At its most basic, a firewall is a network security system that controls incoming and outgoing network traffic. A firewall analyzes data packets and makes a determination as to whether they should be allowed through or not, based on a set of rules. Sounds simple, right? In reality, firewall rules can, over time, turn into an unwieldy, snarled mess that can have unintended consequences.
Sometimes a simple firewall configuration change can precipitate an unexpected series of events.Over the past few years, the concept of the “bring your own device” (BYOD) workplace has gained traction, and the importance of firewall settings is even greater when employees use their own mobile phones, laptops, or tablet computers for work. Firewall rules take on particular significance when you realize that around one-third of consumers eventually lose their phone or discover it’s been stolen.
One Possible Scenario
Suppose your workplace has a BYOD policy, but fails to examine firewall rules and enforce employee BYOD rules consistently. A worker could accidentally download malware onto his mobile device, and then bypass the firewall when he brings it to work. Next thing you know, a Trojan is on your network, and a hacker gets busy collecting your valuable data. Remote access to your organization’s network must be fully covered in your network security policy, and your solution for keeping malware out should be tested and monitored. If any changes are made to the firewall rules, you must ensure you don’t accidentally leave open a “back door” into the system.
Firewall Rule Change Processes
The problem is, manual firewall management can have major unintended consequences. A 2012 Tufin survey of 200 administrators revealed that over 60% reported having a firewall rule change process that put them at increased risk for a security breach. Further complicating matters is that in highly segmented networks, the coupling of firewalls with specific network zones means that changing of the firewall rules on one network segment could have unintended consequences for other segments. It’s all too easy to edit a firewall rule and find that other parts of the network have been affected too.
Managing Firewalls Effectively
Particularly in larger organizations, changing firewall rules and settings should be discussed in advance.Sometimes firewall rules have to be changed, and larger organizations need different firewall change policies than smaller ones. But there are some general principles that will help you manage your firewalls more effectively.
- Consider forming a firewall change team made up of end-users, system administrators, security personnel, and managers to discuss proposed firewall changes before they are made.
- Ensure that end-users and administrators are notified before firewall rule changes are made so that any resulting connectivity issues can be reported right away.
- Document firewall rules and include comments explaining their purpose. Administrators should be able to understand the reason for rules, services the rules are for, which users, services, and devices are affected, and when a rule is added or modified.
- Review firewall rules periodically and update them as necessary. Get rid of unneeded rules and make sure rules are organized optimally to minimize effects on network throughput.
Have a Plan and Tools Ready if Something Goes Wrong
In organizations with complex networks, firewall rule changes can have unintended consequences. When this happens, it’s important to be able to revert to a previous firewall version quickly to minimize risk and re-implement changes correctly. Many organizations backup firewalls manually, with no central organization or verification process. However, when firewall configurations are backed up automatically and regularly, reverting to a serviceable firewall configuration can be done quickly to minimize damage.
Backbox is a network security solution that automatically backs up routers, switches, load balancers, custom devices, and firewalls, so if you need to go back to a previous configuration, you can do so far more efficiently than if these device configurations were backed up manually (or worse, not backed up at all). In the BYOD world, network security is more critical than ever. You want workers to be able to work efficiently from remote sites, but you also have to ensure your network is not compromised by workers’ personal devices.
Firewall settings and rules must be designed to allow authorized access while minimizing risk. Should a firewall change cause unintended consequences, however, your organization needs a solution that allows quick reversion to a previous rule set so that risk is minimized, and changes can be made properly. Backbox gives organizations this peace of mind, with comprehensive network security configuration backups that are done automatically and regularly.
Photo Credits: David Castillo Dominici / freedigitalphotos.net, Ambro / freedigitalphotos.net
The post Firewall Breaches in the Bring Your Own Device Era appeared first on BACKBOX BLOG.