Firewalls block threats and allow legitimate traffic across an internet connection. A well-constructed firewall should keep data and applications safe from harm. But firewall protection relies on proper configuration. Achieving this isn't always easy.
This article will explore firewall configuration basics and some common challenges that complicate the process.
Importance of configuring firewalls
Firewall configuration is a critical part of securing network assets. But even the strongest firewall defenses will fail if they aren't properly configured.
Security experts Gartner suggest that 99% of firewall breaches are caused by misconfiguration, not flaws within firewall systems. The way users set up their firewall systems makes a huge difference to their overall security posture.
This matters because firewalls are central parts of cybersecurity systems. Firewalls filter inbound and outgoing network traffic. They allow only approved traffic to access resources. And they block unknown connections, keeping out malicious attackers.
Firewalls can only carry out these functions with the right policies. Firewall policies are sets of security rules that state conditions for network entry. They include allowable ports and approved IP addresses or domain names. And they apply security zones to segment the network.
Getting these policies right is the central challenge of firewall configuration. If filters are too broad, attackers may be able to access the network. But excessively strict controls can result in performance issues for legitimate users. Let's explore how to improve your firewall configuration.
How to configure firewalls
1. Make your firewall secure
The first stage in the firewall configuration process is securing the firewall. Factors to consider here include:
Changing default passwords - Firewalls often come with pre-set passwords that are easy for hackers to guess.
Updating firmware - Out-of-date software is vulnerable to exploits. The latest patches will plug security gaps.
Simple Network Management Protocol (SMTP) - If SMTP is enabled, turn it off. This is because SMTP does not support the latest authentication systems. Attackers can spoof users and gain access to network services.
TCP traffic regulation - Restrict incoming and outgoing traffic using the Transmission Control Protocol. Enable as few ports as possible to close off access routes for attackers.
Closing unused open ports - For instance, FTP ports (usually Port 21) should remain closed whenever possible.
2. Manage user accounts
Ensure that users with access to firewall settings are properly configured. Avoid the use of shared accounts for multiple administrators. Shared user accounts present a tempting target for external attackers. Instead, set up individual accounts for each administrative-level user.
Don't assign total control to a single user. Separate user privileges via Role-Based Access Control (RBAC) to create safeguards. This limits the damage if hackers compromise an admin account.
If you get everything else right when carrying out firewall configuration, attackers can still compromise high-privileged accounts. Take extra care to ensure that admin users maintain strict password hygiene. Change any default passwords and require regularly changed secure passwords.
3. Use firewall zones to secure network assets
Firewall zones are areas of the network that contain high-value data and assets. Firewalls surround these network zones, allowing access for authorized users. This is a reliable network security tool when meeting PCI-DSS regulations.
Carefully consider which resources to assign to each firewall zone. Always keep business needs in the foreground, and group resources intelligently.
When creating a network zone structure, remember that complexity has costs. More zones will improve overall security. But admins must dedicate time to managing segmented zones. This can be an issue in smaller organizations.
It's good practice to set up a demilitarized zone for critical servers, including email servers, web servers, and Virtual Private Network (VPN) servers. This contains traffic entering and leaving the network, allowing for in-depth monitoring away from core resources.
Think about the firewall zone infrastructure as well. Each zone requires an IP address structure that connects each firewall interface with the correct zone.
4. Set up Access Control Lists (ACLs)
Access control lists are firewall rules that specify what type of traffic enters the network. They essentially act as a network guest list. When you configure access control lists you decide who to admit, and who to exclude.
Each sub-interface in the firewall system should have its own ACL, along with the core firewall router. Common firewall rules in an ACL include:
- Source port numbers
- Destination port numbers
- Allowed internet protocol (IP) addresses
- Allowed protocols, including IP, EDP, or TCP.
- A "deny all" rule at the end, denying access to unapproved identities
Administrators must also secure firewall administration interfaces. Block public access to the control system and disable unencrypted firewall management protocols.
5. Make sure your firewall configuration is compliant
Firewall protection is an important part of regulations such as PCI-DSS and HIPAA. To achieve compliance, organizations must install robust firewalls around customer or patient data. Make sure any configuration changes meet regulatory standards. If possible, build your configuration around relevant rules.
Logging is a core requirement under PCI-DSS. Companies must set up firewalls with the ability to log and store access requests. Make sure automated logging is turned on. And double-check that the audit function delivers accurate, comprehensive data.
6. Test and audit your firewall protection
During configuration, use penetration testing and vulnerability scanning to check for weaknesses. Testing identifies areas of improvement. This makes it easier to resolve security problems before the firewall goes live. Never activate a firewall without carrying out proper security checks.
After deployment, auditing becomes critically important. Schedule audits to inspect firewall logs and carry out further vulnerability scans. Make sure ACLs and rules are relevant and secure. Document any changes, and store audit information to allow easy regulatory reporting.
Put in place procedures to update firewall firmware. Automation can deliver patches with minimal administrative input. But it's important to check software is up to date. And remember: Patches do not make vulnerability scans unnecessary.
Firewall configuration challenges
Setting up firewalls can be complex, and every project encounters challenges. For instance, firewall configuration issues include:
- Balancing access and security – Firewalls can sometimes be too broad. In this case, the network will be open to attack. On the other hand, tight network security controls can limit access to legitimate users, or make using the network cumbersome. Strike a balance that meets your business needs.
- Sourcing the right firewall type – Hardware firewalls suit on-premises networks, while a software firewall will work better when securing individual devices. Find a firewall that's reliable and suits your device mix. And if possible, source firewall services that cater to on-premises and Cloud-hosted assets.
- Choosing other firewall services – Firewalls often come with various add-ons like Intrusion Prevention Systems (IDP), Network Time Protocol (NTP), or Dynamic Host Configuration Protocol (DHCP). Focus on core firewall settings and avoid adding complexity. Add extras when you are ready and if they serve a clear security purpose.
- Port Management – Open ports are like open doors for cyber-attackers. Assess all port settings before the firewall goes live. Disable any ports that are not needed. Police all other ports with active monitoring to check for intrusions.
- Authentication conflicts – Some non-standard authentication systems can conflict with firewalls. This can make even approved traffic potentially risky. Make sure your MFA/2FA systems work properly with firewall interfaces.
- Monitoring outgoing traffic – Firewall systems often focus on incoming traffic. But for total security, the firewall configuration must also filter outgoing traffic. Make sure traffic does not contain sensitive data. Monitor for any anomalies. They could be evidence of data exfiltration.
Key takeaways
- Admit users or devices with approved IP address data and deny access for unapproved traffic.
- Create Access Control Lists that set the rules for accessing segments of internal networks. Apply limited privileges-based access to protect critical data.
- Use firewalls to create secure zones with their own rules and access lists.
- Leverage logging tools and regularly audit firewall performance. Carry out penetration and vulnerability testing to assess network security.