Firewalls that protect enterprise networks play a crucial role on the front line of defense. The people who administer these firewalls have a lot of responsibility in seeing that only the right kind of traffic gets through when it should, and all the bad stuff gets blocked. The stakes are high and there's little room for error.
In most midsize or large enterprises there is a security manager, risk manager or compliance manager role. This person is usually not a hands-on operational worker. Rather, he or she is in charge of setting the organization's overall policies and is responsible, more or less, for making sure that these policies are followed throughout the organization. The firewall administrator would then push these policies and rules onto the firewall. Communication and policy making is extremely important part of these policies. In small companies these same policies and decisions usually fall on the single person usually manages the network.
Clean up unused rules.
It's not uncommon for a firewall to have hundreds or even thousands of rules, many of which are outdated and no longer serve the purpose for a business requirement. Unused rules sometimes harbor the potential for malicious attacks. For example, suppose a port is opened to allow HTTP or even HTTPS traffic to flow between the enterprise and a cloud application. Then the business unit that used that cloud application abandons it but fails to notify the firewall administrator to close the port. A malicious attacker could discover that opening and use it to transmit data out of the organization.
There are firewall management tools that can easily monitor the network traffic on an ongoing basis and determine if there are open connections that haven't been used for a specified period of time. The firewall administrator can be alerted to these apparently unused connections to research their purpose and close the ones that no longer serve a business purpose.
Eliminate conflicting rules.
Many firewalls already have such a complex rule base that oftentimes an administrator doesn't know if he or she is implementing a new rule that conflicts with an existing one. This situation could cause the new rule to be completely dysfunctional because the device – acting on the principle of "first match" – executes the first rule it encounters that meets the criteria of the traffic. Cleaning up conflicting rules is not something to tackle manually, however there are tools that can facilitate this task.
Follow a consistent workflow for requesting and implementing firewall changes.
Firewall rules often are not properly documented. Without good documentation, it can be hard to tell who requested a rule or who owns it from a business perspective. This makes it more difficult to comply with regulations such as PCI DSS because it is more difficult to prove that the rule is needed. If there is traffic over that connection, it can be a challenge to know who owns it and for what purpose.
The remediation requires more than a simple tool. It requires the enterprise to define a business process whereby every time a firewall rule is needed there is a workflow that has to be followed. This workflow would include a business owner submitting the access request, someone reviewing and approving the request, and eventually a firewall administrator pushing out the change—all while the underlying system documents the change and correlates it to the business need. For future cleanup optimization, there is that business context and the firewall administrator will know who to call to see if the request made a few years ago is still needed today.
Let our highly skilled team at FITS provide the IT support services for your Firewall Implementation project. Give us a call so that we can schedule a meeting to help you with your issue.