Ramping up basic firewall security

Frequently we’re so focused on day-to-day tasks that we may be blind to what is happening around us.  By not putting forth efforts to investigate and improve security solutions, you may become complacent and think what you had 6 months ago is what you need today.  Unfortunately, everything needs to be constantly reevaluated to make sure configurations are accurate and help reduce vulnerabilities.

That concept could be applied to nearly all the components we manage on a network.  For this discussion, we’ll focus on firewalls.  The same principals could be applied to switches, routers, access-points, etc.

Firewalls

Firewalls are still the main entrance and inspection point of the Internet into the corporate network.  Many firewalls are setup and left alone until a new host is added to the environment and some adjustment is made.

But what about the host that you removed?  Did you remember to close up the exposure you had?  We’ve seen firewalls where a public facing web server was removed and a few months later a new internal web server happened to be assigned the same internal IP address.  Since the rules were still in place on the firewall, that web server was now accessible over the Internet.

Many clients may regularly patch their Windows machines with security updates, but they fail to review similar updates on the firewall.  Firewalls have security updates as well as feature updates.  Those updates should be reviewed regularly to see if any security updates are applicable to your environment.

Another item that we’ve seen is not realizing that a high-availability solution had a failure.  If proper monitoring and alerting isn’t setup (or even periodic manual inspection performed), you may be unaware that a failure has occurred.  In one instance, a client remarked that their highly-available firewalls didn’t provide the high availability that they thought they should receive.  Upon review, we found that the first firewall unit failed 3 months prior and their high-availability solution is actually what had kept them up and running during those 3 months.  They only realized the issue once the second unit happened to have a failure.

So, what can you do?  Since everyone has so many tasks to contend with, automation and maintenance services help offload the responsibility.  Automation of monitoring alerts can notify when certain problems occur.  Additionally, firewalls need to be reviewed periodically to ensure they are running secure versions of code and no unnecessary exposures exist.  If you need to have an extra set of eyes to review and keep moving you forward, email info@peters.com. We are happy to help.