1. More common than it should be, administrators are still using weak passwords and common usernames!
Your firewall is often the primary entry into your network, having a password like “P@ssw0rd” might as well be letting intruders in!
2. Geographical blocks, if you only operate in the U.S. and only expect U.S traffic, then it may be wise to just outright block traffic from alternate countries!
There is a list of countries that fall in the sanctioned countries list: https://home.treasury.gov/policy-issues/financial-sanctions/sanctions-programs-and-country-information
Countries on this list may provide a good starting point for who to block.
*Carefully consider whether you need the traffic from any of the blocked countries*
3. A block is below an allow and does no good!
Maybe a previous admin or someone was testing something, who knows. But something that has a block policy is being essentially overridden by an allow policy above it.
Be cautious when moving around the policies and ensure that for sure the block should be above the allow.
4. Common exploit applications being allowed where they should not, such as SSH and RDP.
A few others to check include: FTP, TFTP, ICMP, Telnet, and SNMP
5. With the rise of NGFW there are many tools you can use to monitor, block traffic such as IPS (Intrusion Prevent System) and Malware Detection.
Turning NGFW settings on could boost your security instantly!
6. Patch management - If you are like me you feel just a tad stressed updating network equipment, however, letting your software get old could be severely weakening your security posture.
Some other professionals seem to think two patches back is “safe enough” compared to the risks of the bugs in the latest patch. This may be true, however, I generally like to go ahead and stay as up to date as possible.
Use careful consideration of your particular environment when making this decision.
Also ensure you take a backup of the configuration and the current firmware downloaded prior to making ANY changes. Better safe than sorry!
7. Another feature of many NGFW solutions is web filtering. This will almost certainly be of great benefit! Aside from blocking malicious sites, you could also block sites that are potentially draining work focus such as large video streaming services that a 99% of the time just being used for entertainment.
8. Network segmentation, although this doesn’t just apply to the firewall, splitting traffic such as Finance and the customer kiosks may help prevent unwanted snooping.
9. Second to last enable logging where possible! How can you know what is happening if there are no logs to show it.
10. Last and certainly not least: READ THE LOGS! Sometimes you just need to pop open that log page and look. You never know what you are going to find.
תגובות