Secure Network Firewall
15
Oct

6 Best Practices for Secure Network Firewall Configuration

A firewall is a network security structure that can help protect your network by monitoring network traffic and blocking outsiders from acquiring unauthorized access to private data on your computer system based on premeditated rules. A network firewall establishes a barrier between a trusted network and an untrusted network.

Moreover, a network firewall does not only block untrusted traffic, but it also blocks malicious software that can infect your computer, while allowing legitimate traffic through. Network firewalls usually serve as the first line of defense in your home network security.

8 Types of firewalls

There are different types of firewalls; however, they are normally categorized as either a host-based system or a network-based system. Likewise, network firewall security appliances can offer non-firewall functions, including virtual private network (VPN) or dynamic host configuration protocol (DHCP). The following are the most common types of firewalls.

Packet-filtering firewalls

This is the oldest and most basic

type that creates a checkpoint for packets transferred between computers. Packets are filtered by source and destination protocol, IP address, destination ports, and other surface-level information without opening up the packet to inspect its contents.

If the information packet does not meet the inspection standard, it is dropped. These types of firewalls aren’t extremely resource-intensive. However, they are relatively easy to bypass when compared to firewalls with a more robust inspection competence.

Circuit-level gateways

Unlike packet filtering firewalls, circuit-level gateways are extremely resource-intensive. This firewall type works by verifying the TCP (Transmission Control Protocol) handshake. The TCP handshake is a check designed to ensure that the session packet is from an authentic source.

Circuit-level gateways are simplistic types of firewalls intended to speedily and simply deny or approve traffic without consuming significant computing resources. Nevertheless, this firewall type doesn’t inspect the packet itself. If a packet has malware but includes the right TCP handshake, it would pass through.

Application-level gateways/ Layer 7

Proxy firewalls run at the application-level layer to filter incoming traffic between the network source and your network. These firewall types are delivered through a cloud-based solution or other proxy systems. Proxy firewalls look at both the packet and the TCP handshake protocol. Although, it may also conduct deep-layer packet inspections to validate that it doesn’t have any malware.

The major advantage of application-layer filtering is that it can understand specific applications and protocols, including Hyper-Text Transfer Protocol (HTTP), Domain Name System (DNS), or File Transfer Protocol (FTP).

Stateful inspection firewalls

Stateful inspection firewalls merge both TCP handshake authentication and packet inspection to establish network security than what packet-filtering firewalls or circuit-level gateways can guarantee alone. Although, this firewall type slows down the transfer of authentic packets, unlike the other two architectures.

Cloud firewalls

The key advantage of cloud-based firewalls is that it is amazingly easy to scale with your organization. Cloud firewalls are also called firewall-as-a-service (FaaS). Cloud firewalls are considered similar to proxy firewalls because cloud servers are often deployed in a firewall setup.

Hardware firewalls

This type of firewall implements a physical device that behaves similarly to a traffic router to check traffic requests and data packets before being connected to the network’s server.

Software firewalls

This includes any firewall installed on a local system instead of a distinct piece of hardware or cloud-based solution. Software firewalls are extremely beneficial when establishing defense-in-depth by separating distinct network endpoints from one another.

Next-gen firewalls

‘Next-generation’ firewalls include most of the newly-released firewall products. While there isn’t much consensus on what characterizes a next-gen firewall, some common features include TCP handshake inspection, deep-packet inspection, and surface-level inspection packet.

https://youtu.be/X7lEwB7tmuc

How to Configure and Manage a Secure Firewall?

There are several appropriate firewall standards that you can deploy to ensure computer network defense. Notwithstanding, the following steps are crucial irrespective of the firewall platform you select.

1.      Ensure your firewall is secure

Securing your firewall is the first step to configure and manage a secure firewall. Never allow your firewall to perform actions that are not properly secured, instead:

  • Disable simple network management protocol (SNMP)
  • Rename, disable, or delete any default user account and modify all your default passwords
  • Establish additional administrator accounts based on responsibilities, particularly if multiple administrators will manage your firewall.

2.      Create your firewall zones and corresponding IP addresses

The more zones you establish, the more secure your network will become. Before you proceed to defend your valuable assets, you must identify what these assets are and then plan out your network structure to position networks based on their functionality and sensitivity.

