The only effective way to really assess if your firewalls are protected is to use tools that are able to examine your firewall configuration based on known best practices. Additionally, the better tools allow the firewall administrator to address new vulnerabilities in real time. Since this process is fully automated, it takes the manual, subjective approach away from this task and it ensures that you can analyse in minutes what would normally take weeks or months to do manually. And this has to be a continuing process.
2. Communicate with the business and know what are your business-critical applications.
Maybe not surprisingly, many IT administrators and firewall administrators do not know which applications are business-critical. The result frequently is that either rules are left in firewalls because no one dares to touch them, which results in poor firewall performance, or rules or services are removed because they do not appear to be used. Again, the problem is frequently due to the fact that manual processes are used to examine usage and very often, services may be unused for months simply because the applications that use them are not run on a regular basis, but may be business-critical.
Again, the only effective way to ensure you avoid these mishaps is to use technology. Firewall policy management technology allows an organisation to define business-critical applications so that any changes which impact these applications can be identified quickly. In fact, some tools allow you to model scenarios before making changes. The modelling allows you to identify if a change will impact business continuity so that you can avoid making the errors in the first place.
Another key use of FPM tools is being able to translate business requests into actual changes. In a recent meeting, a customer told me that they spent two days trying to activate a service for a client because they did not realise that changes were required on two firewalls to enable the service. An FPM tool that provides what if capability will ensure that all necessary changes are shown before implementation is necessary.
Rule usage analysis is also a major problem without the proper tools. Administrators can very often take days to analyse a single rule because as rules move in the rule base, without automated tracking tools, it is virtually impossible to follow them and their contents in a large rule base.
Choosing to deal with the risk or leaving it in the hope that it doesnt happen to you is a choice you make. Not dealing with it is hoping that your colleagues dont make mistakes. So, like my son, if youre going to let somebody else drive your firewall, youd better be sure that the brakes are working
Calum Macleod is regional manager of Tufin Technologies. To contact him, e-mail firstname.lastname@example.org
Sign up for Computerworld eNewsletters.