Strategic Firewall Policy Management
Managing firewall rule sets and policies is a complex and messy business. Simply following a few best practices can go a long way to simplify your life, cut costs, and improve security.
When it comes to much discussed IT topics, this one certainly doesn’t make the list – but it should. In fact, it’s one of the most manually intensive, costly aspects of managing almost any network infrastructure and requires a high level of expertise to get right. Furthermore, make a single mistake and applications get cut off, transactions don’t get processed, and management consoles quickly go from green to red. We’re talking about firewall management.
While the average firewall holds thousands of rules, more complex environments may hold ten times that many. Because of this complexity, most organizations make what should be a simple firewall change and then hope for the best—that applications and remote offices don’t get cut off and that customer transactions continue to flow. Unfortunately, it doesn’t matter which firewall vendor you choose — Cisco, Juniper, CheckPoint, Fortinet, IBM/ISS Linux, or Nortel — these management complexities are true across the board. When talking to customers, we found that it takes, on average, about 3 hours of testing and analysis to implement a single rule change. Multiply that by 2-3 regular firewall changes a day for a small company to tens of changes a day for larger enterprises. Then, multiply that by five, ten, or 100 actual firewalls and you begin to see the magnitude of the management burden we’re talking about.
What organizations need to do to attain a high-level of efficiency and slash the cost of firewall management is to put into place several best practices that make it possible to quickly review, model, and test any firewall changes before they’re implemented.
Unfortunately, that’s easier written than put into practice. First, it’s a challenge to keep the network expertise necessary for successful, long-term, sustainable firewall management. Employees naturally shift positions and job roles as they’re promoted or leave the company. And as they leave, so does their understanding of the complex matrix of firewall rules. And the older your network, the more challenging this becomes as years of firewall rules layer on top of one another.
These challenges are steep enough, even in a company that has managed to put into place good change control procedures — but most companies don’t have that luxury. They have different network segments using firewalls from different vendors and they’re rushed to make changes to solve the business need of the day. This complexity is amplified by different geographic regions and divisions managing their networks in their own way. Even companies that do have good change management procedures in place find that they expend too much labor getting there, and make too many mistakes that jeopardize both availability and security.
Here are the best practices that will help you streamline your firewall management:
Best Practice #1: Accurate Topology. The first step is to get a clear picture of your network by creating an accurate
Build your tech library with our book giveaways.
Windows PowerShell 2.0 Unleashed
By Tyson Kopczynski, Pete Handley, Marco Shaw; Published by Sams
Windows PowerShell Unleashed will not only give you deep mastery over PowerShell but also a greater understanding of the features being introduced in PowerShell 2.0–and show you how to use it to solve your challenges in your production environment. Enter now!
Ubuntu Server Administration
By Michael Jang; Published by McGraw-Hill Osborne Media
Realize a dynamic, stable, and secure Ubuntu Server environment with expert guidance, tips, and techniques from a Linux professional. Ubuntu Server Administration covers every facet of system management -- from users and file systems to performance tuning and troubleshooting. Enter now!
