Security researcher Troy Hunt testified before Congress in a hearing on data breaches. Hunt talked about accidental...
data breaches and explained how changing a single firewall setting could expose corporate data to the public. How often should firewall settings be reviewed?
A log file on firewall settings should be reviewed daily, at least on the status of the transmission control protocol (TCP) and user datagram protocol (UDP) connections at a point in time. An administrator should ensure new ports are being correctly assigned and old ports are removed from the firewall settings file. The default port for the old application server may not automatically be replaced with a different port required by a new application server. If the old port is not removed, it may be reused by the new server for unintended services.
The hierarchy of physical and virtual firewalls in a company's internal network can be very complex. In a large, global enterprise, different firewall policies are set up for different types of firewall technologies from different vendors.
To make the log reviewing tasks easier, an enterprise should opt for paid cloud services that can provide a daily analysis of the company's firewall log files in real time. Firewalls provided by cloud services have advanced features that are not included in a basic firewall, which may only provide the status of TCP and UDP connections. Subscription prices are based on the complexity of firewall settings, the level of the enterprise's control over the settings and the costs of managing the firewalls.
Unlike a physical firewall, virtual firewalls share resources with other virtual machines (VMs) in the same virtualized host. The disadvantage to virtual firewalls is that it can be difficult to close a physical port shared by several VMs. If the physical port is not quickly replaced, corporate data may accidentally leak into the second VM that is not as secure as the first VM.
When comparing firewall cloud services, an enterprise should consider firewall policies on reviewing virtual and physical firewall settings to prevent accidental disclosures.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Judith Myerson
Air-gapped computers subject to PowerHammer attack: Proof-of-concept attack enables data exfiltration through control of current flow over power ... Continue Reading
Bastille researchers created the SirenJack proof of concept to show how a vulnerability could put San Francisco's emergency warning system at risk. ... Continue Reading
A QR code vulnerability was recently discovered in the Apple iOS 11 camera app. Learn how an attacker could exploit it and how to avoid the issue ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.