An article from BizTech by Mike Chapple
Network firewalls is a common way for organizations to protect their networks. They can act only upon a carefully designed set of rules, crafted by people to instruct the firewall on how to react in any given set of circumstances.
The rules that firewalls rely on are quite complex, which means they are vulnerable to human error and require periodic maintenance. Failure to detect errors or maintain firewall rule bases can degrade firewall performance and create significant security vulnerabilities that allow unintended access to sensitive information. In addition to managing firewall rules, administrators should pay careful attention to firewall logs.
1.) Watch for Common Errors- One of the most important administrative tasks that firewall administrators should perform is monitoring the rule base for unintended errors. Some of these are simply typographic errors while others may result from changing business requirements that are not reflected in corresponding updates to firewall rules.
2.) Manage Firewall Logs – The network firewall has a unique perspective on an organization’s network infrastructure. It serves as the gatekeeper to the enterprise network and has visibility into every connection crossing the network perimeter, as well as those that are blocked. The logs that the firewall creates as it manages access to the enterprise network can be an invaluable source of information to both networking and security professionals.
3.) Think Beyond Stateful Inspection- Stateful inspection technology has been in use for over a decade now and has stood the test of time. Firewalls using this technology analyze network packets to determine whether the source and destination addresses (along with other connection characteristics) match the rules that define permitted traffic on the organization’s network.