Overview
In today’s environment, firewalls are an important and necessary control for organizations that are subject to SOC 1 and SOC 2 audits. In the case of SOC 1 reports, firewalls generally address network security control objectives. And in SOC 2 reports, they address CC6.6: The entity implements logical access security measures to protect against threats from sources outside its system boundaries.
Firewall Best Practices
Firewalls should generally block all ports except those that are explicitly needed for services and applications. This principle of least privilege ensures that only necessary ports are open, reducing the attack surface and enhancing security. While some ports may have specific purposes, it’s crucial to only allow traffic on ports where it is genuinely required. Blocking ports is a good practice for the following reason:
- Reduced attack surface – By closing unnecessary ports, you limit the potential entry points for malicious actors.
- Defense in depth – A firewall acting as a secondary layer of security can prevent unauthorized access even if other security measures fail.
- Control over network traffic – Blocking unnecessary ports gives you more control over who can connect to your system and what kind of traffic is allowed.
- Mitigation of vulnerabilities – If a service is not running on a specific port, it is less likely that a vulnerability in that service will be exploited.
There are specific ports that organizations should consider blocking:
- Telnet (port 23) – An older, insecure protocol. Modern alternatives like SSH are preferred.
- SMTP (port 25) – Use SMTPS (port 465 or 587) for secure email transmission.
- FTP (port 20, 21) – Consider using FTPS or SFTP instead of FTP.
- Unnecessary web ports (80, 8080, 8443) – Only open these if you are hosting websites or web applications.
Conclusion
To get the most out of your firewall and to impress your SOC auditor, consider the following:
- Always block ports unless you need them: This is the foundation of firewall security.
- Regularly review firewall rules: Ensure they align with current needs and security practices.
- Be cautious when opening ports: Carefully consider the necessity and security implications of opening any port.
- Consider using secure protocols: Replace insecure protocols like Telnet and FTP with secure alternatives.