Essential Guide

Enterprise firewall protection: Where it stands, where it's headed

A comprehensive collection of articles, videos and more, hand-picked by our editors
Q

Updating firewall policies with the frequency of firewall testing

Should firewall testing frequency be decided and documented when updating firewall policies? Expert Brad Casey discusses how often to test firewalls.

My company is currently updating its firewall policies (full disclosure: This hasn't been done in a while) and we're hung up on how often we should test the security of our firewall. Do you have any recommendations on how often firewall testing should occur?

Ask the Expert!

Have questions about network security for expert Brad Casey? Send them via email today! (All questions are anonymous)

Well, this is highly contingent upon what you mean by test. If you're testing whether your firewall is blocking or recording the types of traffic for which it is configured, perform the test when network traffic is at minimum activity. This way, you can throw whatever traffic you want at your network, and the logs will be easier to parse. Also, this allows you to send different types of traffic down range without interfering with legitimate network traffic.

If you want to test how your firewall functions under a full load, isolate the firewall from the rest of the network and utilize a network traffic generator to simulate a typical "day in the life" of the firewall. If a network traffic generator is not on hand, place the firewall in an operational environment, but gradually change the settings throughout a given time period. Record any behavioral changes that may occur with each rule change. If you decide to make a whole host of changes to your firewall policies simultaneously, too many variables will be inserted into an already fluid situation, thereby making configuration that much more difficult.

In terms of firewall testing frequency, I'm afraid this is also highly contingent on a few factors. Does your network serve a financial institution? If so, I would test your firewall daily, if feasible. If this is deemed impractical, then I would test it as often as possible. Does your firewall service a data center? Again, I would test it on a daily basis if at all possible. My approach may sound draconian, but many tests can be performed without adversely affecting your network or firewall performance. For example, is your firewall configured to block a certain domain? This is easy to simulate and even easier to detect from within the logs.

This was first published in April 2013

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

Essential Guide

Enterprise firewall protection: Where it stands, where it's headed

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close