Skip Links

Top 5 best practices for firewall administrators

IT Best Practices Alert By Linda Musthaler, Network World
September 11, 2009 09:42 AM ET
Linda Musthaler
Sign up for this newsletter now!

The CIO-level business angle on the latest tech

At the recent Defcon 17 conference in Las Vegas, Tufin Technologies conducted a survey among 79 hackers, asking about their hacking habits. According to the survey results, the hacking business is just coming off its summer break and gearing up for the busy Christmas holiday season, so you'd better get ready.

Among the findings of the survey:

* Eighty one percent of the respondents are more active during the winter holidays than other times of the year.

* More than half of the respondents say Christmastime is the best time to engage in corporate hacking, and 25% specifically identify New Year's Eve as a great night for hacking.

"Christmas and New Year holidays are popular with hackers targeting western countries," according to Michael Hamelin, chief security architect for Tufin. "Hackers know this is when people relax and let their hair down, and many organizations run on a skeleton staff over the holiday period."

10 breakthroughs in IT security

Although hackers don't mind working holidays, they seem to prefer having weekends off. The survey revealed that 52% of the respondents tend to work on weekday evenings, but just 15% do their dirty work on weekends.

You can't say that hackers lack confidence in their abilities. Ninety-six percent of the respondents say it doesn't matter how many millions of dollars a company spends on its IT security systems; it's all a waste of time and money if the IT security administrators fail to configure and watch over their firewalls. Eighty-six percent of respondents felt they could successfully hack into a network via the firewall; a quarter believed they could do so within minutes, and 14% within a few hours. Sixteen percent wouldn't hack into a firewall even if they could.

Are your firewalls vulnerable? Hamelin offers his best practices tips for reducing the risk of a hacking incident hitting your organization.

Document all firewall rule changes.

While this tip sounds like a no-brainier, firewalls do not have a change management process built into them, so documenting changes has never become a best (or even a standard) practice for many organizations. If a firewall administrator makes a change because of an emergency or some other form of business disruption, chances are he is under the gun to make it happen as quickly as possible, and process goes out the window. But what if this change cancels out a prior policy change, resulting in downtime? This is a fairly common occurrence.

Firewall management products provide a central dashboard that provides full visibility into all firewall rule bases, so all members of the team have a common view and can see who made what change, when they made it and from where. This makes troubleshooting and overall policy management much easier and more efficient.

Install all access rules with minimal access rights.

Another common security issue is overly permissive rules. A firewall rule is made up of three fields: source (IP address), destination (network/subnet) and service (application or other destination). In order to ensure there are enough open ports for everyone to access the systems they need, common practice has been to assign a wide range of objects in one or more of those fields. When you allow a wide range of IP addresses to access a large group's networks for the sake of business continuity, these rules become overly permissive, and as a result, insecure. A rule where the service field is 'ANY' opens up 65,535 TCP ports. Did the firewall administrator really mean to open up 65,535 attack vectors for hackers?

Linda Musthaler is a principal analyst with Essential Solutions Corporation.

Our Commenting Policies
Latest News
rssRss Feed
View more Latest News