Security researcher Troy Hunt testified before Congress in a hearing on data breaches. Hunt talked about accidental...
data breaches and explained how changing a single firewall setting could expose corporate data to the public. How often should firewall settings be reviewed?
A log file on firewall settings should be reviewed daily, at least on the status of the transmission control protocol (TCP) and user datagram protocol (UDP) connections at a point in time. An administrator should ensure new ports are being correctly assigned and old ports are removed from the firewall settings file. The default port for the old application server may not automatically be replaced with a different port required by a new application server. If the old port is not removed, it may be reused by the new server for unintended services.
The hierarchy of physical and virtual firewalls in a company's internal network can be very complex. In a large, global enterprise, different firewall policies are set up for different types of firewall technologies from different vendors.
To make the log reviewing tasks easier, an enterprise should opt for paid cloud services that can provide a daily analysis of the company's firewall log files in real time. Firewalls provided by cloud services have advanced features that are not included in a basic firewall, which may only provide the status of TCP and UDP connections. Subscription prices are based on the complexity of firewall settings, the level of the enterprise's control over the settings and the costs of managing the firewalls.
Unlike a physical firewall, virtual firewalls share resources with other virtual machines (VMs) in the same virtualized host. The disadvantage to virtual firewalls is that it can be difficult to close a physical port shared by several VMs. If the physical port is not quickly replaced, corporate data may accidentally leak into the second VM that is not as secure as the first VM.
When comparing firewall cloud services, an enterprise should consider firewall policies on reviewing virtual and physical firewall settings to prevent accidental disclosures.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Judith Myerson
VPN vulnerabilities in products from popular vendors were recently found to enable serious threats. Discover how detrimental these threats are and ... Continue Reading
The Department of Homeland Security warned of a vulnerability affecting WAGO PFC200 logic devices. Discover how this flaw enables threat actors with ... Continue Reading
Zyklon malware targets three previously patched Microsoft Office vulnerabilities. Learn how attackers can access passwords and cryptocurrency wallet ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.