viernes, 4 de enero de 2013

Top firewall management blunders

We've all made one in our career, I'm talking about that blunder for which you thought you would be fired. My first blunder was rebooting all the campus router pairs at one time, not one by one, all at once. I had written a script to install a security update on all the routers and reboot them all one by one, I thought. Turns out my script had an error and didn't wait between routers. I thought for sure I was fired, but it turned out it was a great learning experience for everyone involved. We all learned a little about crisis management, I was introduced to change management, and my boss took a few hours to teach me how to verify the network was working properly as everything came back up online.
Sometimes, our blunders are not so instantly noticeable, and sometimes we make blunders that linger in our firewalls until they either cause an outage or an auditor calls us on them. One of my favorite activities is visiting and talking with firewall engineers around the world. Here are some common blunders I've seen and heard engineers talk about – maybe you'll recognize one or two of them yourself.
  • Creating firewall groups with no meaning
  • Failing to upgrade your firewall software
  • Using the wrong technology
  • The accidental outage
  • Poor documentation
  • Using excessive Drop rules
  • Using routing as your security policy
  • Using DNS objects in a rulebase
  • Making changes in panic mode