< Back

Security : Firewall : Configuration : Rules

A Good Samaritan

By Calum MacLeod
Calum MacLeod
Director of Sales, Benelux
Tufin Technologies

It happens in a moment – playing with my mobile before going into a meeting; I put it down for a moment and suddenly my host is standing in front of me. Two hours later I’m desperately searching for my phone. Rush back to reception but it’s not there. Here I am in Dubai and my phone is gone! I need to call my provider to block it but the provider’s number is in the phone. I have visions of my wife calling and suddenly panicking that the Somali pirates have got me – like the time I forgot to call from Dublin and she’s waiting for the ransom demand –  I’m still living that one down!

My host comes up with all kinds of useful suggestions about who I should call but since my whole life is in that stupid thing I can’t remember any numbers. All my contacts, email addresses – like I said, my life is in that stupid thing!

All it takes is a small distraction and before you know it you’ve disconnected your business critical applications. One small change on the firewall or the router and suddenly you’re users are disconnected. If you’re a service provider just imagine the revenue loss! If you’re an airline taking online bookings, or a bank, or any kind of business suddenly you are losing money and/or customers just because of a momentary distraction.

And like my phone, recovering the situation is not necessarily that simple. Logically I could say that my phone was somewhere, but precisely where the somewhere is, is a whole other matter. You would think that if one of your admins made a simple change to a firewall or a router you could just immediately reverse the process, but in reality it is often like looking for a needle in a haystack. Some organizations have hundreds or thousands of rules in their configurations and they are being changed and modified constantly. Maybe even worse they are being changed at weekends when everything is quiet and then the proverbial s--- hits the fan on Monday morning!

Maybe you didn’t change anything, you only upgraded to the newest release from your supplier. Only to discover that there are problems because the new release has different defaults to the old release. So how do you now validate your baseline configuration against all the devices that have been upgraded?

And of course someone is always looking to place the blame! Frequently I hear network and security administrators complaining that as soon as something doesn’t work the firewall guys are always the first to be accused. Network connectivity problems are some of the most common – and aggravating – for business users. With distributed systems, as soon as an application does not behave as expected, the firewall is suspect. There are many other possible points of failure – the client application, the user’s PC, intermediate switches, routers, filters, load balancers and the application itself. But, because of its nature (secretive and designed to keep people out) the firewall is a prime suspect. As a firewall administrator, you are guilty until proven innocent.

You can of course take the usual approach to “solving the crime”. Start to analyze the firewall traffic logs. Contact the user, obtain his IP address and ask him to access the application again. Ideally, this should trigger the connection in question. Then you can review the firewall traffic logs and locate the dropped or accepted packets. How easy this is depends on the tools – unless you have a smart log browser, you may have to work with syslogs.  Normally there will be a lot of logs so a filter on the source IP and, if possible, on the destination IP or port will make things easier. But this costs time, money, and above all the user with the problem is not always totally rational in the situation – just ask the guy who was trying to help me find my phone!

Using a Policy Analysis tool will quickly determine whether the firewalls are allowing the user’s traffic or not. If it turns out that the firewall is, in fact, blocking traffic, Policy Analysis will point you to the rule that’s causing the problem as well as when it was last changed, and by whom. In fact if there was an equivalent “Lost Phone Analysis Tool” I would have been able to identify exactly who found the phone and where they were at that exact moment.

Providing network security for any organization has become an extremely complex operation involving many infrastructural components and security teams around the world. Regardless of how experienced someone might be it is impossible for them to be constantly up to date on what is going on. At the same time, organizations must comply with rigorous standards of transparency and accountability. Planning, implementing, enforcing and auditing organizational security policies are now business-critical.

Sometimes you happen to be in the right place at the right time and you get lucky. For example if you’re ever going to lose your mobile I highly recommend Dubai as the place to do it. It’s not everywhere that someone picks up a 16Gb iPhone, calls the last number dialed, drives 50 Km in heavy traffic, and then waits 45 minutes for someone to pick it up. And he didn’t even give his name!

You just might be lucky and spot the problem on your firewall immediately but the chances of doing so are about as slim as being in Dubai when you lose your mobile!

Calum MacLeod
Director of Sales, Benelux
Tufin Technologies
Calum MacLeod is a Regional Manager for Tufin Technologies. With more than 30 years of expertise in secure networking technologies, Calum brings deep domain expertise and a wealth of long standing business relationships to Tufin.

Prior to joining Tufin, Calum worked at Cyber-Ark Software as Director of Business Development, where he was responsible for developing their business in Privileged Identity Management in Western Europe and Africa. Prior to Cyber Ark he has worked with several companies in the development and launching of new technologies such as SSL VPN and PKI.

MacLeod has also served as an independent consultant to corporate and government clients on IT security strategy for various European market segments, including the European Commission.

About Us Editorial

© 2019 Simplex Knowledge Company. All Rights Reserved.   |   TERMS OF USE  |   PRIVACY POLICY