Firewall Rules Review – Best Practices

Firewall Rules Review – Best Practices

  • Firewall Rule Change Control Form should be used for each firewall rule addition or modification.
  • Details to be captured:
  • Requesting Department
  • Requestor from the Requesting Department
  • Approver from the Requesting Department
  • Source IP, Hostnames and Ownership Information
  • Destination IP, Hostnames and Ownership Information
  • Destination Port that needs to be Opened in the Firewall
  • Business Justification for the Firewall Rule
  • The width of the rule (source, destination and ports being allowed) should be as minimum as possible.
  • Duration of Applicability (As minimum as possible)
  • Approver from Reviewing Department
  • Unique ID to identify the Firewall Rule
  • Date of Request of Firewall Rule
  • Date of Final Approval of Firewall Rule
  • Quarterly review should be performed on firewall rules.  Expired rules should be removed after confirmation from the Requestor Department Manager.
  • Annual review should be performed on non-expiring firewall rules.  Rules should be removed unless approved by the Requestor Department Manager.

References

https://www.giac.org/paper/gsec/3037/firewall-rule-review/102017

http://cdn.swcdn.net/creative/v9.3/pdf/Whitepapers/Best_Practices_for_Effective_Firewall_Management.pdf

Firewall Rules Review – Best Practices