Q

Change management best practices: Tracking eliminated firewall rules

Does your enterprise track eliminated firewall rules? It's one of the change management best practices suggested by expert Brad Casey.

My company has worked with a variety of firewalls, and while our change management process has been pretty good historically, we don't keep track of the old firewall rules we eliminate. Should we keep track of these rules, and if so, how?

Ask the Expert

Have questions about network security? Submit them now via email!

First, let me commend you and your company for maintaining something that is disregarded in far too many enterprise networks: change management. This is the sort of blocking and tackling that's hardly exciting work (it's actually quite boring), but is nonetheless necessary for maintaining a secure network. How many configuration errors and security loopholes could be avoided if more attention was paid to change management?

Compliments aside, I must say that your company is erring by not tracking eliminated rules. I would equate this to not keeping track of the users who no longer have authority to access your network. While it's a good thing to explicitly state who is allowed on the network, a higher degree of certainty is attained when you explicitly state who is not allowed on your network.

A brief example: Let's say that for a certain time period, your company blocked all traffic from the 10.0.0.0/16 subnet. Then, after some time, it was determined that this subnet belonged to a legitimate domain and had valid business use, so the rule blocking 10.0.0.0/16 was eliminated and forgotten about. Now, suppose that a year or two later a new security administrator is hired and, while poring over the logs, he wrongfully determines that traffic coming from the 10.0.0.0/16 network is illegitimate and blocks the entire subnet. Without anything to reference before he made his decision, the new admin not only blocked a legitimate domain, but may also have inadvertently disrupted some legitimate business traffic. Had your organization put this information into its records, the issue could have been avoided.

While a number of today's next-generation firewalls come with adequate change management tools, many organizations find that firewall configuration management software is the best way to manage changes to firewall rules, including ones that are no longer used. Keeping a record of rules that are disabled or deleted is especially helpful when an unexpected firewall problem occurs, as it can often be traced back to a rule that was mistakenly removed.

This was first published in April 2014

Dig deeper on Network Firewalls, Routers and Switches

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close