Grafvision - Fotolia
How should enterprise firewall settings be reviewed?
Getting firewall settings right is one of the most basic ways to protect enterprise data from accidental exposures. Expert Judith Myerson discusses how to review firewall policies.
Security researcher Troy Hunt testified before Congress in a hearing on data breaches. Hunt talked about accidental data breaches and explained how changing a single firewall setting could expose corporate data to the public. How often should firewall settings be reviewed?
A log file on firewall settings should be reviewed daily, at least on the status of the transmission control protocol (TCP) and user datagram protocol (UDP) connections at a point in time. An administrator should ensure new ports are being correctly assigned and old ports are removed from the firewall settings file. The default port for the old application server may not automatically be replaced with a different port required by a new application server. If the old port is not removed, it may be reused by the new server for unintended services.
The hierarchy of physical and virtual firewalls in a company's internal network can be very complex. In a large, global enterprise, different firewall policies are set up for different types of firewall technologies from different vendors.
To make the log reviewing tasks easier, an enterprise should opt for paid cloud services that can provide a daily analysis of the company's firewall log files in real time. Firewalls provided by cloud services have advanced features that are not included in a basic firewall, which may only provide the status of TCP and UDP connections. Subscription prices are based on the complexity of firewall settings, the level of the enterprise's control over the settings and the costs of managing the firewalls.
Unlike a physical firewall, virtual firewalls share resources with other virtual machines (VMs) in the same virtualized host. The disadvantage to virtual firewalls is that it can be difficult to close a physical port shared by several VMs. If the physical port is not quickly replaced, corporate data may accidentally leak into the second VM that is not as secure as the first VM.
When comparing firewall cloud services, an enterprise should consider firewall policies on reviewing virtual and physical firewall settings to prevent accidental disclosures.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)