7 Firewall Misconfigurations System Administrators Can't Afford to Ignore

{authorName}

Tech Insights for ProfessionalsThe latest thought leadership for IT pros

01 February 2022

A misconfigured firewall could expose your critical systems to damaging security risks. Are you making any of these common firewall configuration errors?

Article 4 Minutes
7 Firewall Misconfigurations System Administrators Can't Afford to Ignore
  • Home
  • IT
  • Security
  • 7 Firewall Misconfigurations System Administrators Can't Afford to Ignore

With cybersecurity an increasingly major concern for businesses, it's imperative that you pay close attention to your network perimeter as the first line of defense for your network - especially your firewall.

However, many incidents aren't the result of highly-skilled hackers using previously unknown vulnerabilities, but rather criminals taking advantage of poorly-configured tech solutions within your network, which have the effect of leaving your back door open.

If you don't set up your solutions correctly, you could be exposing critical systems to unnecessary - and potentially hugely dangerous - risk. According to Gartner, 99% of firewall breaches through to 2023 will be the result of preventable firewall misconfigurations rather than inherent flaws in these solutions.

What's more, as businesses come to rely on services such as cloud computing and remote working, the amount of traffic moving through your firewall is likely to grow exponentially, making it easier than ever for issues to be overlooked or for criminals to take advantage of overstretched IT networks.

Therefore, any errors in the way you've set up your systems could leave you even more at risk. Here are a few common firewall configuration mistakes you need to avoid.

1. Failing to set rules

The first, and most basic, mistake, is simply to get your firewall up and running without changing any of the initial settings. In many cases, these defaults will be set up to 'any to any' status, allowing traffic to come and go from any source or destination.

It may be common for security teams to start off using open access as they assess the needs of the system and tighten them up as they go, but failing to apply rules to 'any to any' traffic can leave companies highly vulnerable to attack.

2. Not updating rules consistently

Once you do have rules in place, these must be reviewed periodically to make sure they're up-to-date and still fit for purpose. Keeping an eye on this is vital to the smooth running of your network, because as businesses grow and new rules are added, these might start to overlap or even become contradictory. Deleting duplicate rules improves performance and efficiency, so should always be factored into your maintenance planning.

However, if any adjustments do need to be made to address such issues, it's essential these are carried out in a consistent manner across the network to avoid any areas becoming outdated. Solve this by setting up a clear schedule for network reviews and being proactive about making changes.

3. Not accounting for cloud traffic

The days when the firewall marked a clear perimeter for your network are over. In today's increasingly cloud-based security environment, with many more users and applications connecting remotely, a defense in depth approach where the firewall is just one element of a hybrid security system should be the norm. Yet if your firewall configuration is still based around old-fashioned, on-premise approaches, it can both hurt productivity for those relying on cloud services and leave you at risk.

4. Being too open with your access controls

How you define roles for various users is critical in keeping your network safe, and the general rule is that you should only apply the minimum permissions necessary for someone to do their job. Yet many professionals start from a position of having open permissions and tighten them up as they learn more about the network needs. Inverting this practice, starting with a zero-trust attitude and gradually opening up privileges as and when required, offers a much more secure solution for network administrators.

5. Inconsistent authentication

Large, sprawling networks that cover multiple sites are often more prone to attack due to inconsistencies in their defenses, and one particular area that needs to be focused on to avoid this is authentication. If some sites use router configuration that don't match up to key standards, this can be a useful backdoor. Therefore, it's vital to have a centralized system for authentication and ensure it's rolled out evenly across the network.

6. Misapplying port forwarding rules

Port forwarding rules to allow remote access to assets are essential today, but if these aren’t set up properly, they can be another easy way into a network. Setting up blanket rules is the easiest way to enable remote access, but this offers up an open door. Instead, ensure that you're restricting traffic to specific ports or from whitelisted IP addresses to avoid leaving the door open for hackers.

7. Failing to consider outgoing traffic

Most firewall administrators are focusing on blocking unauthorized traffic coming into the network, but it's also important not to overlook what's going out. If you do get hacked, criminals need a way to exfiltrate the data and malware needs to reach back to its control server, and this is made much easier if firewalls haven't been configured properly to monitor outgoing traffic.

Make sure your firewall is restricting outgoing traffic to only approved services and can alert you if any attempts are made to connect to known malicious networks, as this may be the first indication you've been compromised.

Further reading:

 

Tech Insights for Professionals

Insights for Professionals provide free access to the latest thought leadership from global brands. We deliver subscriber value by creating and gathering specialist content for senior professionals.

Comments

Join the conversation...