Firewalls play an important role in ensuring your network's security. They prevent unauthorized traffic from entering or exiting your secure network to help avoid infection from viruses, unintentional data loss, or access to sensitive data by unwanted outsiders. In order to maintain a high level of security, it's important to audit your firewalls regularly to ensure they are not allowing any dangerous or even risky services through.
Firewall Security Management - What the Experts Say
There are countless authoritative sources out there that make recommendations about what to consider when you configure, update, and audit your firewalls. A few prominent examples include:
- National Institute of Standards and Technology (NIST): Guidelines on Firewalls and Firewall Policy (Special Publication 800-41)
- National Security Agency (NSA): The 60 Minute Network Security Guide
- The SANS Institute Firewall Checklist
The gist of all of these recommendations is that they list specific traffic and services that all firewalls should block to avoid infection or breech. They also make recommendations about firewall architecture, including recommendations to use multiple firewalls to segregate the internal secure network from potentially-dangerous outsiders. The latter implies that, depending on the size of your organization, you are going to have at least two -- and probably many more -- firewalls to audit regularly to ensure optimal security.
How to Audit Firewall Configurations
To audit your firewalls, first obtain their configuration files and familiarize yourself with how to read them. This might include deciphering rule syntax from disparate vendors. After you have a sense of how your firewalls are currently configured, use one or more of the sources cited previously (or similar) to construct an audit checklist that's suitable for your organization. As a point of reference, the SANS Institute checklist offers 24 items to check. Finally, compare the rules and other configuration details on your firewalls to the checklist you've prepared. If any of your firewalls fails a check, implement a fix right away.
I know, this sounds like a lot of work. Collecting the configurations alone can become a nightmare. However, there are tools out there that can help with firewall management tasks such as these. SolarWinds Firewall Security Manager (FSM), for example, has some built-in security checks that you can run -- or even schedule -- against all the firewalls in your inventory. FSM uses the authorities cited previously, along with several others, to provide a security check catalog with over 120 customizable security checks, from ensuring you have rules to block external traffic from reserved or illegal IP addresses to verifying your DMZ blocks all insecure traffic. For additional information about Firewall Security Manager, see Welcome Firewall Security Manager (FSM) to the SolarWinds family.