Why it Pays to Maintain Your Firewall

Firewall Maintenance

In my last piece, I talked about the essentials of information risk analysis and its importance in the enterprise. I thought it would make sense to continue on that topic in the context of firewall management and security. You see, many (probably most) network administrators and managers in charge of enterprise firewalls are also responsible for numerous other things around the shop such as routers, VPN concentrators, load balancers, and other network infrastructure systems. Sometimes these duties go beyond the core network and into servers, software, and even endpoints. This is a lot to take on and, thanks to the complexity factor we struggle to minimize, it serves to facilitate network security breaches.

It wasn’t 10 or 12 years ago that I recall firewalls being sort of the end-all be-all solution to enterprise security challenges. Obviously, we’ve come a long way in terms of firewall advancements as well as technologies such as IPS, SIEM, and CASB that serve to further protect our networks. Still, it doesn’t hurt to be reminded of where we came from. Although firewalls are no longer the security control that stops all things bad, they are still one of the most critical systems for minimizing security risks. Why am I even bringing this up? Because I’m seeing so many firewalls in organizations both large and small across all types of industries that are being downright neglected. This neglect is creating untold security risks that many organizations don’t even know about.

What I mean by “neglect” is network admins and managers failing to address basic system configurations, patches, and, especially, what’s allowed to pass through the firewall. Hardly an assessment goes by where I don’t find the following firewall weaknesses:

• unsupported or outdated OS versions
• unnecessary, and often forgotten, services that permit risky inbound and outbound communications
• duplicate objects and services as well as unused and redundant rules that no one is familiar with

Not only are these shortcomings creating quantifiable security risks to the business, they are also the types of things that can and will be used against you by opposing counsel when a security incident occurs.

It’s one thing to not have a fully-functioning SIEM or an event logging and alerting system that still needs to be tweaked. Likewise, there’s only so much that can be done about users making bad decisions. But to have a firewall that’s outdated, unsupported, and/or poorly-secured is something that’ll be hard to defend. This is especially important knowing what we now know about security threats and the precedents that have been set regarding due care and negligence for internal audit and compliance in breach-related legal cases.

Do what you need to do to stay up with the latest and greatest security issues but never, ever forget about basic firewall maintenance issues. It’s just like your house and your car. You’re only going to get by with ignoring maintenance for so long. Before you spend another dollar on yet another security system, step back and look at the bigger picture. Take an inventory. Look at your configs. Do what it takes to not only know your environment but also understand how it’s at risk. All it takes is one small oversight to create big security problems.