Author Angeline Williams
This is a quick read for anyone interested in a brief overview of firewall rules and the importance of managing them.
What is a firewall?
A firewall is a security device that monitors network traffic. The firewall allows or blocks traffic based on a set of security rules (also known as firewall rules or policies). It is a virtual wall that filters traffic and blocks attackers from gaining access to private data. Without a firewall, it would be very difficult to detect threats coming into the network.
Some risks of an attacker gaining control over the network are:
Deletion of data.
Theft of personal information or personal health information.
Financial fraud or theft.
The network could be completely shut down.
What are firewall rules?
A firewall is configured with a set of rules (also known as policies). These allow specific traffic into your network. A firewall filters and analyzes traffic based on this set of rules.
When a computer communicates with the internet, network packets enter the computer through ports. These network packets contain information such as protocol, source address and destination address.
Firewall rules are set up based on details contained in network packets so only trusted IP addresses (or sources) are allowed into your network. The firewall rejects all other network packets thereby protecting your network.
Types of Firewalls
A software firewall is a program installed on your device. An example would be the built-in firewall on a Windows Operating System.
A hardware firewall is a separate physical device placed between your internal network and the internet.
Here are a few types of firewalls:
Packet filtering firewall analyzes the source IP address, destination IP address, ports and protocol of a network data packet and checks it against a predefined set of rules. Then determines whether to allow or block the packet.
Stateful inspection firewalls examine network packets but also check to see if the packet is part of an established and legitimate connection.
Application-level gateways or proxy firewalls perform deep packet analysis. They check the content of data packets against predefined firewall rules to determine whether to allow or reject a packet. They also protect your device's identity by preventing a direct connection between the internet and your device.
Firewall Rule Maintenance is Critical
An organization’s firewall policy typically blocks all inbound and outbound traffic that is not needed by the organization. Any unused firewall rules can cause performance degradation of a firewall. Additionally, allowing unnecessary protocols or networks to access your organization could be a potential security risk. Failing to remove unnecessary firewall rules could result in unauthorized access to sensitive data and systems.
Cleaning up firewall rules can be a complex process. A single firewall misconfiguration could expose an organization to cyber-attacks. Auditing firewall rules is a change management process that often involves multiple IT security teams.
Although there are vendor tools to help with a firewall audit, following best practices can help an organization stay in compliance.
Here are a few best practices to consider when it comes to firewall rule clean up:
Gather all firewall rules and store them in a central repository.
Examine firewall logs against the firewall rule base to determine which rules are being used.
Disable and delete expired and unused rules.
Review firewall rule change management procedures to ensure that:
Changes are being documented per policy requirements including the name of the person implementing the change, change ID number, etc.
Changes have formal approvals and changes are being implemented by authorized personnel.
A monitoring system is in place with alerting enabled for any changes to a firewall rule.
Best practices for firewall rule maintenance are essential for removing configuration gaps and streamlining rule changes. It is also critical to network security and helps in maintaining secured systems.
About the Author: Angeline Williams is committed to supporting women in technology and believes that together we can progress and succeed through mentoring, leading and encouragement.