Security

This section covers the user level security of the configuration data in the FireBrick, and is not a discussion of the general fire wall security aspects.

Users

There are a number of users definable in the FireBrick. Each has a name and password. The password is encrypted internally, and so can never be viewed. The user interface shows a single * if the password is set - as such a password of a single * cannot be used (its a bit short to be sensible anyway).

Each user has a number of security controls :-

  1. Interface - this restricts the interface on which the user can log in.
  2. Profile - this restricts when the user can log in
  3. Timeout - this causes an automatic logout after a number of minutes
  4. View rights - controls what parts of the config can be viewed
  5. Edit rights - controls what parts of the config can be changed

How it works

The login operates using a directory and IP check. When you log in you are moved to a directory which is simply a number. This is a session ID, but as a directory will work with any browser without the need for cookies. The session is tagged against the logged in user along with the source IP address. If logging in from a different session or IP then the first is discarded (i.e. you can be logged in from one place at a time only). Most of this is hidden by a frame set.

Nobody user

The nobody user is a special user - it is the user that applies before you have logged in. As such it has no password. The access controls do apply to the nobody user, and if you cannot access the nobody user then the web page simply shows a 403 error "Goodbye".

As such, basic access to the nobody user is required in order to log in. This means if any user is to have WAN login access, so must the nobody user.

By default the nobody user has view and edit level 1, which allows general control of the firebrick, and particularly it allows the password to be set on the admin user which has level 1-8 view and edit rights. As such it is strongly recommended that the admin user is set up with a password, and the view/edit rights of the nobody user removed. In this state, the initial access will simply allow login, and no other actions.

Logging

Login attempts are logged, subject to log options. The password used on a failed attempt is not logged.

Security levels

Security levels are 1 to 8, and most settings (filters, routes, etc) have a security setting. Users have rights to view and edit levels 1 to 8. The levels themselves have no importance - i.e. 1 is not better than 8. To see something the user must have the view right for that level. To change something the user must have the edit right for that level.

There are also general controls which hide the top level menus. E.g. filters can be set to a security level generally, and this stops access to filters for users without that right. Note however that the individual filters may allow access. This means that to be sure of stopping access to filters you must not only set the general level for filters to hide the menu, but also ensure that the individual filters have an appropriate security level as well.

Pay particular attention to the rights to upload new software and configurations (see below).

Config save/load

A security level is specified for upload/download which controls loading and saving of the configuration as well as uplaoding new software. The configuration can be saved if the user has view access to the upload/download security level. The configuration and any new software can be uploaded if the user has edit permissions to the upload/download security level.

Note that saved configs do not contain passwords as they are encrypted, but the config file itself, whilst scrambled, could be decoded to show all other configuration parameters, including those that the user could not normally see. As such access to upload/download should be restricted.