Magnify logoSubscribe To Magnify

IT Security Checkpoint: Review Your Firewall Rules and Configurations

Article contributor: Tom Quist / SHAZAMSecure Client Executive

Your institution’s firewall is the first line of defense against cybersecurity threats. What does or doesn’t pass through it is based on a defined set of security rules. Ensuring those rules and configurations are updated and reviewed on a regular basis is an important step to maintaining a stronger IT security environment.

Risks of Improper Configurations

Firewall misconfigurations can have a wide-ranging impact on your institution’s overall security posture. Common misconfigurations include:

  • Using the default settings that come with the firewall.
  • Implementing overly permissive rules.
  • Disabling critical security features.
  • Neglecting to protect open ports against unauthorized access.

Misconfigurations like these leave businesses vulnerable to distributed denial-of-service attacks, remote control, and data breaches which, in turn, could also have a damaging effect on your reputational risk.

Best Practices

Below are some helpful tips to help reduce your firewall risk:

  1. Review your policies regularly. Federal Financial Institutions Examination Council guidance calls for a quarterly review of firewall policy, which includes rules and policy audit or review, while other industry-standard organizations, such as the National Institute of Standards and Technology and the Payment Card Industry Data Security Standard, suggest similar guidance.
     
  2. Configure your firewall correctly. Confirm your firewall devices are compatible, updated and secured with the latest firmware, patches and passwords.
     
  3. Test your performance. Test your firewall regularly using tools, methods and metrics that measure and evaluate your firewall health and efficiency.
     
  4. Customize your settings. Default settings may allow too much or too little traffic, expose unnecessary ports or services, or lack proper logging or auditing capabilities. In addition, most of the major network appliance vendors post the default admin credentials online which makes it easy for anyone to find them, so be sure to customize your firewall settings by disabling the default administrator account(s) and changing the password.
     
  5. Follow the principle of least privilege. Grant only the minimum level of access required for each user, device or application.
     
  6. Use a separate password. Avoid using the same password for your firewall admin account as you do your domain-privileged account.

Need Help?

Our SHAZAMSecure® Firewall Rules and Configuration service can assist you the next time your institution needs a security review. We’ll look at your firewall configurations and rulesets and focus on discovering potential security vulnerabilities and misconfigurations that can put your network at risk.

To learn more, please contact Tom Quist.