Menu
Companies warned over 'aging' firewalls

Companies warned over 'aging' firewalls

Firewalls become more of a security risk as they 'age', a security assessment company has advised at the launch of a new service it claims can strip out the risk posed by out-of-date rules.

According to UK-based Pentura, firewalls are typically managed by a succession of admins who create their own rules, which then accumulate over a period of years. This creates rule duplication, which can impinge on performance, but also brings risks such as the use default or open passwords.

Worst still, because some staff with access to the firewall console will have been from partners and third party organisations, old rules can leave a trail of security holes that go unnoticed by the staff that succeed them.

The company estimates that the average company of 5,000-10,000 seats, will have anything between 200 and 600 rules per firewall, more if multiple devices is taken into account. The commonest problem will simply be excessive use of the same policies.

Understanding the web of sometimes complex rules was extremely difficult to do, more so for staff not steeped in the subtleties of a particular platform. "Above 100 rules it starts to get harder," said Pentura's R&D director Simon Morris. "Rules get added rather than taken away."

Pentura uses an automated tool for a first-run analysis, which forms the basis for a manual assessment of where the overlaps and possibly security problems might lie, he said. The main platforms encountered by the company were Cisco, Check Point and, even years after its disappearance, Netscreen, which demonstrated the length of time 'geriatric' firewalls were being kept in service.

The service is restricted to conventional packet firewalls, but the company is looking at how this concept might be extended to application and unified threat management (UTM) devices in the future.

The Firewall Risk Assessment service, including remediation, starts at £5,000 (approx $3,400) for a single cluster - usually two devices - with economies of scale as more firewalls are added.


Follow Us

Join the newsletter!

Or

Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.

Featured

Slideshows

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Reseller News launches new-look Awards at 2018 Judges’ Lunch

Introducing the Reseller News Innovation Awards, launched to the channel at the 2018 Judges’ Lunch in Auckland. With more than 70 judges now part of the voting panel, the new-look awards will reflect the changing dynamics of the channel, recognising excellence across customer value and innovation - spanning start-ups, partners, distributors and vendors.

Reseller News launches new-look Awards at 2018 Judges’ Lunch
Kiwi channel debates GDPR as Reseller News Exchange hits Wellington

Kiwi channel debates GDPR as Reseller News Exchange hits Wellington

This exclusive Reseller News Exchange, in association with Arrow ECS ANZ, ForeScout and StorageCraft, went on the road to debate the early implications of GDPR in New Zealand, extracting opportunities while evaluating challenges for the channel in the year ahead.

Kiwi channel debates GDPR as Reseller News Exchange hits Wellington
Show Comments