F-SECURE ANTI-VIRUS FOR MICROSOFT EXCHANGE 8.00 - Administrator's Manual - page 195
CHAPTER 6
195
6.1.2
Security Level Design Principles
Each security level has a set of pre-configured Firewall Rules. In addition,
you can create new rules for all security levels for which the Filtering
Mode Normal is displayed in the Firewall Security Levels table. The rules
in the Firewall Security Levels table are read from top to bottom.
When you create new security levels, you should consider the following
main principle for defining the firewall rules associated with them:
Allow only the needed services, and deny all the rest. This
minimizes the security risk. The drawback is that when new
services are needed, the firewall must be reconfigured, This,
however, is a small price to pay for increased security.
The opposite concept - to deny dangerous services and allow the rest - is
not acceptable, because no one can tell with certainty which services are
dangerous or might become dangerous in the future when a new security
problem is discovered.
A good security level would look something like this:
1. Deny rules for the most dangerous services or hosts, optionally with
alerting.
2. Allow rules for much-used common services and hosts.
3. Deny rules for specific services you want alerts about (e.g. trojan
probes) with alerting.
4. More general allow rules.
5. Deny everything else.
Disabled
In this security level all network traffic, inbound
and outbound, is allowed and no alerts are
generated. Local rules cannot be created.