It is obvious that as the first line of defense against online attackers, a firewall remains a critical part of network security. If you are responsible for your information technology infrastructure, you are likely aware that security experts rigidly recommend you put the solution in place.
What is a firewall? Norton, a provider of industry-leading security software for PC, MAC, and mobile devices, defines a firewall as a security device – computer hardware or software, that can help protect your network by filtering traffic and blocking outsiders from gaining unauthorized access to the private data on your computer. Not only does the hardware or software firewall block unwanted traffic, but it can also block malicious software from infecting your computer. With software and hardware firewalls becoming increasingly popular, proper configuration is essential, as default features may not provide maximum defense against cyberattacks.
How to Set Up a Firewall
Despite its relevance in the cybersecurity field, configuring a firewall can be an intimidating process. Improper firewall configuration can compound the situation by allowing attackers to gain unauthorized access to protected internal networks and resources. Today, cybercriminals are constantly on the lookout for networks with outdated software or servers. Consequently, misconfiguration errors are responsible for a staggering percentage of security breaches, with Gartner reporting misconfigurations, not flaws, will cause 99 percent of all firewall breaches through the next several years.
Fortunately, we can break the process down into simpler tasks to make the work much more manageable. So you can loosen up, for we have done that for you. We present a basic guide that should help you configure a firewall in simple steps, including activities like creating zones, configuring settings, testing the configuration, managing the firewall, and reviewing firewall rules.
Steps Involved in How to Set Up a Firewall
Step 1: Secure Your Firewall
Eric Dosal from Compuquip Cybersecurity writes that there are many types of firewall solutions used in modern security architectures, but cybercriminals have mastered ways of circumventing them as well. “Many attackers know how to break a firewall – and some insider threats can bypass them entirely,” writes Eric.
That being the case, a first step in configuring your firewall is to secure the tool to prevent attackers from gaining administrative access to your security solution. At the outset, organizations should never put a network security system into production before securing it properly and updating it to the latest firmware. The latest version ensures the firewall wall operates securely and efficiently. Better still, you can automate software updating and patching. Additionally, it is vital to delete, disable, or rename all default user accounts and replace default passwords with complex, secure ones.
A configuration guide from Cisco recommends that if multiple people manage the firewall, you need to create additional accounts with limited privileges based on responsibilities. Likewise, avoid using shared user accounts and track who made changes and why. It will also help if you limit the ways users make changes to reduce the attack surface.
Step 2: Design Your Firewall Zones and IP Addresses
After installing and securing your firewall, the next step involves identifying your critical information assets and planning out your network structure to allow asset grouping into network zones based on similar sensitivity levels and functions. Such zones, commonly called a demilitarized zone (DMZ), may sound like a gutsy move. However, they simply refer to areas outside the firewall to add an extra layer of security to an organization’s local network or your home network. In this case, protected and monitored network equipment facing outside the internal network can access what is exposed in the DMZ, while the rest of the organization’s network is safe behind a firewall.
One way of architecting your firewall zones involves placing servers like web servers, email servers, and virtual private network (VPN) servers into a dedicated zone that limits inbound or incoming traffic. Next, database servers that should be accessed directly from the internet must be placed in internal server zones, while assets like workstations, web browsers, operating systems, and point of sale systems can be placed in internal network zones. Broadly speaking, the more zones you create, the more you secure your network. However, it is noteworthy to mention that managing more zones requires additional resources and time.
Fortinet also recommends that with a network zone structure established, it is significant to set up a corresponding IP address structure that assigns zones to firewall interfaces and sub-interfaces. As a general rule, you need to use switches that support virtual LANs (VLANs) to maintain level-2 separation between the networks.
Cisco configuration guide mentions that if you are using IP version 4, internal IP addresses should be used for all your private networks. Likewise, configure network address translation (NAT) to allow internal devices to communicate on the internet when necessary.
Step 3: Configure Access Control Lists (ACLs)
After establishing and assigning your network zones to interfaces, the next step entails determining exactly which traffic should flow into and out of each zone. Taking this into account, you can set firewall rules called access control lists (ACLs) to permit or block network traffic. While setting ACLs, make them specific to the exact source and destination IP address and port number whenever possible. Additionally, include a deny rule at the end of every ACL to filter out all other unapproved traffic. Finally, apply both inbound and outbound ACLs to each interface and sub-interface on the firewall to ensure that only approved traffic can enter or leave each network zone.
Fortinet recommends you disable firewall administration from public access during ACL configuration to protect it and disable unencrypted firewall management protocols, such as Telnet and HTTP connections.
Cisco configuration guide advises you to investigate the firewall’s ability to control next-generation level flows. For instance, can it block traffic based on web categories? Can you deploy advanced file scanning? Does the tool provide some level of intrusion prevention functionality?
