Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Attacks/Breaches

11/15/2011
07:13 PM
Connect Directly
Twitter
RSS
E-Mail
50%
50%

Survey: Half Of Firewall Rules Improperly Configured

Firewall administration, auditing still mostly a manual process, leading to errors and breach risks

Most organizations are still struggling to keep tabs on their firewall operations and changes in the network that require writing new firewall rules, a new study released today reveals.

Around 85 percent of the 100 network administrators surveyed in Tufin Technologies' 2011 Firewall Management report say that half of their firewall rule changes eventually need to be fixed because of improper setup. Just 7 percent say their firewall audit processes are automated, and 40 percent say they spend a month or more per year on handling firewall audits.

“We were surprised to learn that half the sample is still doing basic tasks manually, such as tightening up permissive rules, looking for shadowed rules or recertifying rules," said Shaul Efraim, vice president of marketing and business development at Tufin. "There is no benefit to having experienced administrators spend their days searching for needles in haystacks."

Close to half of the respondents pinpoint redundant rules manually, while 20 percent have no process for finding these redundancies. Around 43 percent say they manage firewall rules manually, and 41 percent say they don't have a way to determine when a firewall rule must be retired or fixed.

More than 20 percent say they knew of someone who cheated on a firewall audit, mainly due to lack of time. And 23 percent have never performed a firewall audit at all.

Close to 30 percent say it takes them several hours to change a firewall rule, and some 66 percent say their change management processes leave their organizations prone to breaches due to lack of formal processes (56 percent) aor nd manual processes with too many steps or people in the process (29 percent).

“Despite our success, this survey reveals the maturity curve for Security Lifecycle Management is still on the upswing,” said Efraim. “Without process automation, auditing network security systems -- especially as organizations continue to use more firewalls in virtualized environments and embrace Next Generation firewalls -- is simply not possible. 60% of the sample cited lack of time as the weakest link in their network security. If that is not business justification for automating fundamental but time consuming, error prone, network security processes, then what is?”

Tufin conducted the survey online. Forty percent of the respondents work for companies with up to 500 people and 30 percent with more than 5,000, in the telecommunications, financial services, energy, pharmaceuticals, and transportation industries.

Have a comment on this story? Please click "Add Your Comment" below. If you'd like to contact Dark Reading's editors directly, send us a message.

Kelly Jackson Higgins is the Executive Editor of Dark Reading. She is an award-winning veteran technology and business journalist with more than two decades of experience in reporting and editing for various publications, including Network Computing, Secure Enterprise ... View Full Bio

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
Where Are the 'Great Exits' in the Data Security Market?
Dave Cole, Cofounder and CEO, Open Raven,  10/13/2020
Overcoming the Challenge of Shorter Certificate Lifespans
Mike Cooper, Founder & CEO of Revocent,  10/15/2020
US Counterintelligence Director & Fmr. Europol Leader Talk Election Security
Kelly Sheridan, Staff Editor, Dark Reading,  10/16/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
How IT Security Organizations are Attacking the Cybersecurity Problem
How IT Security Organizations are Attacking the Cybersecurity Problem
The COVID-19 pandemic turned the world -- and enterprise computing -- on end. Here's a look at how cybersecurity teams are retrenching their defense strategies, rebuilding their teams, and selecting new technologies to stop the oncoming rise of online attacks.
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-7747
PUBLISHED: 2020-10-20
This affects all versions of package lightning-server. It is possible to inject malicious JavaScript code as part of a session controller.
CVE-2020-7748
PUBLISHED: 2020-10-20
This affects the package @tsed/core before 5.65.7. This vulnerability relates to the deepExtend function which is used as part of the utils directory. Depending on if user input is provided, an attacker can overwrite and pollute the object prototype of a program.
CVE-2020-7749
PUBLISHED: 2020-10-20
This affects all versions of package osm-static-maps. User input given to the package is passed directly to a template without escaping ({{{ ... }}}). As such, it is possible for an attacker to inject arbitrary HTML/JS code and depending on the context. It will be outputted as an HTML on the page wh...
CVE-2020-5640
PUBLISHED: 2020-10-20
Local file inclusion vulnerability in OneThird CMS v1.96c and earlier allows a remote unauthenticated attacker to execute arbitrary code or obtain sensitive information via unspecified vectors.
CVE-2020-15256
PUBLISHED: 2020-10-19
A prototype pollution vulnerability has been found in `object-path` <= 0.11.4 affecting the `set()` method. The vulnerability is limited to the `includeInheritedProps` mode (if version >= 0.11.0 is used), which has to be explicitly enabled by creating a new instance of `object-path` and settin...