Most people run updates on their mobile phones and laptops on a regular basis. Why is that? Well primarily because there are big pop-up notifications or warning signs stating updates are available or alternatively the settings are such that updates are automatically installed and the device will then reboot most likely at the most inconvenient time for you, like when you are about to jump onto a Zoom or Teams call.
Without wanting to side-track have you noticed that your Zoom or Teams or whatever software you use for video conferencing updates when you click on a link for a conference that you are supposed to be joining exactly at that time. I mean who joins a conference 10 minutes early just in case there is a software update. The software providers need to work on a solution for this.
Getting back to the point at hand in addition to updating the software on your phone or laptop you probably replace the device every few years because there is a new one available with a good offer from your service provider or because the device is so beaten up that it is almost embarrassing to use it.
So why would your Firewall be any different. Really simple to be honest:
- It is in your server room so out of sight out of mind. Hence you are not getting new updates shoved at you or auto installing.
- The device sits there gathering dust in the server room and one wipe from a cleaning cloth and it will look as new as the day you purchased it. Why do I need to upgrade or replace a device that looks so new?
- Well, it’s a firewall and lets be honest who really knows how it works so the understanding of what needs to be done with it is extremely limited.
- You or your IT Department are too nervous to restart the device because you do not know what might happen.
The reality of the above could not be further from the truth. Firewalls need regular maintenance:
- The firmware (operating system) on the device regularly gets updated by the manufacturer. These firmware’s have bug fixes, performance enhances and new features. Without them you are not keeping up to date with the latest risks.
- The firewall will be getting regular (daily) updates to the virus and malware definitions. Without these your firewall cannot detect and block the more recent strategies used by those horrible people trying to hack your network.
- The firewall has a warranty in most cases. Either a 1 or 3 year one is common but when it expires you are no longer eligible for the firmware and definition updates.
- Firewalls all have an EOL (end of life) which means that the manufacturer is saying it is no longer fit for purpose and should be replaced with a new device.
- Firewalls like all computer devices need to be regularly restarted to clear history and ensure they are running optimally. A regularly restarted device will normally restart without issues, whereas a device not restarted for a few years may not work when restarted.
In all the years I have been helping companies manage their IT systems often when a new client comes on board, we find that one of the weakest points of their network is often the firewall because it was installed years ago and never touched since.
Also, in almost all cases I come across there is only one firewall in the office. That means it is most likely a single point of failure. If the firewall suddenly stops working as computers sometimes do the impact on your business can be quite severe since you have no replacement and it is probably hard to get a new one and get it quickly configured, that is assuming you remember how to configure it and what the settings need to be. This is why we always recommend having 2 firewalls with one in a passive mode where it is there waiting to be used if the main one fails. You are better spending money on 2 cheaper firewalls than one expensive one if your budget is restricted. We also recommend having a regular backup of the configuration so that you can restore it if necessary.
It is critical that your firewall is maintained and looked after just like any other device in your infrastructure. It must be:
- Definitions checked for updates (once a day or maybe once a week if you do not have time)
- Restarted regularly (once a month)
- Firmware checked for new versions (once a month)
- Configuration saved as a backup (once a month)
- Warranty renewed with the manufacturer (annually)
- Replaced (prior to the EOL announced by the manufacturer)
Ask whoever handles your IT if they are doing 1-6 above and if not consider contacting FunctionEight to get us to assess your firewall status and see if you have any risk. You can email me at firstname.lastname@example.org to discuss your firewall needs.