1. Making the right firewall choice
The first step is selecting the most appropriate firewall for your needs. There are a range of options to choose from, from the most basic packet-filtering types to advanced next-generation solutions that offer extra features like intrusion prevention systems and complex rule management tools.
It may be tempting to go for the highest-level option to provide the most protection, but this may not always be the best choice. The more features your firewall has, the more processing will be required, which can impact your overall network performance.
Simply replacing a legacy firewall with a next-gen alternative of the same scope can also cause problems, so think carefully about your needs. It's not uncommon for large firms to have multiple firewalls covering different parts of their network to balance cost and performance against security.
2. Ensuring effective configurations
When you have settled on a firewall, making sure it's configured correctly is vital. There's no one-size-fits-all solution that will be appropriate for all users and applications, so make sure features like network segmentation, bandwidth prioritization and application controls are applied properly to different parts of the network.
The more features your firewall has, the more complex this process will be and the longer it may take. To avoid the deployment spiraling out of control it's therefore essential to set out formal policies detailing what services, applications, protocols and networks should be allowed through the firewall. This can then be referred to throughout the setup process.
Poorly set up firewalls can have serious repercussions. For example, the Capital One data breach in 2019, which compromised over 100 million records and cost the company up to $150 million, was traced back to a hacker who exploited a misconfigured web application firewall.
3. Updating your firewall effectively
Once the firewall is up and running, it's important it’s not neglected. New threats are emerging all the time and firewalls will therefore need to be regularly updated to close vulnerabilities and update definitions of hostile traffic. However, it's easy to overlook these activities when IT departments are busy and have many other priorities, which is why the first step is therefore to set a regular schedule for the reviewing and updating of the firewall.
When you are reviewing and updating firewalls, it's also essential to make sure you have a full understanding of the impact any changes will have. Key questions to ask include:
- Will this update break any applications or other network connections?
- Is this update going to introduce any new vulnerabilities that need to be addressed?
- How will the change affect performance?
4. Keeping up with rules and policies
However, regular updates should be about more than reviewing rulesets and policies to react to new circumstances. You should also view this as an opportunity to review existing policies to determine if they're still effective.
If IT teams simply add rules to their firewalls, they’ll quickly end up with a system that contains thousands of potentially contradictory policies that can slow performance and even add new vulnerabilities. Therefore, taking the time to review and optimize rulesets is a must.
This is where effective firewall management tools can prove highly useful. These solutions can provide you with the visibility needed to see which rules can be eliminated, as well as what the implications of removing or changing a rule will be.
5. Preventing false positives when blocking traffic
If you're not careful with the policies you apply, you may find your firewall is too strict, and can misidentify legitimate traffic as a potential threat. While it's generally better to be too tough with your rules than too lax, this can cause frustration for end-users and even get in the way of them doing their job effectively.
To minimize this risk, it may be necessary to create custom rules and configurations that can allow specific traffic while denying access to others. Setting up a whitelist can take time, and may come with a bit of trial and error - expect to get a few complaints in the early days as employees discover applications that have been caught out by the rules. But once you familiarize yourself with the profile of your firm's everyday traffic, these bumps can be ironed out and it will leave you much better-protected in the long run.
- How to Create a Successful Cybersecurity Plan
- A Guide to Replacing Antivirus with Advanced Endpoint Security
- The Hybrid Workplace is Here. But What are the Potential Security Risks?
Access the latest business knowledge in IT
Join the conversation...