Page 24 - Cyber Warnings
P. 24
traffic before it hits your firewall so it can be inspected before being re-encrypted and sent to its
destination. Several vendors sell proxy servers that do the interception at a high enough speed
there is no degradation in performance.
If you don’t want to, or cannot inspect all encrypted traffic that is entering or exiting your
network, you instead can specify traffic the traffic you do want to look at by source or by
destination.
Review your rules
Make sure to audit and review your firewall rules periodically. You might have started with a
relatively clean set of rules and strict policies for blocking things at the network edge. But over
time rules have a way of becoming obsolete, redundant and conflicting.
They also have a way of becoming a lot more permissive than the original rules set. It is not
unusual at all for firewall administrators to start adding rules to accommodate requests from
internal users about rules that might be preventing access to resources they legitimately need.
Over time, such requests can make your rules base a lot less clean than it was when you
started out and before you know it you are allowing in traffic that you previously would have
restricted.
Conflicting rules and misconfigurations are bad enough when you have just a handful of
firewalls to manage. But they become a lot harder to catch in organizations that have numerous
firewalls and administrators.
Generally, it is a good idea to review your rule sets every six months. Remove the obsolete, the
unused, and expired rules. When adding new rules, make sure to look at existing rules first so
they don’t duplicate or conflict with something that might already be in place.
In order to ensure security of your organization, it is important to put the above processes into
practise.
About the Author
Kasey Cross, Security Evangelist and Sr. Product Marketing Manager at A10
Networks
24 Cyber Warnings E-Magazine – July 2016 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
