A firewall is a device which has the capability of protecting company's computers, servers, systems and the critical assets from all sorts of threats.
It can be a single device or a combination of systems that is capable of supervising the FLOW of traffic between distinctive parts of your network. A good firewall is capable of protecting your systems and network from external threats, but also from the internal threats. Of course, you need protection at each level of the hierarchy of your networking systems.
A firewall is a device or a combination of systems that supervises the flow of traffic between distinctive parts of the network. A firewall is used to guard the network against nasty people and prohibit their actions at predefined boundary levels.
Your firewall has to be capable of dealing with all sorts of viruses, worms, trojans, malicious software and denying them any access to your network.
You firewall also PROVISIONS your system to stop forwarding unlawful data to another system. For Example, a firewall always exists between a private network and the Internet which is a public network thus filters packets coming in and out. It should be capable of preventing all sorts of internet-related exfiltration attempts too.
At its most fundamental, a firewall operates as a barrier between your LANs and Internet.
Modern firewalls (read, NGFWs) are able to provision the security apparatus for allowing and restricting traffic, authentication, address translation, and content security, and lot more.
-
This post is intended to look at Firewalls from basic implementation perspective.
If you have a very small network, then you can conveniently install software-based firewall on each computer and server. Example of these firewalls are Comodo Firewall, AVS Firewall, NetDefender, PeerBlock, Windows' Firewall, etc. You can configure these in such a manner that only listed traffic can come in and out of the device.
But in a large-scale network, it is almost next to impossible to manually configure the firewall protection on each node. That's why you need a centralized security system (Firewall).
You can enforce a firewall on your internet-facing ROUTER itself. The policies of traffic come in and out into the device and can be handled solely by one device.
NGFWs are such solutions that provide security to big networks of Enterprise. There you can implement Hardware and Software Firewall together at pertinent points of your networks. This makes the overall security system cost-effective.
-
Why is basic Firewall Configuration so important?
A firewall needs to be properly configured to keep your organization protected from data leakage and cyberattacks.
Improper firewall configuration can result in attackers gaining unauthorized access to your protected internal networks and resources. As a result, cyber criminals are constantly on the lookout for networks that have outdated software or servers and are not protected.
Gartner highlighted the size and magnitude of this issue, predicting that 99% of firewall breaches would be caused by misconfigurations in 2020 (and onwards).
Though most firewalls come along with some default settings of features, but the defaults may not provide you maximum protection from cyber-threats. That's why, it is very important to configure your firewall properly.
You generally configure your firewall, by configuring domain-names, IP addresses, policies (based on network type), security rules, etc...
-
How To Configure A Firewall Properly?
Here is how to configure a firewall securely:
1. Secure the Firewall itself
Securing a firewall is the vital first step to ensure only authorized administrators have access to it. This includes actions such as:
-
Update with the latest firmware
-
Never putting firewalls into production without appropriate configurations in place
-
Deleting, disabling, or renaming default accounts and changing default passwords
-
Use unique, long and secure passwords
-
Never using shared user-accounts. If a firewall will be managed by multiple administrators, additional admin accounts must have limited privileges based on individual responsibilities. Remember, the Zero Trust!
-
Track who made what changes and why. Accountability promotes due diligence in making changes.
-
Limit where people can make changes from to reduce your attack surface, i.e., changes can only be made from trusted subnets within your corporation.
-
Disabling the Simple Network Management Protocol (SNMP), which collects and organizes information about devices on IP networks, or configuring it for secure usage
-
Restricting outgoing and incoming network traffic for specific applications or the Transmission Control Protocol (TCP)
2. Creating Zones
You next job is to identify your network assets and resources which are critical and must be protected. You do this by creating a STRUCTURE of your corporate assets, as you seek to group together into a number of network zones, on the basis of similar functions and/or similar level of risk.
For example, you may create your DMZ (Demilitarized Zone). DMZ is a dedicated zone limits inbound-traffic. You usually place your servers, such as email servers, VPN servers, Web Servers, DNS Servers, etc.
Alternatively, servers that are not accessed directly from the internet should be placed in internal server zones. These zones usually include database servers, workstations, and any point of sale (POS) or VoIP devices.
A general rule is that the more zones created, the more secure the network is. You may not want to expose the other network zones to users of another zone. However, having more zones also demands more time to manage them.
Once you are done with identifying your network zone structure, then you must establish a corresponding 'IP address structure' that assigns zones to firewall interfaces and sub-interfaces.
Then you would proceed with assigning a particular SECURITY LEVEL to each zone in the firewall system, e.g., High-, Medium-, Low-Security.
-
Link to the Internet, assigned with the lowest-level of security.
-
A link to DMZ assigned a medium-security because of the presence of servers.
-
A link to the organization, situated at the remote end, assigned medium-security.
-
The highest-security is assigned to the internal network.
