Firewall Best Practices for Periodic Activities

Relevant to those who are configuring and otherwise administering network firewalls on UW-Madison networks.

The UW-Madison Network Firewall Advisory Group developed this list of periodic activities for firewall administrators. Further detail for the activities will be added as it is developed.

Daily

  • Review reports on advanced protection blocks. Required.

    Importance: Could indicate infection or other compromise.

  • Follow up on alerts from Cybersecurity Operations Center (CSOC). Required.

    Importance: Could indicate infection or other compromise.

Weekly

  • Check selected traffic logs. Interesting logs will vary among firewalls. Optional.

Monthly

  • Check trends. Interesting trends will vary among firewalls. Optional.

Quarterly

  • Check firewall admin access. Required.

    Importance: Firewall admin access should be removed as soon as it is no longer needed. This check is to cut off any remaining out-of-date firewall admin access that slipped through the cracks.

  • Check VPN user access. Required.

    Importance: VPN may allow users behind firewall. VPN access should be removed as soon as it is no longer needed. This check is to cut-off any remaining out-of-date access that slipped through the cracks.

  • General firewall health checkup, for example: look for anomalies, unusual traffic, etc. Optional.

Yearly

  • Review firewall rules, profiles, and other configuration parameters. Required.

    Importance: Do the rules, profiles, and other configuration parameters still meet the need? Are any rules or settings no longer needed?

  • Review and update information in AANTS. (NOTE: AANTS sends reminders.)




Keywords:firewall PaloAlto best practices   Doc ID:92094
Owner:GARY D.Group:IT Policy
Created:2019-05-31 14:04 CDTUpdated:2019-05-31 15:00 CDT
Sites:IT Policy, Office of Cybersecurity
Feedback:  0   0