Case Study: Firewall Rule Audit and Cleanup at a Large University
Overview:
A large university with a complex and sprawling IT infrastructure reached out to Defensible Technology to address significant challenges with its firewall management. Over the course of two decades, the university's network environment had grown significantly to support its on-campus and cloud-based operations.
The ageing firewall infrastructure, which had been incrementally upgraded over time, retained a legacy of over 20 years of firewall rules. Many of these rules were obsolete, redundant, or overly permissive, exposing the university to unnecessary risk.
Defensible Technology was brought in to conduct a comprehensive firewall audit and cleanup to restore the security and efficiency of the university’s network.
The Challenge:
The university faced multiple network and security challenges that had accumulated over the years:
Our Approach:
Defensible Technology deployed a two-pronged approach to clean up and optimize the university’s firewall infrastructure:
Our process consisted of five essential steps:
1. Initial Discovery and Assessment: Defensible's team began by conducting a thorough discovery of the entire firewall landscape. This included mapping all firewalls supporting the on-campus network, cloud environments (AWS and Azure), and SD-WAN connections. The team identified key pain points, such as overly permissive rules that allowed unnecessary inbound and outbound traffic and redundant rules that served no practical purpose.
2. Manual Configuration Review: To fully understand the existing rules, Defensible’s security engineers performed a manual review of the oldest and most critical firewall rules. This step involved analyzing rule sets, reviewing the business intent behind key rules, and ensuring that rule descriptions and documentation aligned with the current network and security architecture.
Recommended by LinkedIn
The manual review also helped ensure that no rules essential to key services and applications were mistakenly removed or altered.
3. Automated Tools: Alongside the manual process, Defensible employed advanced firewall management and audit tools to automate rule identification. The tools scanned for unused rules that had not been triggered in a long time and could be safely removed, as well as rules that were completely redundant or hidden by other, more specific rules.
The tools also identified misconfigured rules that had been applied incorrectly or had potential security weaknesses.
By expediting the process, the team could identify and prioritize the cleanup of the most critical issues.
4. Optimization and Rule Cleanup: A large percentage of the rules were identified as either obsolete or redundant, and these were safely removed without impacting operational performance.
Overly broad and permissive rules were refined to follow the principle of least privilege, ensuring that only necessary traffic was allowed through the firewalls.
By reducing the complexity of the rule sets, the IT staff gained greater visibility and control over the firewall configuration, making it easier to manage and troubleshoot in the future.
5. Ongoing Monitoring and Reporting: Defensible implemented ongoing monitoring and reporting tools to ensure that future changes to the firewall rules would be tracked and analyzed. This step included setting up alerts for newly added rules that might introduce vulnerabilities and providing regular reports on firewall rule usage to the university’s IT team.
Results and Business Outcome:
The comprehensive firewall audit and cleanup delivered significant security, operational, and business benefits to the university:
Conclusion:
Defensible Technology’s firewall rule audit and cleanup provided the university with a more secure, efficient, and manageable firewall infrastructure. By using a combination of manual review and automated tools, Defensible was able to remove unnecessary rules, tighten security, and streamline network operations. The result was a significant improvement in the university’s security posture, operational efficiency, and cost-effectiveness.