Security studies back up this fact: It takes less than 20 minutes for an unprotected computer to be attacked once it’s connected to a broadband connection. Firewalls serve as gatekeepers, deciding which data is allowed in and out of the network, and under what circumstances. How you set up your firewall will make a big difference in how it performs, so it pays to learn from the experts. You can tune up your firewall and boost your security by following these expert tips:
- Harden Your System
‘Hardening’ is the practice of reducing the vulnerabilities in your hardware. Before you even install a firewall, you’ll want to harden your host machine by closing any unused ports and disabling any protocols or user accounts you won’t use.Fortunately, there are plenty of resources available on how to harden different machines, and your hardware vendor should also be able to help.
- Keep it Simple
A firewall is used to enforce network security policies, so you’ll want a clear set of organizational guidelines before you start writing rule sets. Try to keep the configuration as simple as possible while staying consistent to the policy. If you’re working off of a legacy security manual, this is the perfect time to pare it down to the essentials. The firewall will be more efficient and easier to manage if you eliminate unneeded and redundant rules.
- Organize Your Rule Elements for Quick Evaluation
Firewalls process rules in the order you set for them, so you want to make sure that the most easily processed rules are at the top of your list. If a request matches one of your first few rules, the firewall won’t have to bother with subsequent time-consuming rules.Easily processed rules include source port information, protocol definitions, Internet protocol (IP) addresses and schedules. Rules that are more complicated to process include domain-name and URL sets, as well as content type and users.
- Deny, Deny, Deny
Because you want only approved traffic to flow on your network, you should deny all traffic by default, and then enable the necessary services. You can do this using global-allow and global-denial rules. Global-allow rules give specific access to all users while global-denial rules restrict specific access to all users.
- Monitor Outbound Traffic
You should set up your firewall to filter outbound traffic, as well as incoming traffic. This kind of filtering, also known as egress filtering, keeps unauthorized traffic from leaving company computers and servers. It also prevents internal machines from being used to launch zombie attacks on other servers.Allow only certain kinds of traffic for specific servers, such as email, Web and DNS traffic.
Synchronized time is important for implementing distributed procedures over a network and for delivering file-system updates. NTP uses UTC (Coordinated Universal Time) to synchronize times down to the millisecond.NTP is especially important for ensuring that your firewall log records events accurately.
- Test for Vulnerabilities
Once you have your firewall up and running, you’ll want to test it for known vulnerabilities. To be thorough, you should test on every firewall interface, in all directions. You might also want to try testing it with the rules disabled to see how vulnerable your system would be in the case of a firewall failure.New exploits are constantly being discovered, so it’s best to get into the practice of testing and auditing your firewall on a regular basis.
- Log On
Logs are also essential when you want to write rules against new threats since they allow you to identify and track new traffic patterns. Make sure that logging is enabled on your firewall as well as alerting, if the product has the latter feature. If you have multiple firewalls, you may also be interested in investing in a remote system-log server. The advantages are centralized management of logs, easier access to logs for auditing purposes and more secure retention.