In HBO’s hit series Game of Thrones, the Seven Kingdoms had the Wall to keep out White Walkers, and for many generations, it did exactly that. But even the strongest fortifications can fall flat if improperly managed; like the Wall along the border of the Seven Kingdoms, the true strength comes from those defending it.
Similarly, your firewall is the first line of defense against cyber attacks. With a stable set of rules or policies in place, you can keep your company safe from hackers. But keeping track of firewall security policies is a great challenge in itself. Even small organizations can have hundreds of rules to manage, while larger ones may have thousands. Many of these rules date back more than five to ten years, and often there is a lack of continuity in defining new rules as most rules are inherited from their predecessors. This mismanagement of rules severely affects firewall performance, leaving your network vulnerable to security breaches.
Cyber attacks are imminent. Are your firewall rules optimized to defend against them?
The targeted attack sector continues to expand, including a 600 percent increase in IoT attacks during 2017. This same year, cryptojacking exploded by 8,500 percent. Meanwhile, ransomware has shifted its focus from attempting to elicit a few higher ransoms from larger companies to instead collecting many smaller ransom amounts from a huge number of small companies. Gartner predicts that 99 percent of exploited vulnerabilities will continue to be ones known by security and IT professionals for at least one year. Gartner concludes that the best and cheapest way to mitigate cyber attacks caused by known vulnerabilities is by removing them altogether through regular patching.
Given these troubling network security trends, your firewall rules and policies need to be spot on. Policies should also be periodically updated if you want to stay ahead of today’s cyber criminals. To help you detect and fix the vulnerabilities in your firewall policies, here are a few firewall rule best practices you should apply in your IT department.
Remove unused rules: As years go by and new policies are defined by different security admins, the number of rules tend to pile up. Cleaning up unused rules on a regular basis helps avoid clogging up your firewall’s processor.
Remove rule anomalies: As new rules are defined without analyzing the old ones, there is a good chance rules will become redundant or contradict each other. These anomalies can negatively affect your firewall’s performance, so it’s important to periodically analyze and remove these anomalies.
Optimize policies: Placing the most used rules on top and moving the lesser-used rules to the bottom helps improve the processing capacity of your firewall. This is an activity that should be performed periodically, as different types of rules are used at different times.
Restrict lax rules: Permissive rules give users more freedom, which can translate into giving users access to more resources than required to perform business-related functions. This leads to two types of problems:
-
Under or overutilized network bandwidth.
-
More exposure to potentially malicious sites.
 Avoid these issues by restricting over permissive rules.
Set rule alerts: Setting alerts when certain rules are triggered is a good way to identify the reason and cause of a security attack. This not only helps you identify suspicious IPs, but also helps identify the internal user trying to access the IP.
These best practices help improve the performance of your firewall, but you know what makes optimizing your firewall policies even easier? Introducing Firewall Analyzer, our tool that can crunch the numbers and churn out suggestions for efficient performance of your firewall.
Firewall Analyzer uses secure protocols such a Telnet, SSH, and SCP to retrieve rule information from your security devices and provide an array of reports and insights on your firewall policies.
With the Firewall Analyzer Rule Management module you can now get a complete drill down on:
1. Firewall rules
Get a detailed report on all denied, allowed, inbound, outbound, and inactive rules.
2. Rule anomalies
Detect and record redundancy, generalization, correlation, shadow, and grouping anomalies in your firewall.
3. Unused rules
Get a complete list of all unused rules.
4. Policy optimization
Gain insight on how to improve performance by changing the rule order.
Attacks are coming. Make sure you’re ready for them. Try out a free, 30-day trial of Firewall Analyzer now, and get on top of your firewall’s performance.