Companies need to ensure that their firewall policy is up-to-date and enforced
Companies are failing to enforce a firewall policy and leaving themselves with an audit nightmare.
Calum Macleod, regional manager of Tufin Technologies questioned whether companies are enforcing their firewall policy, as its practical implementation defines everything from acceptable use to what actions should be taken in the event of a security problem.
Macleod said: “Every change that is made to a firewall has to be in line with the firewall policy. A firewall policy defines how the firewall should deal with traffic such as web, or email or any other application that needs to be accessed. Additionally the policy usually controls how the firewall is managed and updated.
“Firewall management is an area that can create problems especially for users who have outsourced the management. For example how does a security officer or an auditor at an organisation validate that the service provider is adhering to the agreed policy? In many cases the customer has simply no idea.”
He claimed that a nightmare for auditors and security officers is having no effective method of knowing if your firewall administrators, whether in-house or out-sourced, are actually enforcing the policy.
Macleod said: “The problem that you are faced with is that without effective security lifecycle management and firewall policy management technology it is virtually impossible today to know what is going on. Very complex and large rule sets across many firewalls in a multi-vendor environment is the source of sleepless nights.
“I talk to many organisations and the whole process is a paper based exercise. Every change to the firewall has to be examined firstly against the information security policy – is this allowed or not; is this person allowed to do this, etc. Then it's examined against the firewall policy – does my firewall policy allow this; what has to be changed and where; does this already exist; what impact will this have on other services.”