The pandemic and the consequent move to remote working, working from home, and the move to e-commerce have highlighted IT Security’s role in the IT workplace. Networks must be efficient, responsive, and above all, secure. They must be resistant to DDoS and other external attacks, prevent malware attacks as far as possible and provide a reliable and secure medium for email and data storage and transmission.
An essential part of any corporate network architecture is the firewall, where internal meets external, the point at which the traffic that is allowed into and out of the network can come in and out. IT Security based on traffic filtering has been the primary firewall function that has evolved to sophisticated security, traffic capping, and shaping engines.
At first, firewalls were either hardware appliances or dedicated software firewalls built into operating systems. The hardware appliances ran on dedicated hardware and integrated into the network to connect with external links such as an Internet connection. Software firewalls were part of the Windows or Open-System operating system, providing simple traffic filtering and port and protocol management.
Today’s next-generation firewalls are considerably more sophisticated, integrating traffic management and shaping with IT Security. They are available in different form-factors, allowing deployment as dedicated physical appliances supporting a software firewall, server-supported software applications, or virtual appliances in a virtual shared server and cloud implementations.
Another aspect of current firewalls is the evolution from first-generation firewalls to today’s firewalls that seamlessly integrate with other applications and environments, particularly security systems such as Identity Access Management and Security Event and Information Management solutions.
As the firewalls have become more sophisticated, the need for comprehensive firewall management has grown. The massive amounts of data generated and analyzed in a security event environment need automated handling.
Here are five hints for firewall management to keep them operating efficiently;
A picture tells more than a thousand words is particularly true of firewall and traffic management. The sheer volumes of traffic, data, voice, multimedia moving through a firewall cannot be assessed or managed manually.
A graphical interface can present data in an intuitive form for immediate analysis, and in the case of DDoS attacks can provide a much earlier indication of an attack than manual or CLI-based traffic analysis.
An effective firewall has a properly tuned and configured graphical user interface.
All installations have security policies in place, even if they are the default rule sets that came with the operating system. Some bodies of rules run into the thousands. Firewalls are designed to apply multiple policy sets to an organisation’s network, but without management and regular review, rules can become duplicated, irrelevant and outdated, and may even be counterproductive.
A regular review of all policies and rules must be a standard part of firewall management. Twice a year is the recommended review period. Some rules are no longer necessary following changes in business operations. After the review, modify and delete incorrect and outdated rules, and create new ones.
Industry experts reckon that rule management is the biggest cause of inefficient or incorrect firewall operation. Some have put it as high as that over 70% of rules are uncontrollable or too complex, with around 40% duplicate or redundant.
As an example, a business department asks for HTTP or HTTPS access to an external website to enable interaction with it. After some time, the department no longer needs the access but leaves the rule allowing traffic with the site to continue.
A further tip in rule management is to have a formal change management procedure allied to the regular review.
Threat Management is probably the area most people associate with firewalls, that of minimizing cybersecurity risks. Firewalls can reduce the risk of malware or network attack by automatically identifying potential threats and automatically implementing mitigation actions.
As with other hardware and software, firewalls need regular maintenance, including software updates. Malware components will need signature file updates, and alert profiles will need attention to include the newest threats.
Allied to device management and rule management is the probability that ports are open on devices that should otherwise be closed. It might be because of erroneous or outdated rules that are still in operation. In an environment where ports use VPNs, for example, to support VoIP telephony, it is again highly probable that some ports have VPN access enabled when they should not.
As with the rule review, network support should regularly check device port assignments to ensure that only those ports that need to be open for particular traffic classes are open.
The firewall sits at the centre of an organisation’s security infrastructure but is often integrated with other components. When an individual component is updated, the integration needs to be check to ensure it has not been compromised.