The firewall implementation must be designed and configured to isolate security functions from non-security functions. An isolation boundary is implemented via partitions and domains. This boundary must provide separation between processes having different security levels. These processes are used by the hardware, software, and firmware of the firewall to perform various functions. The firewall application must maintain a separate execution domain (e.g., address space) for each executing process to minimize the risk of leakage or corruption of privileged information.
This control is normally a function of the firewall application design and is usually not a configurable setting; however, there may be settings in some firewall applications that must be configured to optimize function isolation. For most network devices, this function is a product of system design. Verification of this function requires access to the internal programmer's documentation of the firewall manufacturer. |