With any firewall it is very important to have change control. Far too often firewalls are found with rules that nobody remembers adding. What normally happens is that these rules remain because firewall administrators fear they might break something if they are removed. When rules are introduced there should be a well-defined method for documenting these and, in the case of temporary rules, the removal date for the rule should be added in a comment field. The only way of checking if the firewall is actually enforcing the agreed policy is to either verify it with an Intrusion Detection System, or to do a manual verification using a penetration test or a firewall review by a third party.
3. Log and review traffic
When deciding on a firewall policy, do not forget the importance of logging. One of the primary purposes of a firewall is to log traffic going through the firewall. Logging is no good unless these logs are reviewed on a regular basis; this should be included in the policy.
4. Monitor stability
A firewall is like any other infrastructure component and should be managed as such. In other words it should be monitored for availability to ensure maximum uptime. If a firewall isn’t stable people will find ways of avoiding the firewall that leads to a low level of security. This should also be reflected in the policy.
5. Document the policy
A firewall policy and the issues around it should always be documented to provide a reference for administrators and people working on the firewall. If the policy is documented people can work to, and follow the policy. If no formal policy exists people will tend to do things in an ad hoc fashion.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.