Case Study: Firewall Rule Audit and Cleanup at a Large University

Discover how Defensible helped a university clean up its firewall rules, which have  been accumulating for over 20 years.

Overview:

A large university with a complex and sprawling IT infrastructure reached out to Defensible Technology to address significant challenges with its firewall management. Over the course of two decades, the university's network environment had grown significantly to support its on-campus and cloud-based operations. 

The ageing firewall infrastructure, which had been incrementally upgraded over time, retained a legacy of over 20 years of firewall rules. Many of these rules were obsolete, redundant, or overly permissive, exposing the university to unnecessary risk.

Defensible Technology was brought in to conduct a comprehensive firewall audit and cleanup to restore the security and efficiency of the university’s network.

The Challenge:

The university faced multiple network and security challenges that had accumulated over the years:

  • Complex network architecture: The IT infrastructure included on-campus metro ethernet networks, AWS and Azure cloud environments, and SD-WAN technologies connecting multiple remote sites. Each layer had its own unique requirements for security and connectivity.
  • Legacy firewall rules: Firewalls have been upgraded multiple times over the past 20 years, and with each upgrade, rules from previous configurations were retained without thorough evaluation. As a result, there were thousands of unused, redundant, and misconfigured rules that were never properly reviewed or cleaned up.
  • Security vulnerabilities: Overly permissive firewall rules allowed traffic that should have been restricted, creating potential security vulnerabilities and exposure to external threats. Redundant rulesets added unnecessary complexity, which could impede performance and mask security gaps.
  • Operational inefficiencies: The sheer volume of legacy rules slowed down firewall management processes. IT staff found it difficult to identify which rules were necessary and which ones could be safely removed or refined, resulting in delays in addressing security incidents or network changes.

Our Approach:

Defensible Technology deployed a two-pronged approach to clean up and optimize the university’s firewall infrastructure: 

  • Manual configuration review
  • The use of automated tools to streamline the process of addressing thousands of firewall rules that have accumulated over time.

Our process consisted of five essential steps:

1. Initial Discovery and Assessment:
Defensible's team began by conducting a thorough discovery of the entire firewall landscape. This included mapping all firewalls supporting the on-campus network, cloud environments (AWS and Azure), and SD-WAN connections. The team identified key pain points, such as overly permissive rules that allowed unnecessary inbound and outbound traffic and redundant rules that served no practical purpose.


2. Manual Configuration Review:
To fully understand the existing rules, Defensible’s security engineers performed a manual review of the oldest and most critical firewall rules. This step involved analyzing rule sets, reviewing the business intent behind key rules, and ensuring that rule descriptions and documentation aligned with the current network and security architecture.

The manual review also helped ensure that no rules essential to key services and applications were mistakenly removed or altered.

3. Automated Tools:
Alongside the manual process, Defensible employed advanced firewall management and audit tools to automate rule identification. The tools scanned for unused rules that had not been triggered in a long time and could be safely removed, as well as rules that were completely redundant or hidden by other, more specific rules.

The tools also identified misconfigured rules that had been applied incorrectly or had potential security weaknesses.

By expediting the process, the team could identify and prioritize the cleanup of the most critical issues.

4. Optimization and Rule Cleanup:
A large percentage of the rules were identified as either obsolete or redundant, and these were safely removed without impacting operational performance.

Overly broad and permissive rules were refined to follow the principle of least privilege, ensuring that only necessary traffic was allowed through the firewalls.

By reducing the complexity of the rule sets, the IT staff gained greater visibility and control over the firewall configuration, making it easier to manage and troubleshoot in the future.

5. Ongoing Monitoring and Reporting: Defensible implemented ongoing monitoring and reporting tools to ensure that future changes to the firewall rules would be tracked and analyzed. This step included setting up alerts for newly added rules that might introduce vulnerabilities and providing regular reports on firewall rule usage to the university’s IT team.

Results and Business Outcome:

The comprehensive firewall audit and cleanup delivered significant security, operational, and business benefits to the university:

  • Enhanced Security Posture: By removing outdated, unused, and overly permissive firewall rules, the university reduced its attack surface and improved its overall network security. The tightened rules significantly mitigated the risk of unauthorized access and potential data breaches.
  • Improved Network Performance: The reduction in the number of rules and the elimination of redundancy helped to streamline firewall operations, resulting in faster processing times for legitimate traffic and improved network performance across both on-campus and cloud environments.
  • Operational Efficiency: The simplified firewall rule sets made ongoing management much easier for the IT team. Future changes could be implemented with greater speed and confidence, reducing the time spent on firewall troubleshooting and audits.
  • Reduced Risk of Misconfiguration: The use of automated tools and ongoing monitoring ensured that misconfigurations were caught early, and any future rule changes would be continuously evaluated for security impacts.
  • Cost Savings: With a more streamlined and efficient firewall environment, the university was able to avoid unnecessary infrastructure investments and reduce the cost of managing the firewall rules. This allowed the IT team to focus resources on more strategic initiatives, such as advancing their cloud migration and enhancing digital services for students and faculty.

Conclusion:

Defensible Technology’s firewall rule audit and cleanup provided the university with a more secure, efficient, and manageable firewall infrastructure. By using a combination of manual review and automated tools, Defensible was able to remove unnecessary rules, tighten security, and streamline network operations. The result was a significant improvement in the university’s security posture, operational efficiency, and cost-effectiveness.