Identifying and Fixing Common Firewall Misconfigurations

The role of the firewall has shifted a great deal in the last decade, becoming more and more feature packed and costly. But, a common issue we see is customers not making the most of the features they’re paying for.

We asked one of our network and cyber security experts to write his top 5 common missing misconfigurations or, how he put it, “Here’s a list of things that your firewall probably can do, that it’s probably not”. This is what he said:

1) SSL Decryption

I’ve listed this one first because it’s so important to many of the other security features that will be mentioned later in this post. Ultimately, this security service manages all the TLS negotiations between clients and servers, to allow the firewall to perform inspection on traffic traversing encrypted applications like HTTPS, SSH, etc.

Why is this important? Well, when is the last time you saw a website that wasn’t encrypted? Attackers in the past have utilised the fact that much encrypted traffic is not inspected to deliver malicious payloads. With that in mind, this is a key feature to have to allow other features to do their job effectively.

2) Application Control

Firewalls long ago passed L4 port and IP filtering, and so you should too. Opening port 53/UDP or 443/TCP is all well and good, but how can you be sure your intention of only allowing DNS or HTTPS isn’t being hijacked by malicious actors, using it as a way in or out of your network?

Enter application control, this allows you to ensure that when you open port 53/UDP, only DNS traffic is using it – by inspecting the traffic to ensure it conforms to the DNS application. Likewise, Application Control can offer you more granular control for other applications, like Facebook or YouTube – going further, you might even want to specifically apply restrictions to Facebook Messenger, or maybe just the “like” functionality. With Application Control, you can.

3) Intrusion Detection/Prevention

If you’re also responsible for patching your devices, you’ll know just how often vulnerabilities can crop up. You may even be worried about the number of exploits for those vulnerabilities. Well, firewalls can help here too. IDS/IPS is used to detect exploitation attempts against known vulnerabilities, and where prevention is in use, can even block them. This is a must have for externally facing assets, but can be deployed much more widely, such as for internal to internal traffic.

4) Remote Access

This is a feature many people become aware of pretty quickly just a few years ago (cough). Many firewalls can facilitate remote access for end users, but the rush to implement led to less than secure implementations, and the challenges around patching VPN clients seems to persist.

So this section really just serves as a reminder to monitor for vulnerabilities on both the firewalls and the clients. There’s been some very high profile vulnerabilities over the last year. It’s hugely important to keep both patched. Also, if you’re not already doing so, implement MFA on all externally authenticatable services at the very least, such as remote access!

5) Firewall Policy

The last item I wanted to mention goes back to basics, the firewall policy. This is an area of the firewall that also gets neglected, often with permissive or unnecessary rules getting left in, leaving a level of exposure that is far more difficult to track and monitor.

Conduct regular firewall reviews and ensure rules are as tight as they can be. Remove rules that are no longer in use and implement Application ID/Control on firewall policies where practicable.

What’s Next?

Whilst, this post could have been written 10 years ago and have been more or less the same (subtle COVID references aside), we are still seeing organisations with these misconfigurations.

So, what’s next for the firewall? Well there’s some big promises being delivered from the likes of Secure Access Service Edge (SASE) products – allowing you to micro-segment and limit exposure in a way that is difficult or impossible with on-premise firewalls, getting closer to the unicorn that is Zero Trust.

If you want to learn more about modern network design, you can watch “A Guide to Modern Network Security Through Zero Trust and SASE” now. 

Data Connect: End-to-End Cyber Security Services

Data Connect provides comprehensive cyber security services that cover every aspect of protecting your data, systems and reputation. A significant component of these services is network security, which plays a crucial role in your cyber security posture.

Many firewall misconfigurations stem from a lack of ongoing management and optimisation. With our Managed Firewall Service, you gain 24×7 monitoring, regular security health checks, and expert support to ensure your firewall is configured for maximum protection and performance. Whether you need a fully or co-managed service, we help secure your network, enhance threat detection, and maintain compliance.

Our team is composed of certified professionals who possess a deep and extensive knowledge of cyber security principles and practices. They have accumulated a wealth of practical experience by working with a diverse range of businesses, from SMEs to large organisations, across various industries. This experience enables them to tailor their approach to meet the unique needs and challenges of each organisation, ensuring robust security controls and processes.

Want to find out more? Arrange to talk to one of our cyber security experts.