Firewall Configuration Reviews

November 28, 2023

Introduction

Configuration reviews are an important part of cybersecurity posture, including firewall config reviews. These types of assessments go through a business’s network and information technology equipment to make sure that the programs and settings are up to date in their updates, patches, and vulnerabilities. For some financial institutions like banks and credit unions, it is required by the government to get these configurations checked regularly.

The recommendation for these checks is usually every quarter, but can be spread out to twice a year. However, it is important to remember that these reviews are done for a reason—things are updated all the time. Even if a business has already done a few configuration reviews in the year, a big update to systems or programs can lead to new vulnerabilities and threats, especially when it comes to firewalls.

What is a firewall?

Despite being a common term, many people don’t know what a firewall actually is. It’s more than just a wall of fire, after all. A firewall is a security measure set in place by organizations to keep unwanted connections from your computer, controlling network traffic. If you open a new program or start a new connection, you might see a dialog box asking if you would like to accept an outside connection. This is the firewall asking you for permission.

Firewalls are subject to vulnerabilities themselves. It is the target of many bad actors that are trying to get into your computer and network. They can add their connections to the whitelist and it’s entirely possible for them to slip under the radar and stay connected to the network without anyone knowing. That’s why regular configuration reviews are required, especially after big updates.

Firewall Configuration Review

A firewall config review is usually performed in combination with other types of reviews, including VPN and Microsoft 365 reviews. There are a few different things that are checked during a firewall config review. Going in blind can be a worrying thought, so it’s a good idea to go over what it entails.

  • The amount of firewalls that are established.
  • The architect of the firewall, including make and model and internal or perimeter.
  • The location of the firewall, whether it’s an office, data center, or cloud service.
  • Various other things, like additional services, virtual or hardware, and more.

After gathering this information, a third-party analyst will begin looking through rules and authentications. This rule audit will go through various surface-level checks. The analyst will first check the logs of the firewall to make sure that the rules are being used properly. Weaker rules will either be removed, strengthened, or replaced by something else. This is a necessary cleanup to make sure things continue working as they should.

Another thing that’s checked is the firewall change management process and the plan behind it. This is a sequence of automation that will go through checks when a firewall change is made. It is important to have, considering bad actors can try to take the firewall down or adjust settings for their hacks. With a proper change management process involved, changes will go through the proper channels and can be stopped if something is amiss.

Firewalls can have different properties to check, but it mostly falls under software or hardware. Software usually provides plenty of firewall options, but there is some hardware that provide them as well. Regardless of its architecture, the analyst will review its vulnerabilities and upgradation. Making sure that everything is in working order is important and some misconfigurations can occur even through hardware.

Conclusion

Configuration reviews are important, especially when it comes to firewall config reviews. There are many things to check when it comes to these security assessments, so it’s crucial to get them done on occasion. It’s also important to get them when there are significant updates or changes in programs or hardware. After gathering answers to scoping questions, an analyst will go through rules and processes to make sure that everything is up to date and safe from threats.

While not exactly part of a configuration review, it is important to combine these configuration reviews with risk assessments or penetration testing. Both of these services go hand-in-hand with config reviews and can answer a lot of questions on how much the policies work. Getting all of these done is important to cybersecurity posture, and in some cases, it is required by government regulation. Keep your network and business safe from bad actors.

Eddy Berry, Security Research Analyst

Eddy has been researching cybersecurity for a few years now. Finding specific trends and best practices is something he takes pride in, assisting in finding news and government regulation that are on the rise. He researches topics and writes articles based on current events and important vulnerabilities that are affecting people, always hoping to get the necessary cybersecurity steps to those that need them.