Firewall Management 201
Firewall Management with Professor Wool is a whiteboard-style series of lessons that examine the challenges of and provide technical tips for managing security policies in evolving enterprise networks and data centers.
Examining the Most Common Firewall Misconfigurations
In this lesson, Professor Wool discusses his research on different firewall misconfigurations and provides tips for preventing the most common risks.
Automating the Firewall Change Control Process
In this lesson, Professor Wool examines the challenges of managing firewall change requests and provides tips on how to automate the entire workflow.
Using Object Naming Conventions to Reduce Firewall Management Overhead
In this lesson, Professor Wool offers some recommendations for simplifying firewall management overhead by defining and enforcing object naming conventions.
Tips for Firewall Rule Recertification
In this lesson, Professor Wool examines some tips for including firewall rule recertification as part of your change management process, including questions you should be asking and be able to answer as well as guidance on how to effectively recertify firewall rules
Managing Firewall Policies in a Disappearing Network Perimeter
In this lesson, Professor Wool examines how virtualization, outsourcing of data centers, worker mobility and the consumerization of IT have all played a role in dissolving the network perimeter and what you can do to regain control.
Analyzing Routers as Part of Your Security Policy
In this lesson, Professor Wool examines some of the challenges when it comes to managing routers and access control lists (ACLs) and provides recommendations for including routers as part of your overall security policy with tips on change management, auditing and ACL optimization.
Examining the Challenges of Accurately Simulating Network Routing
In this lesson, Professor Wool examines the complex challenges of accurately simulating network routing, specifically drilling into three options for extracting the routing information from your network: SNMP, SSH and HSRP or VRPP.
NAT Considerations When Managing Your Security Policy
A business owner makes a simple change request to allow traffic to a new application. You now need to figure out the right firewall rules to change. This should be pretty simple… but what if you’re using NAT (Network Address Translation) in your environment? In this lesson, Professor Wool explains some key principles of NATing and why it’s critical to understand your NAT policy in order to identify the right paths for network traffic, which firewalls rules really need to be modified, and how to write your security policy correctly.
How to Structure Network Objects to Plan for Future Policy Growth
In this lesson, Professor Wool explains how you can create templates - using network objects - for different types of services and network access which are reused by many different servers in your data center. Using this technique will save you from writing new firewall rules each time you provision or change a server, reduce errors, and allow you to provision and expand your server estate more quickly.
Tips to Simplify Migrations to a Virtual Data Center
In this lesson, Professor Wool examines the challenges of migrating business applications and physical data centers to a private cloud and offers tips to conduct these migrations without the risk of outages.
Tips for Filtering Traffic within a Private Cloud
In this lesson, Professor Wool provides the example of a virtualized private cloud which uses hypervisor technology to connect to the outside world via a firewall. If all worksloads within the private cloud share the same security requirements, this set up is adequate. But what happens if you want to run workloads with different security requirements within the cloud? Professor Wool explains the different options for filtering traffic within a private cloud, and discusses the challenges and solutions for managing them.
Managing Your Security Policy for Disaster Recovery
In this lesson Professor Wool discusses ways to ensure that your security policy on your primary site and on your disaster recovery (DR) site are always sync. He presents multiple scenarios: where the DR and primary site use the exact same firewalls, where different vendor solutions or different models are used on the DR site, and where the IP address is or is not the same on the two sites.
Zero-Touch Change Management with Checks and Balances
In this lesson, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. He explains how, using conditional logic, its possible to significantly speed up security policy change management while maintaining control and ensuring accuracy throughout the process.
Synchronized Object Management in a Multi-Vendor Environment
Many organizations have different types of firewalls from multiple vendors, which typically means there is no single source for naming and managing network objects. This ends up creating duplication, confusion, mistakes and network connectivity problems especially when a new change request is generated and you need to know which network object to refer to. In this lesson Profession Wool provides tips and best practices for how to synchronize network objects in a multi-vendor environment for both legacy scenarios, and greenfield scenarios.
How to Synchronize Object Management with a CMDB
Many organizations have both a firewall management system as well as a CMDB, yet these systems do not communicate with each other and their data is not synchronized. This becomes a problem when making security policy change requests, and typically someone needs to manually translate the names used by in the firewall management system to the name in the CMDB, which is a slow and error-prone process, in order for the change request to work. In this lesson Professor Wool provides tips on how to use a network security policy management to coordinate between the two system, match the object names, and then automatically populate the change management process with the correct names and definitions.
How to Take Control of a Firewall Migration Project
Some companies use tools to automatically convert firewall rules from an old firewall, due to be retired, to a new firewall. In this lesson, Professor Wool explains why this process can be risky and provides some specific technical examples. He then presents a more realistic way to manage the firewall rule migration process that involves stages and checks and balances to ensure a smooth, secure transition to the new firewall that maintains secure connectivity.
PCI – Linking Vulnerabilities to Business Applications
PCI-DSS 3.2 regulation requirement 6.1 mandates that organizations establish a process for identifying security vulnerabilities on the servers that are within the scope of PCI. In this new lesson, Professor Wool explains how to address this requirement by presenting vulnerability data by both the servers and the by business processes that rely on each server. He discusses why this method is important and how it allows companies to achieve compliance while ensuring ongoing business operations.
Sharing Network Security Information with the Wider IT Community With Team Collaboration Tools
Collaboration tools such as Slack provide a convenient way to have group discussions and complete collaborative business tasks. Now, these automated chatbots can be used for answering questions and handling tasks for development, IT and infosecurity teams. For example, enterprises can use chatbots to automate information-sharing across silos, such as between IT and application owners. So rather than having to call somebody and ask them “Is that system up? What happened to my security change request?” and so on, tracking helpdesk issues and the status of help requests can become much more accessible and responsive. Chatbots also make access to siloed resources more democratic and more widely available across the organization (subject, of course to the necessary access rights). In this video, Prof. Wool discusses how automated chatbots can be used to help a wide range of users for their security policy management tasks – thereby improving service to stakeholders and helping to accelerate security policy change processes across the enterprise.