October 24, 2019

Firewall Management Console Access – WST

Having your perimeter security managed by a third-party Managed Service Provider (MSP) allows for institutions to get trained professionals handling their first line of defense without retaining someone full time.  Using an MSP also allows for the potential of 24/7 support with monitoring and alerting, as they are very time-consuming endeavors for a small team or one person to accomplish internally.

Firewalls and other perimeter devices are primarily managed via HTTPS and SSH ports.  When doing firewall reviews and IT audits, 10-D Security frequently sees rules that allow management traffic from a source of “Any” which means that the management login portal is accessible to any IP address in the world!  Ultimately, the firewall should be configured to allow management traffic ONLY from the MSP.  Strong passwords and multi-factor authentication should also be used to help mitigate unauthorized access. Finally, including your firewall in your patch and vulnerability management process will help protect you from known vulnerabilities.

Ensuring proper restrictions on access to the management interface is an important control to help you mitigate risk with the management of your firewall.

Past Weekly Security Tips – WST