Step 4: Configure Other Services and Logging
Go ahead and configure other services for firewall capable of acting as dynamic host configuration protocol (DHCP) server, intrusion prevention system (IPS), or network time protocol (NTP) server. You can further enhance your security posture by disabling all the extra services you don’t intend to use.
Additionally, you can fulfill PCI DSS requirements by configuring your firewall to report to your logging server and ensuring that enough detail is included to satisfy PCI requirements 10.2 through 10.3.
Step 5: Test Your Firewall Configuration
This step involves testing your firewall works as intended in a test environment. One way to do this is to deploy a test host outside your network to attempt to pierce your firewall – this can be quite slow and clumsy, though. Therefore, you can limit the process to test only those addresses that you can actually use. In this case, you verify the security tool is blocking traffic according to ACL configurations.
Also, it is a best practice to include firewall testing during vulnerability assessment and penetration testing exercises. Strahinja Stankovic, ECSA, writes that the firewall penetration testing process involves locating a firewall, conducting tracer route, scanning ports, banner grabbing, access control enumeration, identifying firewall architecture, testing the firewall policy, firewalking, port redirection, internal and external testing, testing for covert channels, HTTP tunnels, and identifying firewall specific vulnerabilities.
Your firewall is ready for production after testing and penetration testing. It is vital to keep a backup of your firewall configuration in a secure location for restoration in case of a hardware or software failure.
Managing Your Firewall in Production
After configuration, firewall management begins. Once in production, you need to monitor logs, update firmware, perform vulnerabilities scans, and review and update firewall rules every six months. All in all, be sure to document the process and buckle down ongoing configuration tasks to ensure your firewall continues to protect your IT infrastructure and network services effectively.
Who Should Manage the Firewall?
Firewall management should be the duty of the team, personnel, or department in charge of the IT security policy. As pointed out by Cisco and Fortinet, a firewall is integral to protecting an organization’s network and systems, so you should limit access to the administration of rules and policies. Ideally, firewall management should only be given to IT security specialists within the enterprise. Overall, firewall management responsibility should sit with the head of the department or executive in charge of the IT security policy.
Audit Firewall Rules and Policies Regularly
Regularly audit rules and policies to remove unused, old, and conflicting settings while in production. Sometimes, your firewall could have hundreds of unused rules that hackers typically exploit old and unused rules to gain access to the network, heightening the chance of data breaches. Apart from running your firewall with unused rules, sometimes a new rule may conflict with existing ones. That way, your security tool may not function as intended, causing unforeseen vulnerabilities.
Fortunately, highlighting and updating the old rules can make your firewall more efficient and secure. The process can identify conflicting and specific rules for replacement. For example, you can leverage firewall logs that record changes, access, and events for audit input.
Mistakes to Avoid When Configuring Your Firewall
As might be expected, setting up and running a firewall can present difficulties. However, you can prevent such issues by avoiding mistakes such as using broad policies or wrong firewall settings that can result in server or connectivity issues. Besides, do not ignore outgoing traffic since it can present risks to the network. By and large, vendors set firewalls with an open policy to allow traffic from any source and to any destination. Therefore, if your IT team does not know exactly what they need initially, they can decide to start with these default rules and then work backward. However, the reality is that time pressures of disregarding this configuration as a policy can result in your team not working around defining the firewall policies.
Apart from using broad policies and wrong firewall settings, another mistake users make entails leaving services running on the firewall. The main culprit, in this case, includes dynamic routing, which should not be enabled on security devices as a best practice.
Every so often, enterprises deploy non-standard authentication mechanisms that do not follow recommended practices. Failure to enforce corporate authentication mechanisms allows users to access crucial IT infrastructure and information using weak passwords and accounts that do not limit login failures. In addition, feeble authentication mechanisms affect your security posture and create more cybercriminals’ attack vectors. Therefore, you must ensure that all users follow the same central and recommended authentication mechanisms while working in-office or at home.
This guide also recommended testing your firewall configuration while going into production. While most companies have governance guidelines restricting test systems from connecting to production environments or accessing production data, others do not enforce such rules in practice. As a result, people testing the firewall can see production data that could be highly sensitive and subject to regulatory compliance. So, in case you have production data in test environments, ensure you use reliable security controls as defined by data classifications.
Firewall configuration is essential in your security policies since it protects against unauthorized and unwanted access. Characteristically, you insert the security tools between the internal network and the internet to establish a controlled, secure link. However, installing and running a firewall requires maintaining and following firewall configuration standards. That way, your enterprise will definitely minimize the threat of hackers using modern and advanced technology to interfere with the smooth running of your IT infrastructure.