Six Best Practices for Secure Network Firewall Configuration
Network firewalls provide an essential aspect of network security by monitoring traffic and preventing unauthorized traffic from accessing systems. Reliable network firewall security doesn’t automatically happen when an organization adds a firewall to its IT ecosystem, however. Follow these six best practices for firewall configuration to improve network security and protect organizations from malware and other types of attacks.
1. Configure Network Firewalls to Block Traffic by Default
Even when IT teams do their best to follow firewall configuration best practices, they risk missing vulnerabilities that malicious actors can exploit. Setting firewall security to block traffic by default helps address this problem. When IT teams block all unknown traffic trying to access the network, they make it much more challenging for unethical hackers to infiltrate the system.
2. Follow the Principle of Least Privilege
Of course, some people will legitimately need access to an organization’s network. Organizations can configure their network firewall security to allow authorized users, but that doesn’t mean that cybersecurity teams need to give them unlimited access. Each account should only have access to the files and tools necessary to do the user’s job.
For example, an account belonging to a third-party vendor that fulfills orders only needs access to information about purchased products and where to send them. The vendor does not need any information about business processes, customer payment records, or other sensitive data. Following the principle of least privilege will ensure that all types of firewalls are able to secure the network more effectively.
3. Specify Source IP Addresses Unless Everyone Needs Access
In rare cases, IT teams might want to give everyone access to a part of the network. In these cases, they can configure their source IP addresses as ANY—for example, to let anyone visit a business’s website.
If you don’t want everyone on the internet to have access to a part of the network, however, specify the source IP addresses. Taking this step will limit the IP addresses to which traffic can connect.
4. Designate Specific Destination Ports
Always make sure that your organization’s firewall network configuration designates specific destination ports for connected services. Perhaps a business has a destination port that lets authorized users access client contact information. In that case, establish that destination port as the source of that data and only let authorized accounts connect to it.
5. Open the Firewall Ports That Users Expect
Take the time to learn which ports users expect to find open when they try to access networks. The ports that IT teams open will depend on a few factors, such as the services and data that users tend to access and the types of servers and databases that the organization uses. You can find more information about Microsoft server ports here (Czechowski et al., 2022) and Linux server ports here (Kumar, 2021).
6. Designate Specific IP Address Destinations
Designating specific IP address destinations serves a similar purpose as designating destination ports. Organizations want to limit access to IP addresses to prevent unauthorized traffic from entering their networks.
Additionally, this type of firewall network protection can help prevent distributed Denial-of-Service (DDoS) attacks. DDoS attacks have become increasingly common, especially in the United States, the United Kingdom, and China (Sava, 2022). Implementing defenses against this type of attack is key to ensuring that customers, vendors, and employees can maintain access to the network.
Hone Your Network Security Skills with Training from EC-Council
Knowing firewall configuration best practices is an important part of ensuring network security. Go a step further by learning how to test network firewalls for vulnerabilities. Approaching network firewall security from a hacker’s perspective can make it possible for you to find weaknesses that other IT professionals would never think to identify.
EC-Council’s Certified Network Defender (C|ND) program offers the training you need. Building a strong foundation in network security—and obtaining a certification that proves your skills to potential employers—will prepare you to protect organizations from malicious actors. Cybersecurity professionals who know how to attack a firewall like a hacker can identify countermeasures that add to their network’s security.
The C|ND course has 20 modules to prepare you for real-world cybersecurity challenges. Some of the topics you will cover include:
- Network perimeter security
- Network attacks and defense strategies
- Enterprise cloud network security
- Data security
- Threat assessment and attack surface analysis
- Threat prediction with cyberthreat intelligence
Get a preview of the C|ND course with these demos on EC-Council’s website. When you’re ready to enroll, contact EC-Council to start learning the skills you need to become a meaningful part of any network security team.
Czechowski, A., Ohmsen, J., Stewart, M., Hermansen, B., Saukko, P., Coulter, D., & Eby, D. (2022, March 8). Ports used in Configuration Manager. Microsoft Docs. https://docs.microsoft.com/en-us/mem/configmgr/core/plan-design/hierarchy/ports
Kumar, C. (2021, December 25). Default port numbers you need to know as a sysadmin. Geekflare. https://geekflare.com/default-port-numbers/
Sava, J. A. (2022, February 14). Global distributed Denial of Service (DDoS) attacks worldwide in 2021, by attacked country. Statista. https://www.statista.com/statistics/1255583/ddos-attacks-by-attacked-country/