Network Firewall Security: Are You Compliant or Are You Secure?

Network Firewall Security

Some of the most significant recorded cybersecurity breaches affected organizations with a surprising thing in common: their router and network firewall security were fully compliant with industry and government standards. On paper, they should have been safe.

So why weren’t they?

One of the fundamental truths of bureaucracy is that the larger an organization gets, the more slowly it moves. It’s true of government and military bodies, and it applies to the private sector as well. Smaller groups and individuals can create new threats far more adeptly than the organizations that certify solutions, so it’s critical to stay ahead of bad actors.

Did You Know? These tech-savvy companies experienced some of the biggest data breaches in recent history:

Be secure, and compliance will fall into place. Just be compliant, and you’re only secure against yesterday’s threats. Securing your network and data means connecting your network firewalls and routers. In this post, we’ll look at some strategies that can help reduce your IT network and information security risks.

Physical Devices

Workstations, laptops, smartphones, servers, and even the cables your data moves through are all potential vectors for network intrusion. Physical devices must be protected to maintain robust router and network firewall security. There are a few things you can do to ensure your network is as safe as possible:

Create Use Policies

Work with your team or outside experts to establish policies that define acceptable technologies and where in your infrastructure they can exist.

Establish Controls
Create a program that documents access and actions so you can:
  • assess ongoing incidents
  • anticipate future problems
  • investigate incident causes and responses
Assign Responsibility
Put someone in charge of ensuring standards are upheld. Make sure they have the skills and access to:
  • assess vulnerabilities
  • maintain software
  • review and update configurations
Review Configurations

Regularly review device configurations and update software for wireless access points, firewalls, switches, and routers.

Limit Permissions

Restrict permissions for critical parts of your network to those who:

  • need the access to perform their job
  • have appropriate skills
  • are sufficiently reliable
Monitor Access Points

Keep tabs on who is accessing your system remotely and from where.

Tips for Success:
  • Changing your network could mean a physical change, like adding a new device, or a software-related change, like a firmware or anti-virus update.
  • Your device manager can be from any level of the organization, but they need to be empowered to enforce your policies to be effective.
Operating Systems

Operating Systems

Your operating systems should be continually updated to leverage the power of new technologies, fix bugs, and address security vulnerabilities discovered throughout their lifecycle (often because those vulnerabilities were exploited).

If your OS isn’t managed correctly, it can open you up to a breach. Make sure you:
  • Remove all unnecessary programs
  • Regularly download and install service packs
  • Ensure your OS is regularly patched
  • Define access and password rules for all users

Apply the Principle of Least Privilege

The principle of least privilege suggests that anyone who requires access to a system be given only the lowest level of permissions possible to perform their task — and for the shortest possible duration. Keep access to a minimum to reduce the risk of malicious or accidental damages.

“Every program and every privileged user of the system should operate using the least amount of privilege necessary to complete the job.”

— Jerome Saltzer, Communications of the ACM

Maintain Detailed Hardening Standards

Hardening standards are used to set baseline standards for your system. No matter what your organization’s size, it’s critical to maintain a detailed set of hardening standards. Luckily, this is an area where you won’t have to reinvent the wheel. Numerous standards — like SANS, NSA, or NIST — already exist to help you protect yourself.
Remember, being compliant isn’t always the same as being secure. The fact that something is beyond standards doesn’t mean it’s not worth considering. If you aren’t sure, an outside expert can help you determine your best course of action.

Log Configuration Changes

In the last section, we discussed the value of using a control program to guard physical infrastructure. It’s also essential to record who makes changes to your systems. This frequently missed step can be helpful when determining whether an event is the result of a security incident, human error, or authorized action.

Change Default Settings

We all do it. We change the settings we want to change and leave others the way they came — especially if we aren’t sure what they do. Unfortunately, your systems have a lot of settings that affect sub-systems in ways you wouldn’t expect. Leaving network settings in their default state gives potential intruders a door to which they may already have the key. Every setting you change makes things more challenging for them and makes you safer.

Encrypt. Encrypt. Encrypt.

Encryption makes it far more difficult for cybercriminals to use any data they successfully intercept, but many encryption protocols have already been broken to the point of obsolescence. Stay current using these best practices:

  • Disable web-based management (if you aren’t using it)
  • Verify that your certificates are strong and accepted
  • Disable Telnet and clear text protocols
  • Use the latest SSH whenever possible
  • Establish a VPN

Tips: Check with your network administrator to determine whether your current encryption protocols meet your needs and schedule regular security reviews. It’s better to be too secure than to lose essential assets or time.

Schedule Regular Updates

Be sure to include the software of networking devices in your updating schedule. Installing a new version when your OS updates isn’t always necessary, but it’s essential to protect against the most current threats, making regular patching a crucial part of your defense against intrusion.

Other steps you can take to protect from intrusions include:
Remote Console Timeouts
Timeouts of 15 minutes or less can protect you from malicious acts when users are away from devices.
Support NTP
Network Time Protocol synchronizes computers to UTC and utilizes algorithms to properly coordinate time between hosting time servers so you know when your system is accessed.
Disable Unused Interfaces
Disabling unused interfaces can help prevent intruders from using old forms or APIs to access your network.
Verify Downloads
Ensure that system downloads or updates are not corrupted or malicious.
Restrict Inbound/Outbound ICMP
Limit unauthorized network infrastructure exposure while still reaping the benefits of network monitoring.
Enable Anti-Spoofing Rules
Prevent bad actors from fooling your system into believing they’re within your trusted network.

Traffic Rules

Traffic rules dictate what’s allowed to pass in and out of your network. They’re an instrumental part of your router and network firewall security strategy. Let’s look at some steps you can take to reduce the risk of data and other assets being lost or accessed via your network.

Use Approved Ports and Services

Ensure no one can find unprotected access points directly or via unreliable software. Work with your network administrators to maintain a list of approved ports and services.

Limit Traffic
Limit types of data that enter and exit your network by specific means. Work with your network administrator to create policies for information traveling in or out.
Avoid “Any”-Based Rules
Rules based on “any” (an easily circumvented coding catch-all) can’t shape traffic securely. Assess specific risks most relevant to your organization and ensure they’re covered effectively.

Is Your Network Firewall Security Really Secure?

The more sensitive the assets you need to protect, the more secure you must make them. It seems like a simplification, but if you’re housing sensitive data, you should go above and beyond to protect your business and all relevant stakeholders.

Contact AIS Network’s experts today if you have questions about network firewall or router security. We’re here to help protect your business-critical infrastructure.