Firewalls are essential to protecting assets across your digital landscape from potential cybersecurity threats. Developing a firewall implementation framework that addresses your most pressing security needs will enhance your overall cybersecurity. Read on to learn more.
How Can You Effectively Implement Firewalls?
The National Institute of Standards and Technology (NIST) recommends a five-stage approach that enterprises can adopt for robust firewall design and implementation:
- Planning firewall design and implementation to meet security needs
- Configuring firewalls in alignment with a firewall policy
- Testing firewalls to optimize configurations
- Deploying firewalls per enterprise security policies
- Managing firewalls to maintain firewall effectiveness
A managed security services provider (MSSP) will help you optimize firewall implementation to meet your security needs and increase your ROI on cybersecurity.
What are Firewalls?
Firewalls control the flow of traffic across networks, functioning as security tools to manage connectivity and access to network environments.
Although firewalls typically apply to Internet security, firewall implementation extends to network environments for functions including:
- Restricting connectivity across internal network environments, such as those containing sensitive data
- Preventing unauthorized access to internal systems and resources
- Compliance with regulatory frameworks (e.g., PCI DSS, HIPAA)
Effective firewall implementation requires an understanding of which types of firewall technologies will best address your security needs.
Request a Free Consultation
How to Determine Firewall Capabilities
Firewalls function by examining the data transmitted in layers across networks. According to the NIST, the most commonly used data transmission protocols are Transmission Control Protocol/Internet Protocol (TCP/IP) layers.
From highest to lowest, the four TCP/IP layers include:
- Application Layer – The first layer facilitates data transfer for applications, some of which include:
- Domain Name System (DNS)
- Hypertext Transfer Protocol (HTTP)
- Simple Mail Transfer Protocol (SMTP)
- Transport Layer – The second layer facilitates the transmission of application layer services across networks to increase the effectiveness of communications. Transport layer protocols include:
- Transmission Control Protocol (TCP)
- User Diagram Protocol (UDP)
- IP Layer – Also called the Network Layer, the third layer transmits packets between networks and includes protocols such as:
- Internet Protocol version 6 (IPv6)
- Internet Control Message Protocol (ICMP)
- Internet Group Management Protocol (IGMP)
- Hardware Layer – Also called the Data Link Layer, the fourth layer facilitates communication between physical network components. The most common hardware layer protocol is Ethernet.
Most basic firewalls function by examining data transmission via one or more of the lower TCP/IP layers. However, more advanced firewalls, which conduct specific examinations of network traffic, will operate at all the TCP/IP layers.
Firewalls that function at the higher-level TCP/IP application layer can also provide network access management services and effectively defend complex networks.
Conducting a NIST TCP/IP layer assessment of several firewall technologies will help determine which firewall implementation best fits your needs, especially with the help of an experienced MSSP.
Planning firewall implementation starts after determining the need for a firewall to address network and system security. Establishing a well-defined firewall policy will help effectively implement firewalls across networks and systems.
Implementing a Firewall Policy
The NIST recommends establishing an organization-specific policy to govern firewall implementation.
Specific considerations for implementing a firewall policy include:
- Risk analysis to identify:
- Types of necessary incoming network traffic
- Appropriate security measures to filter network traffic
- Potential threats and vulnerabilities to networks and systems
- Impact of threats to the stability of systems or networks
- Documentation of firewall security requirements
- Ongoing updates to the security policy to reflect evolving risks and vulnerabilities
- Guidelines to streamline firewall change management
The most critical aspect of a firewall policy is to define which traffic should be permitted into your organization’s networks.
Considerations for Firewall Planning
Once established, a firewall security policy will guide aspects of firewall implementation, especially those concerning:
- Proper device use – Firewall construction should account for firewall capabilities, ensuring the right firewalls are used to filter network traffic through TCP/IP layers.
- Security layers – Planning firewalls should create defense-in-depth via multiple security layers. Defense-in-depth firewall implementation helps address:
- Effective risk management in case one defense layer is compromised
- Multiple points of security (e.g., perimeter, internal networks, individual devices)
- Integration of security program components (e.g., antimalware)
- Internal threat assessment – Firewall implementation for external threats can leave organizations exposed to internal threats. All critical systems should be secured with internal firewalls to minimize security risks such as malware.
- Documentation of planning – All aspects of firewall planning should be documented to define:
- Capabilities and limitations of firewall technologies
- Changes to firewall security policies
- Decision-making around firewall deployment
Additional factors to consider when deciding firewall design and implementation include:
- Areas within the organization requiring firewall applications, some of which include:
- External perimeters (e.g., network or system)
- Internal departments (e.g., isolating sensitive accounting functions)
- Remote office (e.g., Virtual Private Network (VPN) access)
- Types of firewall technologies that will best address security needs, some of which include:
- Packet filtering firewalls
- Stateful inspection
- Application firewalls
- Management of firewall capabilities to support:
- Remote firewall management (e.g., HTTP-over-SSL)
- Alignment with organization-specific firewall policies
- Restriction of remote firewall management to a specific internal network
- Centralized management of multiple firewall devices
- Additional requirements for integrating firewalls into an organization’s infrastructure, including:
- Specific types of hardware
- Compatibility with other devices on the network
- Interoperability with existing systems
- Personnel management requirements, including:
- Designated management personnel
- Training of firewall system administrators
Outcomes of the firewall implementation planning phase will determine how to best configure and deploy firewalls into production.
The next phase of firewall design and implementation is configuring firewalls and integrating them into your organization’s security architecture. The NIST recommends several processes for effective installation and configuration of firewalls.
Installation of Firewall Hardware and Software
Once purchased, the installation of firewall components depends on whether the firewall is either software-based, hardware-based, or both.
Installation of a software-based firewall requires the following components:
- Hardware housing the firewall
- Operating system supporting the firewall
- Firewall software
Security patches and vendor-supplied updates must also be deployed when installing software- and hardware-based firewalls.
Installation of the software and hardware for firewalls should ensure:
- Management of firewalls is restricted to designated system administrators
- Network firewalls are installed in facilities that provide appropriate:
- Environmental requirements (e.g., humidity, power, space)
- Physical security to mitigate unauthorized access to firewalls
- Firewall clocks are synchronized with internal time sources for efficient log management
The software and hardware used to construct firewalls must be installed securely and align with a firewall policy to minimize security gaps and vulnerabilities.
Configuration of a Firewall Policy
Firewall policies define how a firewall will function and filter traffic.
The four widely-used configurations for firewall policies include:
- Firewall implementation via specific internal rules
- Configuration of firewall settings that then establish internal rules
- Automatic creation of firewall rules and policies
- A combination of the internal rules, firewall settings, and automatically created firewall policy configurations
The specific selection of firewall configuration determines the ruleset for firewall operation. Once rulesets are defined, they should inform firewall implementation per the organization-specific firewall policy.
Additional considerations for creating rulesets include:
- Rulesets should be specific to the network traffic a firewall will filter.
- The types of traffic to be filtered and sent to applications should define rulesets.
- Rulesets vary with different firewalls and must be implemented per the organization’s firewall policy.
- Some firewalls will require more complex rulesets, depending on the desired application
- The addition of comments to rules within rulesets will help:
- Determine the rationale for creating a rule
- Audit rulesets
- Manage configuration logs
- Certain rules that govern firewall functionality may need to be explicitly defined, including:
- Port filtering at the edges of networks
- Content filtering at points close to the content receiver
- If multiple firewalls are in use, firewall rules should be synchronized across firewalls
Rules for firewall implementation will vary across organizations, their specific needs, and the staff creating the rulesets.
Configuration of Firewall Logs and Alerts
Following hardware and software installation and firewall policy configuration, the next step is the configuration of firewall logs and alerts.
Management of firewall logs and alerts is critical for:
- Validating firewall security configurations
- Providing intelligence for incident response protocols
When configuring firewall logs and alerts, it is also essential to manage log storage, ensuring:
- Local storage on physical devices
- Centralized storage on the cloud
The amount of log data stored locally or centrally depends on each organization’s security administrator. Some administrators prefer to minimize the resources allocated to managing large volumes of security incident logs. In contrast, others prefer an internal threat monitoring system to identify potential threats as soon as possible. In both cases, fast and effective threat detection is critical to enhancing the efficiency of firewalls.
Firewall alerts should also promptly notify the appropriate security personnel regarding:
- Modifications of firewall rules
- System changes and operational events, including:
- Disk shortages
Configuration of robust firewall logging and alert processes will enhance the security of firewall implementation.
Following firewall configuration, the next step in firewall design and implementation is testing and evaluating firewalls before deployment.
Considerations for firewall testing include:
- Testing should be conducted on a test network before releasing the firewall into live environments
- The test network used for testing should be highly representative of the production network, especially regarding:
- Network topology
- Firewall traffic
Evaluation of firewalls during testing should address:
- Connectivity – Firewalls should enable users to create and maintain network connections.
- Ruleset alignment – Firewalls should align with the defined ruleset, ensuring:
- Traffic prohibited by the firewall policy is not permitted through the firewalls
- Traffic allowed by the firewall policy is permitted through the firewalls
- Validation of the ruleset with the established rules working as expected
- Compatibility – Firewalls should not interfere with or disrupt functionalities within existing applications (e.g., communication between applications and networks).
- Management – Firewalls are easily and securely configured and managed by system administrators.
- Logging – Event logging and data management align with the firewall policy.
- Performance – Firewalls function optimally during normal and peak user demand.
- Security – Firewalls should be tested to identify any vulnerabilities and gaps that can be exploited by cybercriminals. Strategies for security evaluation include:
- Threat and vulnerability assessment of the firewall technologies
- Penetration testing to identify unknown security gaps
- Interoperability – Firewall components function optimally when integrated, especially if acquired from different vendors.
Testing firewalls prior to deployment will help address any outstanding security gaps and increase your ROI on firewall implementation.
The fourth step in firewall implementation is the deployment of the tested firewalls.
Considerations for firewall deployment include:
- Deployment should align with the firewall policy and broader organization-wide security and change management policies.
- System users must be notified of planned deployment, with a reporting mechanism in place for any firewall issues.
- Changes to other system components connected to firewalls should be planned along with firewall deployment.
- Where multiple firewalls are deployed, gradual deployment can help identify and address any issues before a large-scale, enterprise-wide installation.
- Piloting firewall deployment can also help identify conflicts between firewall and security policies that could affect overall implementation.
- Integrating a firewall into the flow of network traffic should account for:
- Other network elements interacting within the firewall
- Modifications to router placements, if the firewall is acting as a router
Deployment is critical to the firewall design and implementation and must be planned systematically to ensure a streamlined and secure firewall installation.
Lastly, firewall implementation requires management processes to keep firewalls running effectively.
For robust firewall performance, you can implement firewall management processes, including:
- Routine testing and patch management of firewalls
- Updating firewall policies following:
- Identification of new threats
- Changes to security requirements (e.g., the addition of hosts within networks)
- Reviewing firewall policies to ensure compliance with organization-wide security policies
- Monitoring of firewall performance to identify resource issues and minimize firewall disruptions
- Ongoing monitoring of logs and alerts to identify threats and develop internal threat intelligence capabilities
- Backing up firewall rulesets and testing firewall rules where necessary to validate functionality
- Logging all firewall policy decision-making, including changes to rulesets
Effective firewall implementation is best achieved with ongoing management of firewalls. Working with an experienced MSSP will help you develop a sustainable and robust infrastructure that simplifies firewall management.
Implement Robust Firewall Infrastructure
Developing systems to plan, configure, test, deploy, and manage firewalls will help you streamline firewall implementation and optimize your network and system security.
Consulting with a qualified MSSP will help you rethink your overall firewall security. Contact RSI Security today to learn more!