A survey of 300 IT security professionals carried out by security management vendor FireMon at last month’s Infosecurity Europe has concluded that 65% believe that they would be grounded in some capacity for the messy state of their firewall rules. Of those, over half, or one-third of the total surveyed, said that if their firewall rules were a teenager’s bedroom, Mum would be so angry, she would ground them for life; and just 35% were confident Mum wouldn’t be angry at all.
“Firewall rule management is one of those necessary evils within security management in organisations – it can be time consuming and at times a bit like untangling the wires in your junk drawer,” said Michael Callahan, CMO, FireMon. “FireMon’s goal, with our range of security management products, is to help administrators whose job it is to do the untangling to move firewall rule management from one of those laborious, painful tasks, to something quick and easy, giving them the capacity to tackle more involved security management tasks.”
The same study also showed that 32% claimed that they had inherited over half of the rules they manage from a predecessor and a quarter of security professionals confessed to being afraid to turn off rules that had been put in place prior to them managing them. To add to the complexity, 72% of security professionals surveyed use two or more firewall vendors within their IT environments.
“IT environments, even in smaller organisations, are becoming incredibly complex due to multiple vendors, technology advances in equipment and not to mention stringent compliance requirements. In fact, in the latest FireMon State of the Firewall survey, 52% of the security practitioners agreed that complexity is their biggest firewall management challenge,” explained Callahan. “Organisations in general, especially IT teams, are expected to do more with less resources. When this happens, good management and automation can close gaps in resources while helping streamline processes and simplify tasks such as firewall rule management.”
If, like the majority of IT security professionals, you’re in danger of being grounded over your messy firewall rules, here are some tips from Tim Woods, VP of Customer Technology at FireMon on how to start tidying up your firewall policy:
Step 1: Remove technical mistakes – A primary example of a technical mistake that is classified as ineffective, incorrect and not needed is a hidden rule which includes redundant and shadowed rules that serve no legitimate business purpose.
Step 2: Remove unused access – Unused access rules bloat a firewall policy causing confusion and mistakes. To determine rule usage, you need to analyse and correlate the active policy against the network traffic pattern; doing this over a sustained period will show definitively which rules are used versus unused to help with clean up.
Step 3: Review, refine and organize access – You need to determine whether rules are justified against a defined business requirement and analyse the need vs. risk acceptance for the rule. Start with rules that employ the use of “ANY”, as these could potentially be the most risky.
Step 4: Continual policy monitoring – Don’t forget that maintaining an effective, efficient and correct firewall policy is an ongoing process. Make sure you have real-time change event monitoring and alerting and real-time audit reporting to know when a violation of your security policy has occurred.
The above four steps can (and should) be automated as they are extremely difficult, if not impossible, to do accurately as a manual process.