The first concept to understand is firewall chains and how they are used in firewall rules. Allowing what you need and dropping everything else keeps firewall rules simple, and the overall rule count to a minimum. Sometimes this is referred to as the "Deny All" rule, and those coming from a Cisco background often call it the "Deny Any-Any" rule. Allowed traffic will have a rule that allows the traffic to be passed, then a final rule acts as a "catch-all" and drops all other traffic. The best approach is to whiteboard out your current network design, and draw the network connections that should be allowed. Traffic that is allowed from one network to another should have a business or organizational requirement, and be documented. Combined with network separation using VLANs, this creates a robust, secure network that can limit the scope of a breach if one occurs. By putting firewalls in place a network can be divided into untrusted, semi-trusted, and trusted network enclaves. The general idea of firewalling is that traffic you need should be allowed, and all other traffic should be dropped. We'll discuss firewall design, chains, actions, rules, and overall best practices. Understanding the RouterOS firewall is critical to securing your devices and ensuring that remote attackers can't successfully scan or access your network. It is a different firewall implementation than some vendors like Cisco, but if you have a working knowledge of iptables, or just firewalls in general, you already know enough to dive in. The Mikrotik firewall, based on the Linux iptables firewall, is what allows traffic to be filtered in, out, and across RouterOS devices. The MikroTik Security Guide and Networking with MikroTik: MTCNA Study Guide by Tyler Hart are available in paperback and Kindle! Preface
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |