The Top Five Firewall Security Tips

The firewall is a critical part of network design. Designating protected resources, defining allowed access from network area to network area, protecting business from the ever present dangers on the Internet and more are all part of the firewall's job. Let's look at the top five firewall security tips to accomplish these goals.

Simple packet filtering rule-based firewalls are old hat. While the fundamental concepts still apply for protection and have their place, application layer inspection and advanced traffic analysis are far more powerful. If you're using decade old firewall technology, it's time to upgrade. The latest firewalls have so much more to offer, with more intelligence, performance, and flexibility that you will be amazed.

Whether you use a firewall that has redundancy and load balancing capability built in, or if you use separate load-balancing technology, using it shouldn't be overlooked. Distributed Denial of Service (DDoS) attacks, unexpected overloads of traffic, and incidental crashes can all be overcome with fail over and load balancing. If you think it's not worth the extra cost, consider what the cost is of having no Internet access for your business while your firewall is down, or what the cost is for your customers to be unable to contact you by e-mail or place a Web order.

This one seems so obvious, yet is often overlooked. In the name of expedience lax rules are created or are "temporarily" put in place. Firewall rules and policies must be as strict as they can be in order to provide the maximum protection. Weak rules provide weak protection. Don't make changes in the name of expediency or in a rush. There need to be solid, documented reasons for the rules you have in place. And furthermore, if things change and the rules are no longer being used, remove them.

Most modern firewalls allow for connectivity to Active Directory, LDAP, or other authentication databases, whether directly or through RADIUS. Yet often the potential of these user directories is untapped. Use authentication for access to resources. Adding a "who" is allowed to the "what" is allowed is much stronger.

The best firewall technology I've used is dynamic, active security that the firewall puts in place on identification of an intrusion. Intrusion detection and prevention technology is integrated into the firewall, or connected to it, so that real-time responses can block attacks as they are detected. Intrusion detection and prevention technology can prevent an infection of a virus or worm from turning into an epidemic.

Internet security threats become more sophisticated, more difficult to detect, and more powerful as time passes. The same technology that makes the latest malware such as worms, trojans, and DDoS attacks more of a threat fortunately can be repurposed into cutting edge firewall technology. Having that technology in place, and having it configured correctly and effectively is your job.