Working with Firewall Builder

By: Craig S. Wright

Service provider takeaway: Regulatory and standards compliance can provide several challenges from both a business and a technical perspective. This section of the chapter excerpt from the book The IT Regulatory and Standards Compliance Handbook:: How to Survive Information Systems Audit and Assessments will focus on working with firewall configuration software Firewall Builder.

Download the .pdf of the chapter here.

Firewall Builder (www.fwbuilder.org) is a general public license (GPL) software package designed to aid administrators in configuring firewalls. The current version, Firewall Builder v 2.1.18, supports the following firewall platforms:

• FireWall Services Module (FWSM)
• ip filter
• ipfw
• iptables
• PF
• Cisco Private Internet Exchange (PIX)
• and a number of other platforms such as
• FreeBSD
• Cisco FWSM
• Linksys/Sveasoft
• GNU/Linux (kernel 2.4 and 2.6)
• Mac OS X
• OpenBSD
• Solaris

Following the setup of standard policy, the next decision to be made by the administrator is to define the interfaces of the firewall and, consequently, the configurations for each of the interfaces.
Examples of interfaces that a firewall could usually have are the external interface (untrusted) and the internal interface (trusted). Testing the firewall would therefore involve the testing of the configurations of each of the firewall's interfaces to validate their compliance with the firewall policy of the organization.
Building or only testing

Firewall Builder has a number of configuration guides available on its Web site as shown in
Figure 11.2:
www.fwbuilder.org/guides/fi rewall_builder_howtos.html
www.fwbuilder.org/guides/fi rewall_builder_cookbook.html

Most vendors also have their own guidelines and install guides as well. On top of this, there are a large number of good configuration books for both generalized firewall knowledge and excellent system-specific ones (such as Check Point NGX R65 Security Administration released by Elsevier).

The main advantage (other than low cost, even commercially) of a tool such as Firewall Builder is that it is able to manage several systems (see Figure 11.3).

Firewall Builder also uses an interface that is both simple and very familiar to anyone who has worked with the commercial products. Figure 11.4 is an example of the Firewall Builder user interface.

This interface allows the auditor to quickly validate configuration against the policy. Also, this tool provides the capability to save rulesets. This feature enhances change management. By being able to go back and view previous rulesets, the auditor can see the patterns of change as they occur over time and also seek reasons for rules that have been added.

The policy installer (see Figure 11.5) adds the capability to quickly view the date when the policy was last compiled and last installed (and if these are the same).

Conflicting rules

From time to time it is necessary to merge rulebases. For this reason the Firewall Builder tool has a validation function (see Figure 11.6).

About the book

The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessments provides detailed methodology of several techincally based and professional IT audit skills that lead to compliance. Purchase the book from Syngress Publishing.

Printed with permission from Syngress, a division of Elsevier. Copyright 2008. "The IT Regulatory and Standards Compliance Handbook: How to Survive Information Systems Audit and Assessments" by Craig S. Wright. For more information about this title and other similar books, please visit www.elsevierdirect.com.