and rigorous, once the hardware firewall into the actual use of the environment, the situation is changing all the time. Hardware firewall rules will continually change and adjustment, and configuration parameters will always be changed. As a network security personnel, it is best to write a set of rules to modify the firewall configuration and security policies, and strictly implemented. The hardware firewall configuration, it would be more to what traffic is allowed for similar, what services you want to use to proxy the details.
　　
In the security policy that you want to write out the modify hardware firewall configuration steps, such as which authorization needs to be modified, who can make such a modification, when can be modified, how to record these modifications, etc. The security policy should also be stated in the Division of responsibilities, such as a specific modification, another person is responsible for the record, the first three people to check and test the modified settings are correct. Detailed security policy should guarantee the hardware firewall configuration by modifying the work program, and try to avoid modifying the configuration of the errors and security holes.
　　
Hardware firewall CPU load
　　
And disk usage, CPU load and determine hardware firewall system is functioning properly and an important indicator. As a Security Manager, you must understand the hardware firewall system CPU load of the normal value is too low, and the load value does not necessarily mean that everything is normal, but excessive load value then the firewall system certainly has a problem. Too high CPU load is most likely a hardware firewall is a DOS attack or external network connectivity issues.
　　
System files
　　
Critical system file changes are one of three conditions: managers have the purpose, planned modifications, such as the planned systems upgrade caused by modifications; managers occasionally on the modifications of system files; an attacker to modify the file.
　　
Regularly check the system files, and check the system files to modify records, you can discover the firewall. In addition, it should be emphasized that the best hardware firewall configuration policy changes, include system file modified records.
　　
Hardware firewall system Elves program
　　
Each firewall during normal operation, there is a group of Elves program (Daemon), such as a name service program, system logs, network distribution program or certification program. In routine checks must check these programs are running, if you find some Elves program is not running, you may need to further examine what causes these Elves program does not run, what other elves program still running.
　　
Exception log
　　
Hardware firewall logging all allow or deny the communication of information, are the main hardware firewall health information sources. Due to the huge amount of data to the log, check the exception log normally should be an automatic process. Of course, what kind of event is exceptional events, the administrator determines that only the administrator defines the exception event and recording, hardware firewall will retain the corresponding log for future reference.
　　
These six areas of routine checks may not be able to immediately check the hardware firewall may encounter problems and hazards of all, but consistently check on a hardware firewall is stable and reliable operation is very important. If necessary, the administrator can use packet scanner to verify that your hardware firewall configured correctly or not, you can even go one step further and use a vulnerability scanner to simulating attacks, to assess the capacity of the hardware firewall.