Firewall management tools ease configuration woes

While an excellent tool against data security breaches, a firewall is only as good as its configuration. If a company's firewall is configured correctly and managed competently, data security will remain intact. This article provides tips on how to manage a firewall and maintain its efficiency for the betterment of you and your clients.

As properly configured access control systems, firewalls are an invaluable layer in a comprehensive security design.

The catch, of course, is the phrase "properly configured." Most firewall configurations begin simple and secure, but grow more complex and ineffectual over time. In this article, I discuss reasons for these problems, and how to choose a firewall management solution to keep clients' firewalls effective and manageable.

There are three primary culprits that contribute to firewall configuration complexity:

 The 'fix-it-now' mentality

As help desk calls concerning unknown applications and protocols begin piling up, it is easier for overtaxed firewall administrators to resolve problems with "shot-gun" approaches such as adding rules allowing "Any" sources or protocols.

 Multi-vendor systems

Managing firewalls from different vendors can seriously amplify an administrator's workload. Often concepts do not translate from vendor to vendor, and those concepts that do are implemented in ways so differing, you begin to wonder if it was done on purpose.

 Tactical vs. strategic effects

Short-term fixes lead to lengthy rule base configurations and duplicate or orphaned rules, and over permissive policies. Without effective management tools firewalls lose their strategic place within the security infrastructure.

How can you help your clients tackle these problems? Typically, firewall management approaches fall into one of three categories:

 Homegrown / open source

The do-it-yourself approach to firewall management can be both inexpensive and effective if you have the expertise and are not afraid of a little work. However, lack of a comprehensive open source project to manage both configuration and reporting, and limited vendor integrations are significant drawbacks.

 Firewall vendor

Most of the larger firewall vendors (Check Point, Cisco, Juniper, etc.) have centralized firewall management systems offering configuration, logging and historical reporting. The strengths and features of the systems vary widely with each vendor, but the common weakness is that each system only supports that vendor's firewall.

 Third party

A few companies have introduced products aimed at cross platform firewall management and monitoring. For example, the SecureTrack product from Tufin Technologies allows auditing rule base changes on multiple firewalls. Third-party products can offer more management features and broader support than management tools from firewall vendors.

The best choice for your client will be dictated by the number and type of firewalls deployed, as well as the feature set you need in order to effectively manage the firewalls. Here are some things to consider when choosing an effective solution – be it open source or a third-party product:

 Multi-vendor support

Obviously, the solution needs to support your client's current firewall vendors, but you should look for or build a solution that supports many firewall vendors in the same range as the client's current deployment. You never know when your client's environment will change. A management tool that supports changing infrastructures is invaluable.

 Best practices analysis

Firewall vendors implement technology in different ways, but best practices, such as denying all traffic not explicitly allowed and logging suspicious activity, are universally accepted, and should be implemented and monitored across all firewalls in any firewall management solution.

 Flexible reporting

Pre-built or "canned" reporting quickly produces reports with general information, but also look for the ability to define reports on all information collected. This level of granularity is imperative for reporting on unusual patterns or specific incident scenarios.

Firewalls require careful configuration and monitoring to remain effective. The tools and approaches mentioned here can greatly enhance the management and security of your client's first line of network defense.

 About the author
Chris Clements is a security architect for Flat Earth Networking Inc., a dedicated information security company based in Nashville, Tenn. Over the past six years, Chris has dedicated himself to every facet of information security. As a result, he has expertise in numerous security systems, security policy, vulnerability assessment and business case analysis. In January of 2007, Chris was chosen by Flat Earth Networking to launch a consulting offering including research, design, auditing and education for the Fortune 1000 customer market.

This was first published in August 2007

Dig deeper on Application security and data protection

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

MicroscopeUK

SearchCloudProvider

SearchSecurity

SearchStorage

SearchNetworking

SearchCloudComputing

SearchConsumerization

SearchDataManagement

SearchBusinessAnalytics

Close