Tufin Technologies, the leader of security lifecycle management solutions is offering some useful recommendations to make sure organizations don't become a hacking victim over the Christmas and New Year break.
According to a recent survey of 79 DEFCON attendees, an overwhelming majority -- 81 per cent, viewed the holiday season as the ideal time for hacking business computer systems. "It was the perception of the people we surveyed at DEFCON that the Christmas and New Year season are popular with hackers targeting western countries," said Michael Hamelin, Tufin's Chief Security Architect, adding that the rationale was that it is the time when people relax and let their hair down, and many organizations run on a skeleton staff over the holiday period.
"Additionally," said Hamelin, "96 per cent of hackers in the survey said it doesn't matter how many millions a company spends on its IT security systems, as it's all a waste of time and money if the IT security administrators fail to configure and watch over their firewalls." Here are a few things we can do as a regular practice to make sure network firewalls don't become an easy target for them*:
Document all firewall rule changes:
Firewalls do not have a change management process built into them, so documenting changes has never become a best, or even standard practice. If a firewall administrator makes a change because of an emergency or some other form of business disruption, chances are they are under the gun to make it happen as quickly as possible, and process goes out the window.
Install all access rules with minimal access rights.
Another common firewall security issue is overly permissive rules. A firewall rule is made up of three fields - source (IP address or), destination (network/subnet), and service (application or other destination). In order to make sure the there are enough open ports for everyone to access the systems they need, common practice has been to assign a wide range of options in one or more of those fields. When you allow a wide range of IP addresses to access a large groups networks for the sake of business continuity, these rules become overly permissive, and as a result, insecure.
Verify every firewall change against compliance policies and change requests.
Firewalls are the part of the physical implementation of corporate security policy. Every rule should be reviewed to understand that it meets the spirit and intent of the security policy and any compliance policies, not just the letter of the law.
Remove unused rules from the firewall rule bases when services are decommissioned.
AKA: avoid rule bloat. Rule bloat is a very common occurrence with firewalls because most operations teams have no process for deleting rules. Getting into the loop on server decommissioning, network decommissioning, and application upgrade cycles is a good start for understanding when rules need to come out. Running reports on unused rules is another step. Hackers like the fact that firewall teams never remove rules. In fact, this is how many compromises occur.
Perform a complete firewall review at least twice per year
If you are a merchant with significant credit card activity, then this one is not just a best practice but a requirement. PCI requirement 1.1.6 call for reviews at least every 6 months. Firewall reviews are also a critical part of the maintenance of your firewall rule base. Networks and services are not static so your firewall rule base should not be either. As corporate policies evolve and compliance standards change you need to review how you are enforcing traffic on the firewalls.
* Previously published in a Network World Column.
About Tufin Technologies, Inc.
Tufin™ is the leading provider of Security Lifecycle Management solutions that enable companies to cost-effectively manage their network security policy, comply with regulatory standards, and minimize IT risk. Tufin's products SecureTrack™ and SecureChange™ Workflow help security operations teams to manage change, minimize risks and dramatically reduce manual, repetitive tasks through automation. With a combination of accuracy and simplicity, Tufin empowers security officers to perform reliable audits and demonstrate compliance with corporate and government standards. Founded in 2005 by leading firewall and business systems experts, Tufin serves more than 400 customers in industries from telecom and financial services to energy, transportation and pharmaceuticals. A respected member of the network security community, Tufin partners with leading vendors including Check Point, Cisco, Juniper, Fortinet and F5, and is committed to setting the gold standard for technological innovation and dedicated customer service.
For more information visit www.tufin.com, or follow Tufin on:
- Twitter at http://twitter.com/TufinTech
- LinkedIn at http://www.linkedin.com/groupRegistration?gid=1968264
- FaceBook at http://www.facebook.com/group.php?gid=84473097725
- The Tufin Blog at http://tufintech.wordpress.com/
- The Tufin Channel on YouTube at http://www.youtube.com/user/Tufintech