Firewalls can provide immediate protection right out of the box. Still, this doesn’t mean it’ll provide sufficient protection for your business, meaning you want to configure it properly. Your firewall should also be coupled with a plan for security audits. In addition, you want to establish change management plans and implement security measures to boost your firewall’s security. I’ll cover all this as I discuss the best firewall practices in this article.
Before we dive into each of the 5 firewall best practices outlined below, let’s review why you need a firewall in the first place. This will help you appreciate the importance of these best practices.
Why Your Business Needs a Firewall
Firewalls filter unwanted traffic from passing through. Firewalls prevent external threats from reaching your network and also prevent internal threats from contacting their command-and-control (C2) server. A C2 is a server some malware communicates with once they’ve been successfully unpacked or installed on a victim host.
Some firewalls have spam filters to block spam emails. They may also have web filters that prevent users from visiting malicious sites. Some modern firewalls even have Data Loss Prevention (DLP) features. These features detect sensitive data and prevent it from leaking out of your company.
When you leverage a firewall’s capabilities, you can improve your security posture. You’ll also prevent malware infections, hacking attempts, data breaches, and (in some cases) even DDoS attacks.
Data privacy/protection laws and regulations also insist on firewall use, either explicitly or implicitly. Some examples include, the Payment Card Industry Data Security Standard (PCI DSS) and Health Insurance Portability and Accountability Act (HIPAA). Thus, you can increase your chances of complying with these regulatory mandates when you have a firewall.
Now, I’ll discuss why using your firewall out-of-box isn’t enough. Check the following section on why adopting the best firewall practices is necessary.
Firewall Best Practices Improve Your Firewall’s Efficiency
As a business leader, you would want to carry out tasks such as firewall deployment, configuration, etc. That said, you also want to implement these tasks in the most efficient, effective, and safest way possible. This is where best practices come in handy. Once you adopt the best firewall practices, you can achieve the best results.
For example, when you start configuring your firewall, you want to apply the relevant policies for your company. Yes, a firewall will probably have default settings. However, each firm will have different applications, network services, risk appetites, use cases, and so on. The connections your company blocks, another company may allow. Thus, you must tweak configurations to best suit your specific needs.
Best practices also ensure you get a good return on your investment. Some firewalls can cost $1,000 or over $100,000. It’s frustrating to spend a huge sum on a firewall and still have many threats slip through. When you employ informed firewall practices, you can maximize the effectiveness of your firewall and, in turn, make it justify the cost.
Let’s now proceed to the 5 firewall best practices you can adopt.
5 Firewall Best Practices to Fine-Tune Your Firewall
Factors affecting your firewall include deployment in the most strategic location and proper configuration. Let’s check these out and go over some other best practices.
1. Develop a Firewall Deployment Plan
Once you’ve purchased a firewall, the next step is not to deploy it immediately. Doing so can cause service disruptions, suboptimal security, and/or unnecessary costs. A successful and effective firewall deployment starts with a well-thought-out plan. Your plan would cover the processes to install the firewall system and phase it into operation.
As mentioned earlier, a firewall deployment plan will help you avoid disruptions during deployment, achieve optimal security, and reduce costs. Let me elaborate more on these.
You usually deploy firewalls inline (i.e. along the path of network traffic). Thus, you may find it interferes with connections and causes service disruptions upon deployment. In this case, you want to formulate an action plan to minimize downtime risk. For instance, you might want to perform pre-testing, schedule the deployment after office hours, and have a rollback plan on hand.
That said, you also have different firewall types. They differ in capabilities and cost, so it’s wise to leverage their strengths accordingly. You may want to assign high-end application-level gateways to protect your most critical hosts, applications, and data. For non-critical assets, though, it might deploy low-cost packet filters. Otherwise, you’d pay unnecessary costs to use an advanced firewall for non-critical assets.
Consider using more than one firewall and strategically deploying them to create firewall zones. For example, you can have external, internal zones, and DMZ. These would include public-facing, LAN-based, and DMZ-residing hosts. Determine which hosts/devices should belong to each zone and separate them with a firewall.
Add a WiFi or guest zone. This helps accommodate visitors (e.g., employee family members, third parties, customers, etc.) who may want or need internet access while onsite. Ensure this zone is logically or physically separate from your other zones.
