Security researcher Troy Hunt testified before Congress in a hearing on data breaches. Hunt talked about accidental...
data breaches and explained how changing a single firewall setting could expose corporate data to the public. How often should firewall settings be reviewed?
A log file on firewall settings should be reviewed daily, at least on the status of the transmission control protocol (TCP) and user datagram protocol (UDP) connections at a point in time. An administrator should ensure new ports are being correctly assigned and old ports are removed from the firewall settings file. The default port for the old application server may not automatically be replaced with a different port required by a new application server. If the old port is not removed, it may be reused by the new server for unintended services.
The hierarchy of physical and virtual firewalls in a company's internal network can be very complex. In a large, global enterprise, different firewall policies are set up for different types of firewall technologies from different vendors.
To make the log reviewing tasks easier, an enterprise should opt for paid cloud services that can provide a daily analysis of the company's firewall log files in real time. Firewalls provided by cloud services have advanced features that are not included in a basic firewall, which may only provide the status of TCP and UDP connections. Subscription prices are based on the complexity of firewall settings, the level of the enterprise's control over the settings and the costs of managing the firewalls.
Unlike a physical firewall, virtual firewalls share resources with other virtual machines (VMs) in the same virtualized host. The disadvantage to virtual firewalls is that it can be difficult to close a physical port shared by several VMs. If the physical port is not quickly replaced, corporate data may accidentally leak into the second VM that is not as secure as the first VM.
When comparing firewall cloud services, an enterprise should consider firewall policies on reviewing virtual and physical firewall settings to prevent accidental disclosures.
Ask the expert:
Want to ask Judith Myerson a question about security? Submit your question now via email. (All questions are anonymous.)
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Judith Myerson
Multiple Border Gateway Protocol vulnerabilities were found impacting security in the Quagga routing software. Expert Judith Myerson explains how ... Continue Reading
A previously disclosed flaw found in Broadcom's Wi-Fi controller chips is now believed to affect the Lenovo ThinkPad. Learn how this vulnerability ... Continue Reading
ICS-CERT issued a warning about a new vulnerability in Nortek Linear eMerge E3 products. Discover what this vulnerability is and how it affects ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.