Document your firewall rules
Anyone who works on your IT security team should be able to tell very quickly what each of your firewall rules was intended to do by looking at your documentation. At a minimum, you need to keep track of the following data:
– The purpose of the firewall rule
– The service(s) it affects
– The users and devices it affects
– The date the rule was added
– When the rule should expire (if it is temporary)
– The name of the person who added the rule
– Some experts also recommend that you use categories or section titles to group similar rules together. That can be especially helpful when it comes to determining the best order for your rules (more on that below).
As you begin the process of fine-tuning and optimising your firewall rules, you should take the time to revisit your existing rules and make sure you have all the necessary documentation for each of them. You may find that you are following some rules that were installed by default without anyone really understanding why you have them.