You have probably heard of firewall security, in fact, you may already have a firewall management program in place. But are you confident that your firewall is effectively protecting you against the wrong kind of traffic?
What is a firewall?
A robust firewall is the first line of defense in protecting your network. Firewalls act as a security system. They monitor incoming and outgoing traffic within your network and filter dangerous traffic to stop it from entering your system.
Firewalls protect your network by determining whether to allow or block traffic to devices based on a specific set of security rules set within the access policy. The rules may be simple, such as, ‘block by default’ to allow only known services. However, more commonly, they are layered and complex and use different parameters to determine access.
When implemented properly, firewalls provide protection against a number of threats including denial of service (DOS) attacks. A DOS attack is a security threat that occurs when an attacker attempts to deny users access to computers, network files or other devices.
Types of Firewall
There are two main types of firewall: network firewalls and host-based firewalls. Network firewalls protect the perimeter of a network by monitoring traffic that enters and leaves. Host-based firewalls are positioned at communication endpoints as part of your security program to protect individual computers, regardless of which network they are connected to.
Which type do I need?
You might need one or the other, but most businesses need both to securely operate within the network and remotely.
If you or your staff access the network remotely, you will need both in place.
Our Best Practice Guidelines for a Secure Firewall
Most modern firewalls come with a range of sophisticated settings beyond the standard access rules. However, this level of versatility comes with its own risk. One mistakenly applied firewall access rule could leave your network open to attack vectors, which can prove damaging.
In fact, according to Gartner, 99% of all firewall breaches are caused by configuration mistakes, rather than technology errors.
With all of the advanced firewall features available today, how can you be sure that your infrastructure is protected securely and effectively?
Follow our best practice guidelines to improve your firewall security:
- Review and organize rules regularly
Your firewall should be organized and ‘cleaned up’ regularly for network performance and security reasons. Firewalls protect your network by monitoring incoming and outgoing traffic. As a result, having a series of complex rules can affect network performance during peak traffic.
You should pay close attention to the rules you have in place and the order of your rules as you may find that one or more rule is serving the same purpose. Reviewing and organizing rules can ensure that your firewall consistently works at its optimal performance and can massively speed up traffic.
How many rules have been set up for workstations or devices that do not exist within your company anymore? Unused rules should be cleaned up to reduce the overall processing time. Keeping a firewall log that is regularly reviewed can help you to identify which rules are being used and which are not.
Always document rules
As a firewall operates on a set of defined rules, these rules should be well documented and monitored to record and verify any changes made to them.
There should be a process to follow each time a firewall rule is updated or changed, for example, a commenting system. This will help to prevent confusion amongst administrators and ensure that rules don’t overlap and are not duplicated.
At a minimum, we suggest that you keep track of the following information:
- The purpose of the firewall
- The service it applies to
- The users that it applies to
- The date that it was added or changed
- The name of the person who added the rule
Alert all users of changes
Even the most minor change can have an impact on a user’s connectivity and access to the web. Therefore, it’s best practice to alert all users before any changes take place.
Make sure that business leaders, as well as end users, are aware of any changes to your firewall. For example, in-house application developers may request changes to firewall rules but that could contradict the firewall policy. Defining changes early on can help to reduce confusion and conflicting rules.
Getting input from others in the business can also help to make sure that your firewall configurations are meeting all user’s needs. By working together, IT and the business side can make sure that the dual goals of security and fast performance are being met.
Keep firewall policies up-to-date
Your policy is the overarching strategy and guidance statement for your firewall rules. Ensuring that the policy is up-to-date will help everyone in the business to understand why certain rules have been put into place.
As your business changes, updates to the firewall policy will be necessary. This is especially important if there has been a major change in the business, for example, a merger or takeover where a change of management has a different set of requirements.
Upgrade firewall software and firmware
Your firewalls’ operating systems should be reviewed, updated, and patched regularly to ensure that your network is protected against vulnerabilities.
Running updates goes without saying. But as you update and organize rules, it’s a good time to check that your firewall has the latest patches too. The most advanced firewall in the world won’t stop an attack if a known vulnerability hasn’t been patched.
All businesses have a unique set-up and their own rules for firewall security. However, following these best practices and conducting regular maintenance can make the security process less stressful and better protect your network for the future.
Ready to find out more? Download the free eBook "The 12 Critical Protections Every Business Must Have in Place to Protect Themselves from Cyber Attacks and Data Breaches"