Don’t expose internal services to remote users unless they’re using a company-managed VPN. As remote and hybrid work adoption increases, you can’t avoid situations where remote users need access to internally-deployed hosts. If you need to provide inbound access to those hosts, use a VPN. In this case, your firewall should readily support VPNs.
Once you’ve deployed your firewall(s), the next step would be to configure them. Let’s talk about that part now.
2. Implement Proper Firewall Configuration
Firewalls won’t give you the protection you need unless you configure them properly. A misconfiguration may, for example, fail to block unused or unofficial services. In turn, threat actors lurk around to exploit these failures. That’s why firewall best practices always include the principle of least privilege. This principle means restricting network access to the users or applications that need access to fulfill their duties.
One way to apply this principle is to deny all traffic by default. You’ll then only allow the necessary connections.
Let’s say you have a multi-protocol file transfer server behind your firewall. Yet, for security reasons, the only protocols you want to allow are SFTP and FTPS. In this case, you can deny all traffic and only allow SFTP and FTPS to pass through.
Firewall configuration best practices like these can significantly improve your network’s security.
Include as many details as you can when specifying firewall rules. For instance, specify destination or source IP addresses or port numbers whenever applicable. Continuing with our SFTP and FTPS example, it’s not enough to allow SFTP and FTPS. You need to also specify the IP addresses of your SFTP and FTPS servers. To take it a step further, you can define the port numbers, by default 22 for SFTP and 21 for FTPS.
After you configure your firewall, you need to make sure you apply these configurations and not leave them on paper in your security policy document. Conduct periodic firewall security audits to ensure implementation. I’ll discuss this next.
3. Conduct Periodic Firewall Security Audits
Companies have good reason to conduct compliance audits regularly. For example, companies typically perform PCI DSS audits once a year. That’s because, generally speaking, compliance is only relevant at a point in time. You have no guarantee that a device, such as a firewall, will remain compliant forever.
Some factors affecting compliance include employee actions. For all you know, admins might tweak firewall rules to accommodate specific applications. They may even temporarily disable the Deny-All rule to test a new application and then forget to re-enable it. These oversights can put your network at risk and may result in regulatory compliance violations. However, you can catch and rectify these problems if you conduct routine firewall audits.
Firewall audits typically involve the following:
- Gathering relevant information such as previous audit reports, firewall/network security policies, network diagrams, legitimate applications in your network, etc.
- Checking firewall access control policies and making sure employees follow them. Note that this refers to firewall not network access. Only authorized admins should have such access.
- Checking your firewall change management plan and ensuring employees also follow this plan.
- Reviewing your firewall monitoring process. It’s not enough to deploy a firewall. Ideally, someone must monitor the firewall logs to see if any issues (e.g., potential threats or faulty rules) need attention.
- Reviewing firewall rules and access control lists. Make sure they are still suitable for the current network setup.
Send your firewall logs to a security information and event management (SIEM) system, if you have one, for potential post-incident investigations or reporting.
Audits can also ensure firewalls you’ve acquired or migrated recently adhere to your firewall policies. When you pair your firewall configuration best practices with regular firewall security audits, you can remain compliant and secure at all times.
I briefly mentioned a firewall change management plan earlier. Here’s what it is and why you need it.
4. Establish a Firewall Change Management Plan
Changes that impact your IT infrastructure happen every single day. You might install new applications, deploy additional network equipment, grow your user base, adopt non-traditional work practices, etc. As all this happens, your IT infrastructure’s attack surface will also evolve.
Sure, you can make your firewall evolve with it. However, making changes to your firewall isn’t something you should take lightly. A simple mistake can take some services offline and disrupt critical business processes. Similarly, you could also expose ports to external access and compromise their security.
Before you apply changes to your firewall, you need to have a change management plan. The plan should specify the changes you intend to implement and what you hope to achieve. Moreover, the change management plan must include anticipated risks as well as measures to mitigate those risks.
This plan will help you minimize any adverse impact on your business when you make changes to your firewall.
Record all pertinent details when carrying out your plan. Indicate who implemented the change, what they changed, and why and when it changed. This will ensure you have a clear audit trail you can review if something goes wrong.
Now that you’ve boosted your firewall’s performance, the final best practice is to secure it.
5. Secure Your Firewall
Your firewall plays a critical role in your network security, acting as your first line of defense. If it’s compromised, e.g., firewall rules get tampered with, threats can pass through unhindered. What’s worse is when you’re completely unaware of the unauthorized changes. Your false sense of security will allow whoever tampered with it to conduct a prolonged attack inside your network.
You can implement measures to secure your firewall and preserve its integrity. Here are some firewall hardening best practices you can apply:
- Keep your firewall software/firmware patched. This will ensure no one can exploit all your firewall’s vulnerabilities.
- Replace the default factory password. Use a complex password consisting of alphanumeric, non-alphanumeric, uppercase, and lowercase characters.
- Apply the principle of least privilege to firewall access. Only authorized admins should be able to log in and make changes to your firewall.
- Avoid insecure protocols such as HTTP, Telnet, TFTP, and SNMP since they lack encryption. If anyone intercepts the traffic, it wouldn’t take much effort to obtain sensitive information (e.g., usernames and passwords).
Employ real-time monitoring, if possible, to alert you of any changes made on your firewall.
This is by no means an extensive list of firewall hardening best practices. However, if you follow those tips strictly, you can significantly reduce tampering risk to your firewall.
Even though your firewall is a security device, you need to secure it as well.
Poorly configured firewalls can be worse than having no firewall, as a poorly installed firewall will give you a false sense of security. The same is true with firewalls without proper deployment planning or routine audits. However, many businesses are prone to these missteps, resulting in weak network security and a failed investment.
In this post, I discussed the 5 best firewall practices for deployment, configuration, auditing, applying changes, and firewall security. These can help you avoid common firewall pitfalls, improve your security posture, and maximize the ROI of your firewall investment.
I hope the information you gained can empower you into taking steps to improve the way you deploy, manage, and maintain your firewall. Refer to the FAQ and Resources sections for additional details on DDoS attacks, multi-protocol file transfer servers, and more.
What is a DDoS attack?
A Distributed Denial of Service or DDoS attack is a network-based attack designed to overwhelm the target’s computing resources. These attacks can slow your network and prevent legitimate users from connecting to your services. Some advanced firewalls already have built-in DDoS protection. This would prevent a DDoS attack from reaching your network.
What is a C2 server?
C2 or C&C stands for command-and-control. C2 servers are servers that malware communicates with to send exfiltrated data or receive commands. A properly-configured firewall will successfully block a malware’s attempt to communicate with its C2 server. In effect, the malware won’t be able to carry out the next stage of its attack, e.g., exfiltrate stolen data or request additional commands.
What is a multi-protocol file transfer server?
A multi-protocol file transfer server supports several file transfer protocols such as FTPS, SFTP, HTTP, HTTPS, FTP, AS2, OFTP, and others. In most cases, you won’t be using every single protocol the server supports. You want to disable protocols you don’t use and block them at your firewall. A ‘deny all’ rule should take care of that. That way you prevent threat actors from exploiting these protocols to infiltrate your network.
What is FTPS?
File Transfer Protocol Secure or FTPS is a secure version of the FTP protocol. It encrypts data while in transit as well as provides authentication. These are the reasons why many companies prefer its use for automated B2B file exchanges. If your firm uses FTPS, you should allow it in your firewall. That said, adopt firewall best practices relevant to FTPS when you define its IP address and port.
What is SFTP?
SSH File Transfer Protocol a.k.a. Secure File Transfer Protocol or SFTP is a protocol that provides authentication and encryption capabilities. Thus, it’s also often used in automated B2B file exchanges. Check if your organization uses SFTP. If it does, you should allow it in your firewall.
Subscribe to our newsletters for more quality content.
TechGenix: Guide on Firewall as a Service
Find out everything you need to know about FaaS in this article.
TechGenix: Article on Runbook Scripts and Azure Firewall
Learn how to start and stop your Azure Firewall using a Runbook script.
TechGenix: Article on the Top Firewalls
Discover the top firewalls for enterprises and SMBs.
TechGenix: Guide for Enabling Firewalls on Azure
Learn how to enable a firewall in Azure storage accounts.
TechGenix: Guide for Choosing a Firewall
Choose the right firewall for your business with this guide.