Access Denied Issues
- misconfiguration can block traffic that should be allowed through
- services, ports, addresses
- deny type of error can be easy to identify
- users will report incidents connected with the failure of the data traffic
- can confirm by
- testing connection from inside vs outside firewall
Multiple Firewall Issues
- may have both network-based and host-based firewall settings
- to diagnose host firewall
- attempt connection with it disabled
- if connection succeeds, then
- network firewall ACL is allowing packets
- but host firewall is blocking
- if connection fails
- investigate network firewall ACL first
- inspect log files to discover what rules have been applied to block traffic at a particular time
Security Violation Issues
- an outcome of badly configured firewall is
- packet may be allowed through that should be blocked
- results in opening the system to security vulnerabilities
- not easy to detect
- does not cause anything to stop functioning
- so no incidents arise
- mitigate by
- conducting regular firewall audits
- having thorough change control process for firewall change requests