Everything you ever wanted to know about security policy management, and much more.
We’ve now crossed over the halfway point in our series on simplifying firewall audits and ensuring continuous compliance and that brings us to a major housekeeping project that admitedly is not fun, but necessary. Without going through your rule base, which depending on how it’s been managed over the years can be VERY ugly, the audit pain will be significant and it will never get better in future audits unless you address this.
Quickly, let’s review the first three steps to making your life easier when it comes to audits and ensuring compliance:
Step 1: Gathering Pertinent Information Before You Undergo an Audit
Step 2: Review Your Firewall Change Management Process
Step 3: Audit Your Firewalls’ Physical and OS Security
And now, let’s dig into step 4!
Step 4: Cleanup and Optimize Your Rule Base
In general, if you don’t maintain and take care of something, it will get messy. Firewalls are no different. Over time, firewall policies have more and more policies added, removed and changed, and oftentimes with little documentation for the what, why, who, etc.
Removing firewall clutter and optimizing your rule base can greatly improve IT productivity and firewall performance. Additionally, optimizing firewall rules can significantly reduce a lot of unnecessary overhead in the audit process. Here’s a top ten list (in no particular order) of items for you to manage (Again, as with an audit, this can’t be set and forget… once you’ve optimized your rule set, you want to maintain that optimized policy over time):
Documentation is an obvious one (going back to the first blog in this series in terms of gathering info, but if you’re not keeping firewall policies clean on an ongoing basis, you are setting yourself up for a lot more of digging through policies, trying to understand what is really going on, etc. This isn’t just bad for audits, it hurts your visibility of what’s going on in your network. In part 5 of this blog series, we’ll examine risk assessment and remediation. Stay tuned!
Receive notifications of new posts by email.