Best Practices in Firewall Management
- Sabu Thaliyath
Introduction to Firewall
• In the front of perimeter-level defence
• Works mostly on ports and IP addresses
Be Specific
•Default policy must be Deny All
•Be specific in firewall rules i.e • Open only the port you need open
• Allow only the IPs that you need to give access to
Access Control
• Keep the responsibility/authority to change firewall with only 1 or 2 admins
Have a change request policy
• How the requests would be received ?
• Approvals required
Add description
• Every rule must have a description
Expiry date
• Keep an expiry date for user requested rules
• Remind the user when expiry date is nearing
Backup
• Take periodic backups of your firewall
Periodic Review
• Clean up expired rules
• Remove redundant or duplicate rules
Manage from central location
• Cloud based management would help
Compliment firewall
• Compliment the firewall with other security products – Intrusion Prevention System, Endpoint Security