SOURCE: Tufin Technologies

Tufin Technologies

December 02, 2009 08:00 ET

Tufin Technologies Shares Proven Firewall Management Best Practices to Deter Holiday Hackers

LONDON and RAMAT GAN, ISRAEL--(Marketwire - December 2, 2009) - Tufin Technologies, the leader of security lifecycle management solutions, is offering some useful recommendations to make sure organizations don't become hacking victims over the Christmas and New Year break.

According to a recent survey of 79 DEFCON attendees, an overwhelming majority -- 81 percent, viewed the holiday season as the ideal time for hacking business computer systems. "It was the perception of the people we surveyed at DEFCON that the Christmas and New Year season are popular with hackers targeting western countries," said Michael Hamelin, Tufin's Chief Security Architect, adding that the rationale was that it is the time when people relax and let their hair down, and many organizations run on a skeleton staff over the holiday period.

"Additionally," said Hamelin, "96 percent of hackers in the survey said it doesn't matter how many millions a company spends on its IT security systems, as it's all a waste of time and money if the IT security administrators fail to configure and watch over their firewalls. Here are a few things we can do as a regular practice to make sure network firewalls don't become an easy target for them*:"

1.  Document all firewall rule changes.
    Firewalls do not have a change management process built into them, so
    documenting changes has never become a best, or even standard practice.
    If a firewall administrator makes a change because of an emergency or
    some other form of business disruption, chances are they are under the
    gun to make it happen as quickly as possible, and process goes out the

2.  Install all access rules with minimal access rights.
    Another common firewall security issue is overly permissive rules.
    A firewall rule is made up of three fields -- source (IP address or),
    destination (network/subnet), and service (application or other
    destination). In order to make sure there are enough open ports
    for everyone to access the systems they need, common practice has been
    to assign a wide range of options in one or more of those fields. When
    you allow a wide range of IP addresses to access a large groups
    networks for the sake of business continuity, these rules become
    overly permissive, and as a result, insecure.

3.  Verify every firewall change against compliance policies and change
    Firewalls are the part of the physical implementation of corporate
    security policy. Every rule should be reviewed to understand that it
    meets the spirit and intent of the security policy and any compliance
    policies, not just the letter of the law.

4.  Remove unused rules from the firewall rule bases when services are
    AKA: avoid rule bloat. Rule bloat is a very common occurrence with
    firewalls because most operations teams have no process for deleting
    rules. Getting into the loop on server decommissioning, network
    decommissioning, and application upgrade cycles is a good start
    for understanding when rules need to come out. Running reports on
    unused rules is another step. Hackers like the fact that firewall
    teams never remove rules. In fact, this is how many compromises occur.

5.  Perform a complete firewall review at least twice per year.
    If you are a merchant with significant credit card activity, then this
    one is not just a best practice but a requirement. PCI requirement
    1.1.6 call for reviews at least every 6 months. Firewall reviews are
    also a critical part of the maintenance of your firewall rule base.
    Networks and services are not static so your firewall rule base should
    not be either. As corporate policies evolve and compliance standards
    change you need to review how you are enforcing traffic on the

* Previously published in a Sept. 14, 2009 Network World Column (

About Tufin Technologies, Inc.

Tufin™ is the leading provider of Security Lifecycle Management solutions that enable companies to cost-effectively manage their network security policy, comply with regulatory standards, and minimize IT risk. Tufin's products SecureTrack™ and SecureChange™ Workflow help security operations teams to manage change, minimize risks and dramatically reduce manual, repetitive tasks through automation. With a combination of accuracy and simplicity, Tufin empowers security officers to perform reliable audits and demonstrate compliance with corporate and government standards. Founded in 2005 by leading firewall and business systems experts, Tufin serves more than 400 customers in industries from telecom and financial services to energy, transportation and pharmaceuticals. A respected member of the network security community, Tufin partners with leading vendors including Check Point, Cisco, Juniper, Fortinet and F5, and is committed to setting the gold standard for technological innovation and dedicated customer service. For more information visit, or follow Tufin on:

Twitter at

LinkedIn at

Facebook at

The Tufin Blog at

The Tufin Channel on YouTube at

Contact Information

  • Media Contacts:
    US Contact:
    Elizabeth Safran
    212-740-1037 (office)
    408-348-1214 (cell)