While every company needs to work on its own risks, there are still some general guidelines for configuring and general use of firewalls. So, the first step is to set up a formal process for testing the settings and configuring the firewall. This process must take into account the aforementioned changes in the IT landscape.
In general, the minimum access and connection permissions should be assigned to the firewall configuration. The smaller the circle of persons with access, the lower the potential security risks. In addition to firewalls, consider also firewalls for applications, cloud technologies and mobile devices. When checking, you should look not only to see if the appropriate firewalls are active, but also to see if they are correctly configured - this will also help to set up a formal process. If changes are made to the firewall configuration, they should be verified and not least documented. Checks should be performed regularly and, ideally, the protocols should be evaluated on a double-check basis. If you are using the firewall auditing tools, check if the tool can optimize the firewall configuration.
In addition, you should check if this tool actually supports all the firewalls your company works with. The configuration of such tools should ideally be tested in a test environment by answering the following questions: network firewall security
Will there be notifications about incorrect settings?
Is the tool suitable for the hardware and software firewalls you are using?
Is it possible to draw meaningful conclusions from the instrument's reports?
Are these reports securely protected from unauthorized access?
FIREWALL RULES: HOW TO CLEAN UP?
As you already understood, the list of filtering rules is one of the most important aspects of a firewall. Therefore, it is important to regularly clear this list of unnecessary and bring it in line with safety requirements at a given time. Of course, a lot depends on your personal circumstances, but there are some general rules that will suit everyone.
Many rules build up over time, and especially when multiple administrators are running the same firewall, you may experience performance issues, complicate maintenance, and increase security threats. Therefore, it is important to follow the PCI-DSS standards, which involve removing unnecessary rules and objects. These include the following:
Cleaning up unused, expired and conflicting rules
Unused connections: if the rules specify unused routers and you should remove
Naming rules: Write down the purpose of the rules and stick to them so that everyone understands them. Choose logical formats for names, for example, Computer Name _IP for nodes.
Duplicates: You should also remove duplicate objects and rules, such as services or nodes that appear repeatedly under different names.
Long rule sets: Try to break down long rule sets into easily readable pieces. For example, add a maximum of 20 rules to the set. Avoid superimposing rules on top of each other in order to simplify them.
Documentation: Rules, changes, names and objects should be documented and stored securely.
Compliance policy: After defining the policy, test it using the audit report.
Rule Priority: Frequently used rules should appear at the top of the list. Many firewalls process packets based on optimized algorithms, for which the order of rules is irrelevant. If your router is not one of them, you should sort the rules by priority so as not to lose visibility.
Separate Firewall and VPN: Separate firewalls and VPNs so that VPN does not interfere with the performance of your firewall.
Software Updates: Software updates often have security, performance, and functionality benefits. To prevent attackers from exploiting old security holes, pay attention to the timely updating of the firewall.
Interface: The interface of the firewall must be matched with the interfaces of the switch and router, i.e. if your router is operating in half duplex mode, the firewall should also be set to half duplex. Ideally, the firewall and switch should have the same duplex and speed.
No comments:
Post a Comment