Including Firewall Rule Recertification as Part of Your Change Control Process

We’ve spent a lot of time and written many articles on this blog around the challenges of firewall change management. One area that we’ve touched on, but not spent a great deal of time on is around the need to recertify rules… and of course how to accomplish this without too much administrative burden. Let’s touch on the why briefly.

Oftentimes firewall rules are added, never to be checked again. The issue here is that these rules may prove to be at a later point unnecessary and can even create security and compliance gaps if left unchecked for too long. Many organizations have a process to recertify these rules within an established timeframe, but this usually entails a lot of manual work to track down historical information and to understand any potential impact of removing the rule. Think of a business application that is decommissioned. Too often, all of the rules that the application leveraged are left in place.

In this latest video in our Firewall Management 201 series, Professor Wool examines tips for including firewall rule recertification as part of your change
management process, including questions you should be asking and be able
to answer as well as guidance on how to effectively recertify firewall
rules.