London, December 2, 2009- Tufin Technologies, the leader of
security lifecycle management solutions is offering some useful
recommendations to make sure organizations don't become a hacking
victim over the Christmas and New Year break.
According to a recent survey of 79 DEFCON attendees, an
overwhelming majority -- 81 per cent, viewed the holiday season as
the ideal time for hacking business computer systems. "It was the
perception of the people we surveyed at DEFCON that the Christmas
and New Year season are popular with hackers targeting western
countries," said Michael Hamelin, Tufin's Chief Security Architect,
adding that the rationale was that it is the time when people relax
and let their hair down, and many organizations run on a skeleton
staff over the holiday period.
"Additionally," said Hamelin, "96 per cent of hackers in the
survey said it doesn't matter how many millions a company spends on
its IT security systems, as it's all a waste of time and money if
the IT security administrators fail to configure and watch over
their firewalls." Here are a few things we can do as a regular
practice to make sure network firewalls don't become an easy target
for them*:
Document all firewall rule changes:
Firewalls do not have a change management process built into
them, so documenting changes has never become a best, or even
standard practice. If a firewall administrator makes a change
because of an emergency or some other form of business disruption,
chances are they are under the gun to make it happen as quickly as
possible, and process goes out the window.
Install all access rules with minimal access
rights.
Another common firewall security issue is overly permissive
rules. A firewall rule is made up of three fields - source (IP
address or), destination (network/subnet), and service (application
or other destination). In order to make sure the there are enough
open ports for everyone to access the systems they need, common
practice has been to assign a wide range of options in one or more
of those fields. When you allow a wide range of IP addresses to
access a large groups networks for the sake of business continuity,
these rules become overly permissive, and as a result,
insecure.
Verify every firewall change against compliance policies
and change requests.
Firewalls are the part of the physical implementation of
corporate security policy. Every rule should be reviewed to
understand that it meets the spirit and intent of the security
policy and any compliance policies, not just the letter of the
law.
Remove unused rules from the firewall rule bases when
services are decommissioned.
AKA: avoid rule bloat. Rule bloat is a very common occurrence
with firewalls because most operations teams have no process for
deleting rules. Getting into the loop on server decommissioning,
network decommissioning, and application upgrade cycles is a good
start for understanding when rules need to come out. Running
reports on unused rules is another step. Hackers like the fact that
firewall teams never remove rules. In fact, this is how many
compromises occur.
Perform a complete firewall review at least twice per
year
If you are a merchant with significant credit card activity,
then this one is not just a best practice but a requirement. PCI
requirement 1.1.6 call for reviews at least every 6 months.
Firewall reviews are also a critical part of the maintenance of
your firewall rule base. Networks and services are not static so
your firewall rule base should not be either. As corporate policies
evolve and compliance standards change you need to review how you
are enforcing traffic on the firewalls.
* Previously published in a
Network World Column.
About Tufin Technologies, Inc.
Tufin™ is the leading provider of Security Lifecycle Management
solutions that enable companies to cost-effectively manage their
network security policy, comply with regulatory standards, and
minimize IT risk. Tufin's products SecureTrack™ and SecureChange™
Workflow help security operations teams to manage change, minimize
risks and dramatically reduce manual, repetitive tasks through
automation. With a combination of accuracy and simplicity, Tufin
empowers security officers to perform reliable audits and
demonstrate compliance with corporate and government standards.
Founded in 2005 by leading firewall and business systems experts,
Tufin serves more than 400 customers in industries from telecom and
financial services to energy, transportation and pharmaceuticals. A
respected member of the network security community, Tufin partners
with leading vendors including Check Point, Cisco, Juniper,
Fortinet and F5, and is committed to setting the gold standard for
technological innovation and dedicated customer service.
For more information visit www.tufin.com, or follow Tufin
on:
