All organizations have edge firewalls. Alas, they also operate firewall policies that are usually far too open and permissive. Current world events being what they are, now is an urgent time to check your edge security. Accordingly, Gotham Technology Group has prepared a ten step program to help you achieve a fully secured edge.
- Do not allow the Internet to access dangerous protocols in your environment. Close ports that are not needed and seriously consider closing ports that may seem to be needed but are just too risky.
- Ensure that a vulnerability assessment and penetration test have recently been performed on your external IP addresses. Thoroughly review the report (!) and fix all problems found.
- Do not allow RDP access. Either inbound or outbound to the Internet. Too dangerous!
- Require that all Internet side user authentication use multifactor authentication. All access should use 2FA!
- Do not allow direct administrative access from the Internet. Users should log in with their standard user credentials and administrators may escalate their access only once inside the network.
- Do not allow unrestricted outbound access to the Internet. Close all protocols except for those that are actually required. All access rules should use minimal source and destination lists. Source and destination lists should be coupled with minimal service lists. Use of “any” is strictly forbidden.
- Implement a C2C block list. There are several large command and control IP lists. Use them.
- Use all advanced security options that are available on your edge firewalls. Turn on as much as you possibly can. Keep tuning features so that you can then turn on more features. Don’t stop until you have achieved maximum possible use of your edge firewall’s capabilities.
- Consider using geo blocking to protect against traffic from China, Iran, North Korea, and Russia. Blocking traffic on the basis of geographical boundaries is a simple way to reduce exposure to threat actors.
- Ensure that firewall logging is monitored, and that alerting is set up and working, preferably from a reputable SOCaaS or SIEM. Firewalls are a first line of defense, and they quickly provide actionable intelligence that an attack is underway or that hackers have compromised hosts in your network.
Clearly, edge security is only one aspect of a complete cybersecurity program. It is only one of many security controls that need to be in place and working to their maximum possible extent.
For assistance or guidance in setting up, tuning up, and validating your edge security and other crucial security controls, contact your Gotham Account Manager.