Five firewall configuration mistakes to avoid

A misconfigured firewall can be just as dangerous as having no firewall at all. Be aware of five common firewall configuration errors that can leave any organization vulnerable to attack.

Firewalls are the primary line of defense against all types of network intruders, but even with years of practice and experience, many organizations still make configuration errors that leave their networks vulnerable to data theft, loss, and other types of breaches.

[[275368]]

Here are five firewall misconfigurations that organizations should avoid at all costs:

1. Failure to properly configure and coordinate firewalls and use of increasingly cloud-based security infrastructure

Stefan Schachinger, senior consulting engineer at Barracuda Networks, a provider of network security and storage products, said the network perimeter has all but disappeared, and today firewalls are just one component of a distributed security ecosystem.

Organizations that connect data centers with branch offices, mobile workers, and maintenance personnel require continuous remote access. At the same time, applications and data resources are rapidly moving to IaaS and SaaS platforms. Schachinger pointed out, "Most companies are transitioning to a hybrid cloud environment. Protecting such an infrastructure requires more than just a firewall. Today's evolving and more distributed environment requires a layered, in-depth defense approach in which firewalls need to work in tandem with the rest of the security ecosystem."

2. Misuse of port forwarding rules for remote access

It's not a good idea to use port forwarding rules to accomplish remote access to LAN-side machines without restricting the port or source IP address. "It's a common mistake because it's the easiest way to set up remote access," said Jay Akin, CEO of Mushroom Networks, a developer of advanced SD-WAN appliances that combine firewalls and other security attributes.

Careless port forwarding for remote access can significantly increase the risk of security breaches. "If local trusted devices are accessed and hacked through this security vulnerability by unauthorized organizations and individuals, hackers can further exploit trusted devices in the LAN portion of the network to attack other devices or assets," Akin explained.

3. Ignoring legitimate access needs for specific inventory

To ensure minimal service disruption, many organizations start firewall configurations with broad permission policies. Then, over time and as needs arise, they gradually tighten their access policies. "This is a bad idea," warns Lenny Mansilla, senior vice president of information security and support at network security provider Netsurion. "Organizations that don't carefully define access requirements from the beginning are vulnerable to malicious attacks over a long period of time."

Mansilla advises that organizations need to take the opposite approach and not start with a slowly tightening policy, but rather examine the critical applications and services needed to support reliable day-to-day operations, and then adapt firewall policies to fit specific sites, using source IP, destination IP and port addresses whenever possible.

4. Not configuring the firewall to perform egress filtering on outbound traffic

Most administrators have a basic understanding of how firewalls improve security through ingress filtering. This approach prevents Internet-based connections from reaching internal network services, which are then inaccessible to unauthorized external users, explains Corey Nachreener, CTO of Watchguard Technologies, a provider of network security software and services. "Administrators rarely take advantage of the security benefits provided by egress filtering rules, which limit the types of networks that internal users can connect to the Internet."

He noted that most firewall configurations he sees have an egress policy that essentially allows internal users to do whatever they want on the web. If users don't use egress filtering rules, they're missing out on a host of security benefits that a firewall can provide, putting their overall security posture at a disadvantage.

5. Trust that a well-configured firewall is all you need to ensure network security

Edge computing protections are being pushed to their limits as attackers become more sophisticated. Cyber ​​attackers are now targeting corporate Wi-Fi networks, compromising routers, launching phishing campaigns, and even crafting API gateway requests to pass scripted attacks to the backend. Once inside the network, cyber attackers can extend their reach to exploit internal systems that users built with edge computing security in mind.

Dmitry Sotnikov, vice president of cloud platform at 42Crunch, a cybersecurity platform provider, recommends a zero-trust approach. He said, "Everything in an organization can be compromised: mobile applications, consumer and employee devices, and the internal network. Network security needs to be designed in layers. The firewall is not the only protection. Each layer needs to be locked down to the minimum communication level required."

"Security measures developed within an organization should follow a DevSecOps approach," Sotnikov advises. "Security of your APIs, applications, integration projects, and systems needs to start from the design phase. At every stage of the lifecycle, security checks at design, development, testing, and runtime need to be run automatically to ensure that any component or system is secure, even as they evolve and change."