Common errors in configuring firewall rules include:
Failure to accurately set up and coordinate firewalls and apply cloud-based security infrastructure: As network boundaries change and hybrid cloud environments become more prevalent, firewalls need to work in concert with other parts of the security ecosystem, not just as a standalone component.
Misuse of port forwarding rules: The use of port forwarding rules to complete remote access to LAN hosts without restricting the port or source IP address increases the risk of security vulnerabilities.
Ignoring legitimate access needs for specific inventory: Many organizations use broad licensing policies to initiate firewall configurations and then gradually tighten access control policies over time. This approach is prone to prolonged malicious attacks because access requirements are not carefully defined from the start.
No firewall for outbound traffic filtering: Relying on access control rules alone is not enough to guarantee network security, as hackers can bypass access control rules through various means.
Turn off the firewall to improve network speed: Turning off the firewall is equivalent to giving up network security, which is a very dangerous practice.
Port — and protocol-based filtering is the best choice: Traditional firewall filtering is based on port — and protocol-based filtering. However, modern attack methods are increasingly diversified, and many attacks are no longer limited to port — and protocol-based filtering.
Only need to install a firewall to ensure network security: in a complex network environment, it is often necessary to cooperate with multiple firewalls and multiple network security devices to ensure the comprehensive security of the network.
Retention of IP “any” access rules: The error of leaving visible defaults or invisible implicit “Allow any” rules left enabled for many types of connections in industrial networks.
Using the wrong rule order: Firewall rules are processed sequentially, and rules entered or configured in the wrong order can lead to unexpected and undesirable firewall behavior.
Firewalls are considered “outbound only” : In a process control system network, they are generally considered to be protected because the firewall is configured to allow only outbound connections from the industrial network to the external network. This is a serious mistake because outbound access equals inbound command and control.
Avoiding these misunderstandings can help improve the efficiency and security of the firewall and protect the network from attacks.
https://medium.com/@jtticloud?source=post_page---post_author_info--3f84788b4385--------------------------------
Failure to accurately set up and coordinate firewalls and apply cloud-based security infrastructure: As network boundaries change and hybrid cloud environments become more prevalent, firewalls need to work in concert with other parts of the security ecosystem, not just as a standalone component.
Misuse of port forwarding rules: The use of port forwarding rules to complete remote access to LAN hosts without restricting the port or source IP address increases the risk of security vulnerabilities.
Ignoring legitimate access needs for specific inventory: Many organizations use broad licensing policies to initiate firewall configurations and then gradually tighten access control policies over time. This approach is prone to prolonged malicious attacks because access requirements are not carefully defined from the start.
No firewall for outbound traffic filtering: Relying on access control rules alone is not enough to guarantee network security, as hackers can bypass access control rules through various means.
Turn off the firewall to improve network speed: Turning off the firewall is equivalent to giving up network security, which is a very dangerous practice.
Port — and protocol-based filtering is the best choice: Traditional firewall filtering is based on port — and protocol-based filtering. However, modern attack methods are increasingly diversified, and many attacks are no longer limited to port — and protocol-based filtering.
Only need to install a firewall to ensure network security: in a complex network environment, it is often necessary to cooperate with multiple firewalls and multiple network security devices to ensure the comprehensive security of the network.
Retention of IP “any” access rules: The error of leaving visible defaults or invisible implicit “Allow any” rules left enabled for many types of connections in industrial networks.
Using the wrong rule order: Firewall rules are processed sequentially, and rules entered or configured in the wrong order can lead to unexpected and undesirable firewall behavior.
Firewalls are considered “outbound only” : In a process control system network, they are generally considered to be protected because the firewall is configured to allow only outbound connections from the industrial network to the external network. This is a serious mistake because outbound access equals inbound command and control.
Avoiding these misunderstandings can help improve the efficiency and security of the firewall and protect the network from attacks.
https://medium.com/@jtticloud?source=post_page---post_author_info--3f84788b4385--------------------------------
