Create a Post
Showing results for 
Search instead for 
Did you mean: 

Layers of Defense

** Work in progress **

Configuring a firewall to defend attacks and protect your network/assets means taking several layers of defense into account. It's not just the rulebase that makes up a firewall security. In fact there are many more layers of protection and defense that together build up a strong level of firewall security.

These layers are often easy to deploy and set active, one just needs to know that they are available and ready to form your shield of protection.

So let's start to list them all up.

Layers of defense Field of security Description Protection Method of validation
Layer 1 Physical security secure space within a 19" rack in a secured spot only accessible to firewall admins    
Layer 2 Network security
  • access to firewall management is controlled and secured by firewalls managed by this management (firewall self-protection)
  • firewall management's default gateway is the firewall cluster operated by this firewall management
  • firewall management is defined as host and not as gateway
  • firewall management is not connections to any other networks and has only only interface to it's own firewall cluster
  • secure VPN configuration
Layer 3 Gaia OS security
  • allowed hosts
  • personalized user accounts
  • limited Clish shell as default Login shell
  • password security controls
  • strong cipher suites
  • separate scp account
  • login message
  • session timeout
  • backups / snapshots
  • ntp v4
  • snmp v3-only
  • etc.
  • cat /etc/hosts.allow
Layer 4 Firewall security
  • IP address spoofing protection
  • block blacklisted IPs (sk103154)
  • block GEO locations (sk126172)
  • firewall rulebase security
  • inspection of encrypted protocols (such als HTTPS)
  • use of available security blades for deep packet inspection etc.
  • IPS (with Snort)
  • Content Security
  • App. Control & URLF
  • Anti-Bot, AV, etc.
  • DLP
  • TE, TX
  • rulebase policy installation free of warnings and errors
  • logfiles free of warnings and errors
  • check for "spoof" entries in log
  • check for "DOS/Rate Limiting Policy" entries in log
  • enable session logging and check for "source country" or "destination country"
Layer 5 Admin security
  • organizes regular firewall security reviews
  • regularly reports to management
  • maintains an up-to-date firewall documentation
  • relics of configuration
  • inconsistencies
  • instabilities
Layer 6 End user security
  • regularly receives IT-security awareness trainings
  • is protected by a proper Endpoint security corp policy
social engineering  
0 Replies


Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events