Network firewalls provide an essential aspect of network security by monitoring traffic and preventing unauthorized traffic from accessing systems. Reliable network firewall security doesn’t automatically happen when an organization adds a firewall to its IT ecosystem, however. Follow these six best practices for firewall configuration to improve network security and protect organizations from malware and other types of attacks.
Read More: EC-Council Certified Chief Information Security Officer (CCISO)
1. Configure Network Firewalls to Block Traffic by Default
Even when IT teams do their best to follow firewall configuration best practices, they risk missing vulnerabilities that malicious actors can exploit. Setting firewall security to block traffic by default helps address this problem. When IT teams block all unknown traffic trying to access the network, they make it much more challenging for unethical hackers to infiltrate the system.
2. Follow the Principle of Least Privilege
Of course, some people will legitimately need access to an organization’s network. Organizations can configure their network firewall security to allow authorized users, but that doesn’t mean that cybersecurity teams need to give them unlimited access. Each account should only have access to the files and tools necessary to do the user’s job.
For example, an account belonging to a third-party vendor that fulfills orders only needs access to information about purchased products and where to send them. The vendor does not need any information about business processes, customer payment records, or other sensitive data. Following the principle of least privilege will ensure that all types of firewalls are able to secure the network more effectively.
3. Specify Source IP Addresses Unless Everyone Needs Access
In rare cases, IT teams might want to give everyone access to a part of the network. In these cases, they can configure their source IP addresses as ANY—for example, to let anyone visit a business’s website.
If you don’t want everyone on the internet to have access to a part of the network, however, specify the source IP addresses. Taking this step will limit the IP addresses to which traffic can connect.
4. Designate Specific Destination Ports
Always make sure that your organization’s firewall network configuration designates specific destination ports for connected services. Perhaps a business has a destination port that lets authorized users access client contact information. In that case, establish that destination port as the source of that data and only let authorized accounts connect to it.
5. Open the Firewall Ports That Users Expect
Take the time to learn which ports users expect to find open when they try to access networks. The ports that IT teams open will depend on a few factors, such as the services and data that users tend to access and the types of servers and databases that the organization uses. You can find more information about Microsoft server ports here (Czechowski et al., 2022) and Linux server ports here (Kumar, 2021).
6. Designate Specific IP Address Destinations
Designating specific IP address destinations serves a similar purpose as designating destination ports. Organizations want to limit access to IP addresses to prevent unauthorized traffic from entering their networks.
Additionally, this type of firewall network protection can help prevent distributed Denial-of-Service (DDoS) attacks. DDoS attacks have become increasingly common, especially in the United States, the United Kingdom, and China (Sava, 2022). Implementing defenses against this type of attack is key to ensuring that customers, vendors, and employees can maintain access to the network.
Source: eccouncil.org
0 comments:
Post a Comment