Normally traffic flows from a higher level zone to a lower level zone. But for traffic to move from a lower to a higher level, a different set of filtering rules are deployed.
General Rules to guide you are the followings:
[A] High to low-level access is allowed
[B] Low to high-level access is not allowed
[C] Equivalent level access also not allowed
By using the above set of rules, the traffic allowed to automatically flow through the firewall is:
-
Internal devices to DMZ, remote organization, and the internet.
-
DMZ to the remote organization and the internet.
3. Configure ACLs
For permitting the traffic to move from a lower security level to a higher security level, you should be precise about the kind of traffic permitted. By being precise you are unlocking the firewall system only for that traffic which is essential, all other kinds of traffic will be blocked by configuration. Right?
Access control lists (ACLs) would enable your organizations to determine WHICH traffic is allowed to flow in and out of each zone. ACLs act as firewall rules, which organizations can apply to each firewall interface and sub-interface.
-
ACLs must be made specific to the exact source and destination port numbers and IP addresses.
-
Each ACL should have a “deny all” rule created at the end of it, which enables organizations to filter out unapproved traffic.
-
Each interface and sub-interface also needs an inbound and outbound ACL to ensure only approved traffic can reach each zone.
-
It is also advisable to disable firewall administration interfaces from public access to protect the configuration and disable unencrypted firewall management protocols.
4. Configure Other Firewall Services and Logging
Make sure to look into the firewalls ability to control next generation level flows;
-
Can it block traffic based on web categories?
-
Can you turn on advanced scanning of files?
-
Does it contain some level of IPS functionality.
You paid for these advanced features, so don’t forget to take those "next steps" also...
Many of modern firewall system offers you many extra features, e.g., DHCP Server, IPS system, NTP server, etc.
Each of them must be configured separately. If there are some services there which you would not use, disable them in the beginning itself.
However, you must never forget to configure your firewall to report to a LOGGING Service, otherwise you will fail to comply with the 'Requirement #10' of PCI-DSS or other regulations.
5. Test the Firewall Configuration
Your firewall configurations would seemingly be complete by now, but it is critical to test them to ensure that it is blocking traffic that should be blocked according to your ACL configurations; and that the firewall performs as intended.
Your company must test your firewall configurations through techniques, such as PenTesting, Vulnerability Scanning.
You should always test your firewall configuration, before you place your firewall in production-environments. If everything checks out, your firewall is ready for production.
Remember to back up your firewall configuration in a secure location in case of any failures during the testing process.
-
Some Designing Facts To Help You
-
A Packet-filtering firewall should be used at the boundary of the network to give enhanced security.
-
Every server having exposure to a public network such as the Internet will be placed in DMZ. Servers having crucial data will be equipped with host-based firewall software within them. In addition to these on servers, all unwanted services should be disabled.
-
If your network is having critical database servers such as HLR server, IN, and SGSN which is used in mobile operations, then multiple DMZ will be deployed.
-
If external sources such as far-end organizations want to access your server placed in an internal network of security system then use VPN.
-
For crucial internal sources, such as R&D or financial sources, IDS should be used to monitor and deal with internal attacks. By imposing levels of security separately, extra security can be provided to the internal network.
-
For e-mail services, all outgoing emails should be pass through the DMZ e-mail server firstly and then some extra security software so that internal threats can be avoided.
-
For incoming e-mail, in addition to the DMZ server, antivirus, spam, and host-based software should be installed and run on the server every time a mail enters the server.
-
Continuous Monitoring
Firewall management and monitoring are critical to ensuring that your firewall continues to function as intended.
Be sure to update firmware, monitor logs, perform vulnerability scans, and review your configuration rules every six months.
It is also important to document processes and manage the configuration continually and diligently to ensure ongoing protection of your network.
To implement a firewall system an efficient administration is very essential to run the process smoothly. The people managing the security system must be master in their work as there is no scope for human error.
-
Kindly write 
your comments on the posts or topics, because when you do that you help me greatly in 
designing new quality article/post on cybersecurity.
your comments on the posts or topics, because when you do that you help me greatly in designing new quality article/post on cybersecurity.You can also share with all of us if the information shared here helps you in some manner.
Life is small and make the most of it!
Also take care of yourself and your beloved ones…
With thanks,
Meena R.
___
This Article Was Written & published by Meena R, Senior Manager - IT, at Luminis Consulting Services Pvt. Ltd, India.
Over the past 16 years, Meena has built a following of IT professionals, particularly in Cybersecurity, Cisco Technologies, and Networking...
She is so obsessed with Cybersecurity domain that she is going out of her way and sharing hugely valuable posts and writings about Cybersecurity on website, and social media platforms.
34,000+ professionals are following her on Facebook and mesmerized by the quality of content of her posts on Facebook.
If you haven't yet been touched by her enthusiastic work of sharing quality info about Cybersecurity, then you can follow her on Facebook:
Click Here to follow her: Cybersecurity PRISM