SecureState Blog

Read SecureState's award winning blog.

INDUSTRY: Financial Services

SERVICE: Risk Management


Engagement Background

A financial services provider inquired about the status of their firewalls in place. With their reputation at stake, it’s vital to protect against the unauthorized access of customer data. Our Risk Management team performed a Firewall Ruleset Review to analyze firewall security. A Firewall Ruleset Review represents a proactive approach to securing an organization’s network by using a firewall to segment the internal network. A Firewall Ruleset Review is used to strengthen an organization’s perimeter security as well. When creating firewall filtering points, the rule of least privilege should be applied. By restricting traffic to only what’s necessary, the overall risk is decreased.


Why it’s Important

Firewalls are considered to be the windows into a network. All traffic entering or exiting the network must pass through the firewall. As such, firewalls are configured to follow a certain set of defined rules; and serve as the “first line of defense” against any external hacker or malicious user. This makes them an ideal place to log traffic and assist in network segmentation. A line-by-line analysis of the firewall identifies the rules in place responsible for filtering traffic and maintaining network security. It is important for organizations to make sure their network security levels reflect the goals of the business. Externally facing services such as a website contain information suitable for the public to access; however, it is not an appropriate place for critical information. The rules of the firewall allow data to be accessed properly. To ensure the utmost security, organizations must have defined rules regarding access to information on the network.


What the Consultants Had to Say

“It’s a good thing they came to us for help, because now they have a proper remediation plan in place.” The most important course of action is establishing a hierarchy of critical data and putting a rule set in place to limit access of such data. The rules of the firewall are responsible for filtering network traffic. However, “not all firewalls are the same.” Some firewalls have add-on features, while others have web caching or a VPN gateway. Evaluating a firewall’s configuration consists of “looking at what the firewall is doing and who is accessing it.” When we performed a line-by-line analysis, “our consultants discovered object groups with rules that looked tight.” Upon taking a closer look, we noticed a “broad set of rules” allowing for too much unrestricted access through the network. “This defeats the purpose of the firewall.” In the future, we suggest “frequent logging of the firewall’s actions” to make sure “all entry points into the network have a way to trace and correlate events.”