It’s the fifth and final day of my top 5 controls every business should have in place! Today, i’ll outline one of the most critical controls, and something that’s applicable to every organisation – Firewalls. Firewalls are a critical component in every organisation’s security process and are one of the first lines of defence in a cyber-attack. Installing and configuring a firewall can potentially be an intimidating project but breaking it down into simpler tasks can make the work much more manageable. Due to the technical nature of firewalls, a detailed step-by-step guide is beyond the scope of this blog post, however, I’ll help you understand the principles involved, and how to go about configuring a firewall.
What is a firewall?
A firewall is a system that provides network security by filtering incoming and outgoing network traffic based on a set of pre-defend user-defined rules. In general, the purpose of a firewall is to reduce or eliminate the occurrence of unwanted network communications while allowing all legitimate communication to flow freely. In most server infrastructures, firewalls provide an essential layer of security that, combined with other measures, prevent attackers from accessing your servers in malicious ways.
At the same time, much like a firewall in a physical building, they are designed so that if one part of the network is under attack, other systems on the same network can remain unharmed. This is particularly important for larger companies that have larger networks.
What are the various types of firewalls?
Firewalls can exist either as dedicated hardware appliances, software or as a managed/outsourced service. At a basic level, most company users will typically have access to a software firewall through their operating system (e.g., Mac or Windows) that they can control themselves, including shutting it off altogether (although this is not recommended without good reason). Hardware appliances are usually in the form of routers including a built-in hub (a common connection point for all devices in a network) and a network card (a middleman between a computer and a data network).
Firewall vs Anti-virus – don’t get confused
Firewalls and Anti-virus are essentially designed to provide security services at different levels. Firewalls monitor and control the traffic on the network and grant access to connections that are secure and block malicious connections. Anti-virus software programs are required for the detection of malicious files, harmful codes, and applications that might compromise the system. For a comprehensive security boundary, your organisation should have both.
How to implement a firewall
How do you make a technical topic non-technical? Well, unfortunately, some things just can’t be diluted down that easily; if it were non-specialised then it probably wouldn’t be as effective. However, don’t take this at face value. Have a go, and if you find that any of the following content Is too technical then please feel free to get in touch with one of the ARX team and they will be happy to help! Let me break down setting up and configuring a firewall into 6 steps.
Step 1. Configure your firewall
If an attacker is able to gain administrative access to your firewall it is “game over” for your network security. Therefore, securing your firewall is the first and most important step of this process. Never put a firewall into production that is not properly secured by at least the following configuration actions:
- Update your firewall to the latest firmware.
- Delete, disable, or rename any default user accounts and change all default passwords. Make sure to use only complex and secure passwords as discussed on day 1.
- If multiple administrators will manage the firewall, create additional administrator accounts with limited privileges based on responsibilities. Never use shared user accounts.
Step 2: Architect firewall zones and IP addresses.
To best protect your network’s assets, you should first identify, categorise and add them into an Asset inventory like the one available on the ARX Platform. Next, plan out your network structure so that these assets can be grouped together and placed into networks (or zones) based on similar sensitivity levels and functions. Don’t take the easy way out here and create one flat network. Always remember, easy for you is easy for attackers!
All your servers that provide web-based services (e.g., web servers, email, VPN) should be organised into a dedicated zone that limits inbound traffic from the Internet. This is often referred to as the demilitarized zone or DMZ. Alternatively, servers that are not accessed directly from the Internet should be placed in internal server zones. These zones usually include database servers, workstations, and any point of sale (POS) devices.
If you are using IP version 4, internal IP addresses should be used for all your internal networks. Network address translation (NAT) must be configured to allow internal devices to communicate on the Internet when necessary.
After you have designed your network zone structure and established the corresponding IP address scheme, you are ready to create your firewall zones and assign them to your firewall interfaces or sub-interfaces.
Step 3: Configure access control lists
Those of you who read my importance of access rights and permissions article will be familiar with this step. Once network zones have been established and assigned to interfaces, you will start with creating firewall rules called Access Control Lists, or ACLs.
ACLs determine which traffic needs permission to flow into and out of each zone. ACLs define who or what should be granted access to a particular resource. Applied to each firewall interface or sub-interface, your ACLs should be made as specific as possible to the exact source and/or destination IP addresses and port numbers whenever possible.
To filter out unapproved traffic, create a “deny all” rule at the end of every ACL. Next, apply both inbound and outbound ACLs to each interface. If possible, disable your firewall administration interfaces from public access. Remember, be as detailed as possible in this phase; not only test that your applications are working as intended, but also make sure that you test out what should not be allowed.
Step 4: Configure your other firewall services and log your record collection.
If desired, enable your firewall to act as a dynamic host configuration protocol (DHCP) server, network time protocol (NTP) server, intrusion prevention system (IPS) etc. Disable any services you don’t intend to use.
Note: To fulfil PCI DSS (Payment Card Industry Data Security Standard) requirements, configure your firewall to report to your logging server and make sure that enough detail is included to satisfy requirements 10.2 through 10.3 of the PCI DSS.
Step 5: Test your firewall configuration
First, verify that your firewall is blocking traffic that should be blocked according to your ACL configurations. This testing process should include both vulnerability scanning and penetration testing. Make sure that you keep a secure backup of your firewall configuration in case of any failures. If everything checks out, your firewall is ready for production.
Step 6: Firewall management
Once your firewall is configured and running, you will need to maintain it so it functions optimally. Make sure that you update firmware, monitor logs, perform vulnerability scans and review your configuration rules every six months.
That’s a wrap
For those of you who have followed all 5 controls over the past five days, you may have noticed that there is substantial variation in complexity when it comes to cyber security protocols. The firewall implementation was saved until day 5 because it was the most complex of those we have outlined. As mentioned at the beginning, this doesn’t mean that you should skip it! If you don’t feel confident implementing your own firewall, that is absolutely fine – get someone qualified to do it for you. This is a control that simply cannot be left out.
Firewalls are incredibly important in protecting your business. But they are just another piece within the broader puzzle of successful cyber security. Over the last five days, I have highlighted several controls that will help your business become more secure. Now it is time for you to continue the process of strengthening your resilience to cyber-attacks.
All controls that have been discussed are available on the ARX platform and can be found within the proprietary ARX security standard. The ARX standard contains over 50 security controls each coming with further information and implementation advice. Create your free account on the ARX Platform today and let this be the year you become proactive and take control of your cyber security.