Security researcher Troy Hunt testified before Congress in a hearing on data breaches. Hunt talked about accidental...
data breaches and explained how changing a single firewall setting could expose corporate data to the public. How often should firewall settings be reviewed?
A log file on firewall settings should be reviewed daily, at least on the status of the transmission control protocol (TCP) and user datagram protocol (UDP) connections at a point in time. An administrator should ensure new ports are being correctly assigned and old ports are removed from the firewall settings file. The default port for the old application server may not automatically be replaced with a different port required by a new application server. If the old port is not removed, it may be reused by the new server for unintended services.
The hierarchy of physical and virtual firewalls in a company's internal network can be very complex. In a large, global enterprise, different firewall policies are set up for different types of firewall technologies from different vendors.
To make the log reviewing tasks easier, an enterprise should opt for paid cloud services that can provide a daily analysis of the company's firewall log files in real time. Firewalls provided by cloud services have advanced features that are not included in a basic firewall, which may only provide the status of TCP and UDP connections. Subscription prices are based on the complexity of firewall settings, the level of the enterprise's control over the settings and the costs of managing the firewalls.
Unlike a physical firewall, virtual firewalls share resources with other virtual machines (VMs) in the same virtualized host. The disadvantage to virtual firewalls is that it can be difficult to close a physical port shared by several VMs. If the physical port is not quickly replaced, corporate data may accidentally leak into the second VM that is not as secure as the first VM.
When comparing firewall cloud services, an enterprise should consider firewall policies on reviewing virtual and physical firewall settings to prevent accidental disclosures.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Judith Myerson
An exploit code for Dirty COW was accidentally shipped by Cisco with product software. Learn how this code ended up in a software release and what ... Continue Reading
Cisco's Webex Meetings platform had to be re-patched after researchers found the first one was failing. Discover what went wrong with the first patch... Continue Reading
The TP-Link EAP Controller for Linux was recently found to be vulnerable to attacks. Learn from Judith Myerson what this means for users and how it ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.