TNP Blog

Best Practices and Recommendations for Firewall Rules

Written by The Network Pro, Inc | Jun 21, 2021 5:44:14 PM

Whether you are a single home user or an IT administrator for a large enterprise looking to improve security for users on your network, firewalls can be a very effective tool when it comes to securing your digital presence. The fact that firewalls have been around for decades should be enough for you to consider using this defense system. Like any other long-standing technology, firewalls have gone through their fair share of changes and developments, however, the fundamental principle remains the same, to only allow authorized traffic to enter your network and/or computer.

The Initial Setup

Before going in and throwing on a bunch of changes to your standard firewall, you need to keep a few things in mind and follow some simple steps to keep things in order in the long run. Editing your firewall rules will not be a daily activity and it is best to keep track of things you do so later down the line you have a reference point.

Documentation

Start with noting down a few bits of key information about each rule which will include things like:

  1. Why the rule was made
  2. The services the rule will affect/be applied to
  3. The users/devices the rule will affect
  4. The date when the rule was applied

Formal Change Procedure

This doesn't apply to single users, but for larger networks that have users coming and going, this is vital. Through a formal change procedure, users will have to request network admins for a change in firewall settings rather than being able to directly alter settings themselves. Moreover, admins will be able to review changes that are requested and evaluate how these changes will affect overall network security. Only when changes are approved will the user be granted a modified firewall.

Firewall Rules

Block All Traffic

This could be used as a default setting and can be put into action by configuring rules in the access control list. As the name suggests, the firewall will block all traffic except that which has been authorized. The authorized traffic will be directed towards the appropriate services and functions will continue according to normal. This is a setting that will also vary depending on the platform that you are using so it may require some adjustments to get things right.

Explicit Rules

All incoming traffic will first be matched against the explicitly mentioned rules. Firewalls in general have a top-down approach when it comes to applying rules to incoming traffic. This means that when traffic is being evaluated for entry to the network, the first rule is applied first, and if it passes that criteria, then second, then the third, and so on. If the incoming traffic passes all the rules, it is permitted. Among the useful explicit rules to have in your list are:

  1. Anti spoofing
  2. Noise drop
  3. Deny and Alert
  4. Deny and Log
  5. User Permit Rules

Explicit Drop Rule (Cleanup)

Even though the firewall is there to stop any traffic from entering, which doesn’t meet the rules criteria, the clean-up rule can be a nice addition and security net to further scrutinize traffic and ensure an even safer environment. through the cleanup rule, you will be able to capture every last bit of traffic that comes your way and it will serve as an additional filter to manage traffic.

Audit Logs

Every network environment is different and even the most seasoned admins need some time to optimize firewall settings to meet the climate. Audit logs are a valuable source of information when it comes to firewall optimization. The log will tell you everything you need to know about the kind of traffic you are dealing with as well as how well your applied rules are performing. It's a great way to keep an eye on anomalies and unforeseen traffic trends. The data in the audit log will be the reference point when it comes to modifying the firewall to improve security and performance.