by Martin Quinn(Principal Consultant) 5 March 2013
Despite the fundamental security role that firewalls play for virtually all organizations, as an auditor and vulnerability expert I find in close to 60% of the time, businesses have misconfigured their old faithful firewall.
Having a firewall in place has a perception that the perimeter is safe and secure. And this is true if configured and managed correctly. However, the devil is in the detail. A minute configuration error (such as a typo), a redundant rule or an obscure legacy rule may significantly degrade the advantages of a firewall and in some cases rendering them virtually useless.
Firewalls are heavily relied upon and considered quite basic, but in reality they are prone to extremely subtle configuration-based errors.
I often recommend that businesses review their firewalls as often as they service their car, most of the time this warning takes heed, but when it’s not the results can be catastrophic, and unlike a car there is no NRMA, RACV, RACQ, etc. to get you back on the road again. If you haven’t reviewed your firewall in the last 2 years, chances are you suffer:
- a) Rule bloat –too many firewall rules, causing your firewall to access unnecessary rules and slow down,
- b) Rule neglect – rules that are neglected and/or are underutilised or no longer required, or
- c) Both.
Author: Intact Security