Security Policy Management with
Professor Wool

Firewall Management 201

Firewall Management with Professor Wool is a whiteboard-style series of lessons that examine the challenges of and provide technical tips for managing security policies in evolving enterprise networks and data centers.

Lesson 1

Examining the Most Common Firewall Misconfigurations

In this lesson, Professor Wool discusses his research on different firewall misconfigurations and provides tips for preventing the most common risks.

Lesson 2

Automating the Firewall Change Control Process

In this lesson, Professor Wool examines the challenges of managing firewall change requests and provides tips on how to automate the entire workflow.

Lesson 3

Using Object Naming Conventions to Reduce Firewall Management Overhead

In this lesson, Professor Wool offers some recommendations for simplifying firewall management overhead by defining and enforcing object naming conventions.

Lesson 4

Tips for Firewall Rule Recertification

In this lesson, Professor Wool examines some tips for including firewall rule recertification as part of your change management process, including questions you should be asking and be able to answer as well as guidance on how to effectively recertify firewall rules

Lesson 5

Managing Firewall Policies in a Disappearing Network Perimeter

In this lesson, Professor Wool examines how virtualization, outsourcing of data centers, worker mobility and the consumerization of IT have all played a role in dissolving the network perimeter and what you can do to regain control.

Lesson 6

Analyzing Routers as Part of Your Security Policy

In this lesson, Professor Wool examines some of the challenges when it comes to managing routers and access control lists (ACLs) and provides recommendations for including routers as part of your overall security policy with tips on change management, auditing and ACL optimization.

Lesson 7

Examining the Challenges of Accurately Simulating Network Routing

In this lesson, Professor Wool examines the complex challenges of accurately simulating network routing, specifically drilling into three options for extracting the routing information from your network: SNMP, SSH and HSRP or VRPP.

Lesson 8

NAT Considerations When Managing Your Security Policy

A business owner makes a simple change request to allow traffic to a new application. You now need to figure out the right firewall rules to change. This should be pretty simple… but what if you’re using NAT (Network Address Translation) in your environment? In this lesson, Professor Wool explains some key principles of NATing and why it’s critical to understand your NAT policy in order to identify the right paths for network traffic, which firewalls rules really need to be modified, and how to write your security policy correctly.

Lesson 9

How to Structure Network Objects to Plan for Future Policy Growth

In this lesson, Professor Wool explains how you can create templates - using network objects - for different types of services and network access which are reused by many different servers in your data center. Using this technique will save you from writing new firewall rules each time you provision or change a server, reduce errors, and allow you to provision and expand your server estate more quickly.

Lesson 10

Tips to Simplify Migrations to a Virtual Data Center

In this lesson, Professor Wool examines the challenges of migrating business applications and physical data centers to a private cloud and offers tips to conduct these migrations without the risk of outages.

Lesson 11

Tips for Filtering Traffic within a Private Cloud

In this lesson, Professor Wool provides the example of a virtualized private cloud which uses hypervisor technology to connect to the outside world via a firewall. If all worksloads within the private cloud share the same security requirements, this set up is adequate. But what happens if you want to run workloads with different security requirements within the cloud? Professor Wool explains the different options for filtering traffic within a private cloud, and discusses the challenges and solutions for managing them.

Lesson 12

Managing Your Security Policy for Disaster Recovery

In this lesson Professor Wool discusses ways to ensure that your security policy on your primary site and on your disaster recovery (DR) site are always sync. He presents multiple scenarios: where the DR and primary site use the exact same firewalls, where different vendor solutions or different models are used on the DR site, and where the IP address is or is not the same on the two sites.

Lesson 13

Zero-Touch Change Management with Checks and Balances

In this lesson, Professor Wool highlights the challenges, benefits and trade-offs of utilizing zero-touch automation for security policy change management. He explains how, using conditional logic, its possible to significantly speed up security policy change management while maintaining control and ensuring accuracy throughout the process.

Lesson 14

Synchronized Object Management in a Multi-Vendor Environment

Many organizations have different types of firewalls from multiple vendors, which typically means there is no single source for naming and managing network objects. This ends up creating duplication, confusion, mistakes and network connectivity problems especially when a new change request is generated and you need to know which network object to refer to. In this lesson Profession Wool provides tips and best practices for how to synchronize network objects in a multi-vendor environment for both legacy scenarios, and greenfield scenarios.

Lesson 15

How to Synchronize Object Management with a CMDB

Many organizations have both a firewall management system as well as a CMDB, yet these systems do not communicate with each other and their data is not synchronized. This becomes a problem when making security policy change requests, and typically someone needs to manually translate the names used by in the firewall management system to the name in the CMDB, which is a slow and error-prone process, in order for the change request to work. In this lesson Professor Wool provides tips on how to use a network security policy management to coordinate between the two system, match the object names, and then automatically populate the change management process with the correct names and definitions.

Lesson 16

How to Take Control of a Firewall Migration Project

Some companies use tools to automatically convert firewall rules from an old firewall, due to be retired, to a new firewall. In this lesson, Professor Wool explains why this process can be risky and provides some specific technical examples. He then presents a more realistic way to manage the firewall rule migration process that involves stages and checks and balances to ensure a smooth, secure transition to the new firewall that maintains secure connectivity.

Lesson 17

PCI – Linking Vulnerabilities to Business Applications

PCI-DSS 3.2 regulation requirement 6.1 mandates that organizations establish a process for identifying security vulnerabilities on the servers that are within the scope of PCI. In this new lesson, Professor Wool explains how to address this requirement by presenting vulnerability data by both the servers and the by business processes that rely on each server. He discusses why this method is important and how it allows companies to achieve compliance while ensuring ongoing business operations.

Lesson 18

Sharing Network Security Information with the Wider IT Community With Team Collaboration Tools

Collaboration tools such as Slack provide a convenient way to have group discussions and complete collaborative business tasks. Now, these automated chatbots can be used for answering questions and handling tasks for development, IT and infosecurity teams. For example, enterprises can use chatbots to automate information-sharing across silos, such as between IT and application owners. So rather than having to call somebody and ask them “Is that system up? What happened to my security change request?” and so on, tracking helpdesk issues and the status of help requests can become much more accessible and responsive. Chatbots also make access to siloed resources more democratic and more widely available across the organization (subject, of course to the necessary access rights). In this video, Prof. Wool discusses how automated chatbots can be used to help a wide range of users for their security policy management tasks – thereby improving service to stakeholders and helping to accelerate security policy change processes across the enterprise.

Have a Question for Professor Wool?

Choose a better way to manage your network