What is the most common cause of firewall failure?
Every business should have a firewall – it’s an essential part of network infrastructure, and it’s simply impossible to build an effective cybersecurity defence without one. (If you’re not sure if you have a firewall or are worried about its performance, check out this quick guide first).
However, a firewall doesn’t end with installation, and you need to complement it with dedicated firewall policies and procedures that are owned and managed by an expert. Without this extra step, your firewall is highly likely to fail, leading to network vulnerability against hackers, malware and other malicious traffic. But what is the most common cause of firewall failure?
The most common cause of firewall failure is misconfiguration.
According to Gartner research, misconfiguration causes 95% of all firewall breaches, not flaws. This means that a firewall has incorrect specifications because of user error, or lack of research. In fact, back in 2016, Gartner predicted that through 2020, this figure would rise to 99%.
How can a firewall be misconfigured?
Configuring a firewall requires precise planning and an accurate workflow – only an expert would know where to start. Yet, all too often, the person responsible for firewall configuration doesn’t select the appropriate settings from the access control list. Read more about access control lists and how they work here.
Human error is usually to blame for misconfigurations, and you don’t have to look far to understand why. For example, in network device configuration, ‘eq’ (‘equal to’) allows access to a single, specified port – whereas ‘neq’ (‘not equal to’) allow access to any other service. The typo of a single ‘n’ can reverse an entire traffic path from being incredibly niche to incredibly broad!
Alternatively, a user can configure a firewall precisely as instructed, and it could still fail. For example, if a systems audit isn’t undertaken to identify specific gaps or cyber threats, your business may unwittingly miss a significant risk and overlook a particular firewall setting. An audit may also uncover the need for custom architecture as opposed to a setup and go solution. Read more about IT security audits here. The key takeaway? A firewall is only as effective as its ruleset.
What else is a common cause of firewall failure?
- Missing or inaccurate firewall policy – This defines how a firewall handles inbound and outbound network traffic based on information security policies. A policy could have been poorly built or merely absent. The result is a firewall that fails.
- Incompatibility – If a firewall isn’t continuously updated and maintained, it can become incompatible with new technologies. So, don’t ignore upgrade reminders and ensure that your firewall is current and performing. After all, it’s much easier to mitigate risk than recover from a disaster.
- Hardware bottlenecks – If your hardware isn’t powerful enough to cope with the network demand, heavy congestion or bottlenecking could occur. Network speed could be considerably reduced and in extreme case, cause the firewall to fail.
- Software Vulnerabilities – Keeping firewall software up to date is vital. Sometimes, firewall software carries vulnerabilities that are hard to spot, such as encryption keys and passwords hard-coded into the software. Ensure your firewall is patched and updated along with any integrated software.
- External Asset Failure – Most firewalls function in cohesion with integrated broader IT infrastructure and rely on every cog to turning correctly. If a malicious party gained ISP access, for example, they could probably breach the entire firewall. We recommend booking at an IT audit, which takes a comprehensive and holistic review to identify where a domino effect may occur in the event of a cyberattack.
Who is responsible for configuring a firewall?
The IT department or your managed service provider is responsible for configuring a firewall. In larger businesses, it’s not uncommon to split firewall responsibility between in-house departments. Typically:
- A network department (or similar) may oversee physical infrastructure, managing the nuts and bolts of the network
- A security department (or similar) may oversee cybersecurity
In the above scenario, the network department would install the firewall, and the security department may configure it. Although the corporate politics of this split can be challenging to navigate, it’s well worth putting in the extra effort if it ensures resilience against destructive and disruptive cyberattacks. For smaller businesses, we advise working with a managed services provider to help configure your firewall to work with your network. To find out how K3 can help you, click here to schedule a callback.
Is my firewall working?
Keeping on top of the health status of your firewall is vital. A firewall that is 5 years old is typically 50% less effective at blocking attacks than a unit that is only 3 years old. That’s a significant drop in reliability and performance in 2 years! Over time and as your business and the risks it faces change, your firewall requirements can change, and settings inevitably need updating.
It’s common for older firewalls to be monitoring as low as 60% of external traffic. And with cyber threats continually developing, any reduction in visibility is very concerning. Your firewall can’t block what it can’t see!
Even though misconfiguration is the most common cause of firewall failure, there is so much at play, such as how it integrates with your IT estate, how advanced it is and the speed of cyberthreat development. The success of your firewall – and cybersecurity as a whole – is dependent on a variety of factors and circumstances which vary hugely from business to business. If you’re ever in doubt about your firewall protection, speak to an expert.
Are you confident your business can stand up to modern cyber threats? Download our free cybersecurity scorecard! It’s quick, free and confidential – giving you an easy to understand risk score and practical advice.