A-021 - Firewall / IDS
Purpose
Provide network filtering, segmentation enforcement and intrusion detection across the Scheol environment.
Asset Type
- Infrastructure
Description
- Virtual firewall controlling traffic between internal zones and external networks
- Enforces access control policies and network segmentation
- Integrates detection capabilities (IDS/IPS, CrowdSec/Suricata)
Criticality
- Critical
Sensitivity
- Sensitive
Exposure Level
- Restricted
Trust Zone
- Hell
Dependencies
- Hypervisor (A-020)
- Internal Network Segmentation (A-028)
Relationships
- Controls traffic to/from VPS (Heaven)
- Enforces access to internal services
- Protects administrative paths
Security Position (Architecture Context)
- Primary enforcement point of network security policies
- Acts as boundary control between trust zones
- Key component in limiting lateral movement and exposure
Existing Protective Measures
- Network filtering rules (nftables)
- IDS/IPS capabilities (Suricata / CrowdSec)
- Segmented network zones (VLANs)
Owner / Responsibility
- Operations Role (Ops)
Notes
- Central to risk scenarios involving misconfiguration or exposure
- Configuration consistency and rule review are critical