Firewall configuration:
What is it? How does it work?
Firewalls can greatly increase the security of enterprise networks, and enable organizations to protect their assets and data from malicious actors. But for this, proper firewall configuration is essential.
Firewall configuration involves configuring domain names and Internet Protocol (IP) addresses and completing several other actions to keep firewalls secure. Firewall policy configuration is based on network types called “profiles” that can be set up with security rules to prevent cyber attacks.
Firewall configuration challenges
Configuring firewalls can raise many challenges
Finding the right firewall
It can be overwhelming to decide between a hardware or software firewall, so make sure you first determine your business needs and network configuration. Software firewalls can protect individual machines against harmful traffic; hardware firewalls are suitable for protecting enterprise networks.
Broad firewall policy configurations
During firewall setup, broad approvals policies that allow traffic from any source to any destination can expose the network to several security risks. It’s safer to implement narrow permissions from the start by following the Principle of Least Privilege (POLP). These firewall rule configurations can be widened later as required.
Non-standard authentication
With non-standard authentication methods, your firewall could accept weaker passwords or place less stringent limits on the number of login attempts allowed. This increases the risk of cybersecurity breaches. For safety, use only standard authentication methods.
Open ports and risky management services
Cybercriminals leverage open firewall ports and dynamic routing protocols to penetrate and exploit enterprise networks. Disable open ports at the time of firewall configuration. Other open ports should be adequately protected.
Inadequate firewall monitoring
If firewalls are not monitored, you may miss signs of unusual traffic that could indicate the presence of cyber attackers. Always monitor and log outputs from security devices so you will be alerted if you’re under attack. If an attacker does break through, alerts reduce the time to response.
Guest or public networks: Use this profile when the system is connected to a public network.
It’s best to set restrictive access because the other systems on the network could be potentially harmful.
Private networks: Use this profile when connected to a network in workgroup mode.
Set access to medium levels since the other systems can be mostly trusted.
Domain networks: This profile is used when networks are connected to an Active Directory (AD) domain.
A group policy controls the firewall settings.
What are the network profiles for firewall configuration?
A typical enterprise-level network is segregated into multiple security zones or “rings”:
Ring 1: The Internet Edge
Ring 2: The Backbone Edge
Ring 3: The Asset Network Edge
Ring 4: Local Host Security
These zones are a logical way to group the firewall’s physical and virtual interfaces, and control traffic. Traffic can flow freely within a zone, but not between different zones until you define and allow it within the firewall policy configuration. In general, more zones means a more secure network
What is the role of security zones in firewall settings?
Yes, you can create a filter with a list of words, phrases and variations to be blocked. Configure your firewall settings to “sniff” each packet of traffic for an exact match of this text.
Can I configure my firewall to block specific words or phrases?
For each network profile, a firewall displays status information like:
Profile currently in use
Firewall state (On or Off)
Incoming connections and current policy
Active networks
Notification state
What information does a firewall display for each network profile?
You can set firewall filters for all these protocols:
Internet Protocol (IP) to deliver information over the Internet
Transmission Control Protocol (TCP) to break apart and reconstruct information over the Internet
HyperText Transfer Protocol (HTTP) for web pages
User Datagram Protocol (UDP) for information that requires no user response
File Transfer Protocol (FTP) to upload/download files
Simple Mail Transport Protocol (SMTP) for sending text-based information via email
Simple Network Management Protocol (SNMP) to collect system information from a remote computer
Telnet to perform commands on a remote computer
What are the protocols you can set firewall filters for?
Here’s a 6-step secure firewall setup process:
Secure the firewall
Update with the latest firmware
Replace default passwords with strong, unique passwords
Avoid using shared user accounts
Disable Simple Network Management Protocol (SNMP) or configure it securely
Restrict incoming/outgoing traffic for TCP
Create firewall zones
Group assets into zones based on functions and risk levels
Set up the IP address structure to assign zones to firewall interfaces
Configure Access Control Lists (ACLs)
Make them specific to the source and destination port numbers and IP addresses
Create a “deny all” rule to filter out unapproved traffic
Create an ACL (inbound/outbound) for each interface and sub-interface
Disable admin interfaces from public access
Disable unencrypted firewall management protocols
Configure firewall logging
Critical if PCI DSS compliance is a requirement
Disable extra/unused services
Test the firewall configuration
Ensure the correct traffic is being blocked
Perform penetration testing and vulnerability scanning
Securely back up the configuration
After you complete the firewall setup, manage and monitor it continuously to ensure that it functions as intended
What are the firewall configuration steps?
FAQ
Get answers to your firewall configuration and firewall setting questions
More firewall features
AlgoSec’s range of firewall configuration and management tools enable organizations to identify and block cyber attacks. All our offerings are up-to-date to protect your enterprise even from the latest threats.
Get enhanced visibility into on-prem and cloud networks
Automate security troubleshooting, application discovery, network auditing, and risk analysis with AlgoSec Firewall Analyzer. Optimize your firewall configuration for ongoing, reliable security and uninterrupted compliance.
Network security policy management
Manage your network security policy lifecycle across on-premises firewalls and cloud security controls. Reduce risk through effective security configuration and network segmentation, while enhancing productivity, collaboration, and agility.
Automatically process security policy changes
Zero-touch automation saves time, prevents manual errors, and reduces risk. Design firewall rules to minimize complexity and make changes at the business application level. AlgoSec FireFlow integrates with existing business processes for continuous security and compliance.
Simplify firewall audits
AlgoSec provides detailed audit reports that flag non-compliant firewall rules so you can remediate problems before audits and improve firewall performance and compliance.
Mitigate network issues
Integration between firewall configuration and business security policies is the key to effective network security. Firewall management tools secure the IT infrastructure against unauthorized and potentially harmful traffic.
Optimize applications and rule sets
Review firewall rules quickly and easily with AlgoSec’s Firewall Analyzer with AppViz. Uncover unused, duplicate, overlapping or expired rules, and tighten overly-permissive “ANY” rules to mitigate risk.