AlgoBuzz Blog

Everything you ever wanted to know about security policy management, and much more.

Search
Generic filters
Exact matches only
Search in title
Search in content
Search in excerpt
Search in comments
Filter by Custom Post Type
Posts

Network Security Tip of the Week [17]

by
[addtoany]

This week’s network security tip is actually a list of firewall policy management recommendations from a Reddit user in the Netsec community. These tips deal with optimizing firewall policies as well as ensuring policies are tightened for an improved security posture. While they may seem obvious to some, you’d be surprised how many firewall policies are not in line with these recommendations.

Thanks to FDD1_S3nt, who suggests the following:

  1. All firewall rulesets should always have a default “deny any any” as the last rule.
  2. IPv6 should be specifically blocked, if it is not being used, and if it is possible on the firewall.
  3. “any” should not be used, unless necessary.
  4. Disable any services that the firewall doesn’t need to run (for example: if you are running Cisco ASA and don’t plan on using ASDM, then don’t enable http service).

Have a network security tip? Send it our way and you may just make it into the AlgoSec blog!

Subscribe to Blog

Receive notifications of new posts by email.