After you’ve designed a secure structure and created the equivalent IP address structure, you’re fully prepared to architecture your firewall zones and allocate them to the firewall interfaces and/or sub-interfaces.

3.      Have a configured access control list (ACLs)

After establishing your network zones and allocating them to their firewall interfaces, the next step is to determine which traffic needs to flow in and out of each zone. This would be made possible through access control lists (ACLs). Use both outbound and inbound ACLs to each interface and sub-interface on your network firewall to allow only approved traffic in and out of each zone.

4.      Configure other firewall services to the required standards

Depending on your firewall’s ability to act as an intrusion prevention system (IPS), network time protocol (NTP), DHCP, and so on, you can configure the services you require and disable all the additional services that are not relevant to you.

You need to consult PCI DSS requirements and satisfy the requirements for 10.2 through 10.3 of the PCI DSS to configure your firewall to report to your logging server properly.

5.      Conduct network firewall configuration tests

You need to test your firewall to verify that your firewall is working as expected. You should include both penetration testing and vulnerability scanning to test your firewall configuration. Remember always to back up your firewall configuration.

6.      Constant Firewall management

After your firewall configuration is completed, you need to ensure secure firewall management. To do this effectively, you must

  • Perform vulnerability scans
  • Monitor logs
  • Regularly review firewall rules
  • Keep firmware updated
  • Document progress

Additional tips for configuring a firewall securely

  1. Fulfill standard regulatory mandates such as NIST, PCI DSS, ISO, and NERC
  2. Conduct frequent firewall configuration changes
  3. Block traffic by default and monitor user access
  4. Establish and use only a secure connection
  5. Streamline the configuration changes and eliminate configuration loopholes
  6. Constantly test your firewall configuration
  7. Record all configuration changes in real-time

Additional tips for managing a firewall securely

  1. Have a clearly defined firewall change management plan
  2. Test the impact of the firewall policy change
  3. Clean up and optimize the firewall rule base
  4. Regularly update firewall software
  5. Centralize firewall management for multi-vendor firewalls

Learn more about creating a secure network firewall

The Certified Network Defender (CND) is a certification program that creates savvy network administrators who are well-trained in identifying, defending, responding, and mitigating all network-related vulnerabilities and attacks. The CND certification program involves hands-on labs constructed through notable network security software, tools, and techniques that will provide the certified network administrator with real-world and up-to-date proficiencies about network security technologies and operations. Click here for more information on EC-Council’s CND program.

FAQS

How do you organize firewall rules?
The following are the best practices for firewall rules:

  • Each firewall rule should be recorded to recognize what action the rule was meant to do
  • Before you add or change any firewall rule, you should create a formal change procedure
  • Block all traffic by default and allow only specific traffic to recognized services
  • Set precise and clear firewall rules
  • Set explicit drop rule (Cleanup Rule)
  • Audit logs
  • Ensure the old firewall rules are reviewed and deleted when necessary
How do I strengthen my firewall?
The following are the ways you can address security challenges within networks and strengthen your firewall:

  1. Ensure you secure critical resources before anything else
  2. Always remember that there is a difference between perimeter security and internal security
  3. Do not give every VPN user free rein to the entire internal network.
  4. Establish Internet-style perimeters for partner extranets
  5. Create virtual perimeters
  6. Automatically monitor security policy
  7. Justify security decisions
  8. Turn off idle network services
  9. Eliminate rogue wireless access points and establish secure wireless access
  10. Build secure visitor access
How do you use firewall rule review?
There are vulnerability assessments that ensure that the firewall is not vulnerable to modern exploits and official audits that check for vulnerabilities and ensure that the latest patches are installed for the Firewall software and OS, such as a Security Policy and firewall software configuration.

However, there is a need for a Firewall Rule Review to evaluate your security policy and eliminate obsolete services, rules, policy compliance, and reposition for performance. You need to step through the firewall rules one after the other to ensure that they are in the right order. The Network Security Officer or Firewall often performs the Firewall Rule Review.

get certified from ec-council
Write for Us
eccouncil track