There is a good reason to insist that reviewing your firewall rules should be a recurrent effort: Most companies have difficulty balancing good security practices with the performance needs of network resources to serve end users. Sometimes, these two aspects seem not to agree at all.
Setting up a firewall from scratch should present complexities. There are differences if your company deploys technology in hardware or if they chose to use software. Then, there is the issue of properly dimensioning technical specifications necessary to serve the company. Finally, there are also differences in firewall models, how they integrate with other systems and so on.
But in the end of the day, everything will depend on a good mapping of internal needs and what risks each company is willing to take.
We recently commented that improper management of firewalls can lead to loss of performance. Now we’ve put together some recommendations that will help you better manage your resources:
Document your firewall rules
The firewall policy is not a private property. The entire IT staff should have easy access to documentation and, from it, identify in a clear and simple way what are the goals of each rule. Good documentation will tell:
- The purpose of the rule;
- What services it affects;
- What users and devices are impacted;
- The date of creation;
- The time of validity.
Additionally, your team will have better results tracking information about changing the rules. By evaluating the report of traffic of the device itself, you can identify errors or suspicious traffic that indicate changes in the rules. This may be simpler if you already use a log management tool associated with your firewall.
Process does not mean bureaucracy. You need to know what rules exist, how they should be applied, by whom, when they have been changed, and so on. Corporate users will always have demands for creating new traffic rules. If you do not have a detailed process, how can you respond to these requests?
Some basic steps make management easier and avoid complications:
- Formal request (via helpdesk) for corporate users;
- Checklist to evaluate if there is real need for request, what risks are involved, how much privilege is needed etc. Besides, you need to compare the request to the existing rules;
- Test environment to make sure that any changes work well, without affecting other systems;
- Documentation of the process.
In addition to security, your firewall aims to manage the performance of network resources. The more rules you create, the lower the performance. If you have fulfilled the previous steps – know and document the rules, establish processes to creation and change new rules – this problem will not have a great impact.
But it is always important to review the rules of your firewall. Search for:
- Rules that have the same purpose.
- Rules whose objectives compete with each other – and may promote operational errors;
- Rules that are no longer in use.
All right, evaluating traffic was the goal # 1 when you deployed your firewall. But we need to emphasize that only by studying the results of the monitoring you will find standard of your traffic. With this information you will be better prepared to optimize the features in the best fit for your company.
For example, what applications do business users most use? Is it necessary to increase the availability of resources to support those applications? On the other hand, which have some sort of permission, but are not used? Do they need to be maintained? Is it necessary to adapt the privileges? Do you need to control the bandwidth feature for that application?
Organize your rules
If your firewall rules respect a queue, then you need to sort them.
Why? Think of an environment with hundreds of traffic permission rules. Some of these rules are more important than others. However, if your device does not prioritize the most important rules, then you lose effectiveness.
How? If your firewall evaluates general rules first, in many cases it may allow a request, only to block it later when the specific rule is applied. But if the opposite occurs, the most relevant rule is applied first, so the firewall removes the traffic request from the queue on the first scan. In other words, your monitoring will not lose performance due to rework.
Golden rule: prioritize the rules that are specific and considered essential for the good performance of your network. Leave general rules to the end of the queue.
Controlling application permissions per user may create some conflicts within the business because many users do not understand the reasons that prevent them from using a certain application or accessing a web resource.
Therefore, educating your user about how the company policy works is very important. Although this is not a “technical” tip, it is a practice that can avoid some relationship disorders. Always communicate to users clearly how your network resources are managed, what applications can be used, why and which applications are not allowed, what information can be accessed within a profile, and so on.
Finally, another important tip is to always communicate well with the company’s leadership, since good practices (whether towards security or productivity) are better received by the team when their direct manager also understands and follows these recommendations.