Configuring firewalls can raise many challenges
It can be overwhelming to decide between a hardware or software firewall, so make sure you first determine your business needs and network configuration. Software firewalls can protect individual machines against harmful traffic; hardware firewalls are suitable for protecting enterprise networks.
During firewall setup, broad approvals policies that allow traffic from any source to any destination can expose the network to several security risks. It’s safer to implement narrow permissions from the start by following the Principle of Least Privilege (POLP). These firewall rule configurations can be widened later as required.
With non-standard authentication methods, your firewall could accept weaker passwords or place less stringent limits on the number of login attempts allowed. This increases the risk of cybersecurity breaches. For safety, use only standard authentication methods.
Cybercriminals leverage open firewall ports and dynamic routing protocols to penetrate and exploit enterprise networks. Disable open ports at the time of firewall configuration. Other open ports should be adequately protected.
If firewalls are not monitored, you may miss signs of unusual traffic that could indicate the presence of cyber attackers. Always monitor and log outputs from security devices so you will be alerted if you’re under attack. If an attacker does break through, alerts reduce the time to response.
Get answers to your firewall configuration and firewall setting questions
Guest or public networks: Use this profile when the system is connected to a public network.
It’s best to set restrictive access because the other systems on the network could be potentially harmful.
Private networks: Use this profile when connected to a network in workgroup mode.
Set access to medium levels since the other systems can be mostly trusted.
Domain networks: This profile is used when networks are connected to an Active Directory (AD) domain.
A group policy controls the firewall settings.
For each network profile, a firewall displays status information like:
Profile currently in use
Firewall state (On or Off)
Incoming connections and current policy
A typical enterprise-level network is segregated into multiple security zones or “rings”:
Ring 1: The Internet Edge
Ring 2: The Backbone Edge
Ring 3: The Asset Network Edge
Ring 4: Local Host Security
These zones are a logical way to group the firewall’s physical and virtual interfaces, and control traffic. Traffic can flow freely within a zone, but not between different zones until you define and allow it within the firewall policy configuration. In general, more zones means a more secure network
You can set firewall filters for all these protocols:
Internet Protocol (IP) to deliver information over the Internet
Transmission Control Protocol (TCP) to break apart and reconstruct information over the Internet
HyperText Transfer Protocol (HTTP) for web pages
User Datagram Protocol (UDP) for information that requires no user response
File Transfer Protocol (FTP) to upload/download files
Simple Mail Transport Protocol (SMTP) for sending text-based information via email
Simple Network Management Protocol (SNMP) to collect system information from a remote computer
Telnet to perform commands on a remote computer
Yes, you can create a filter with a list of words, phrases and variations to be blocked. Configure your firewall settings to “sniff” each packet of traffic for an exact match of this text.
Here’s a 6-step secure firewall setup process:
Secure the firewall
Update with the latest firmware
Replace default passwords with strong, unique passwords
Avoid using shared user accounts
Disable Simple Network Management Protocol (SNMP) or configure it securely
Restrict incoming/outgoing traffic for TCP
Create firewall zones
Group assets into zones based on functions and risk levels
Set up the IP address structure to assign zones to firewall interfaces
Configure Access Control Lists (ACLs)
Make them specific to the source and destination port numbers and IP addresses
Create a “deny all” rule to filter out unapproved traffic
Create an ACL (inbound/outbound) for each interface and sub-interface
Disable admin interfaces from public access
Disable unencrypted firewall management protocols
Configure firewall logging
Critical if PCI DSS compliance is a requirement
Disable extra/unused services
Test the firewall configuration
Ensure the correct traffic is being blocked
Perform penetration testing and vulnerability scanning
Securely back up the configuration
After you complete the firewall setup, manage and monitor it continuously to ensure that it functions as intended