Top Recommendations for Strengthening Sophos Firewall Security
At Sophos, safeguarding your protection is our primary focus. We have dedicated efforts to elevate Sophos Firewall as the most secure firewall available – and we consistently strive to fortify it as a challenging target for cyber intruders.
To bolster your security stance, we highly recommend routinely examining and executing these superior practices across all your network infrastructure, irrespective of whether it’s from Sophos or another provider.
Dive into comprehensive instructions or procure the Sophos Firewall security enhancement guide.
Stay Current with Firmware Updates
Each update to Sophos Firewall OS encompasses crucial security improvements – such as our latest release, Sophos Firewall v21.
Make sure to regularly update your firmware in Backup & Firmware > Firmware. Monitor for firmware updates at least once a month in Sophos Central or the on-box console. You can effortlessly schedule updates in Sophos Central to occur during a time of minimal disturbance.
Online references:
Restrict Device Service Accessibility
It is vital to deactivate non-essential services on the WAN interface, notably HTTPS and SSH administrative services.
For remote firewall management, Sophos Central provides a considerably more secure option than permitting WAN admin access. Alternatively, consider utilizing ZTNA for remotely managing your network devices.
Analyze your local service access control in Administration > Device Access and confirm that no items are selected for the WAN Zone unless absolutely essential:
Online references:
Utilize Robust Passwords, Multi-factor Authentication, and Role-based Access
Activate multi-factor authentication or one-time passwords (OTP) and institute strong passwords to shield your firewall against unauthorized entry – whether by pilfered credentials or brute force hacking endeavors.
Ensure your login security settings are established to thwart recurrent unsuccessful attempts and enforce sturdy passwords and CAPTCHA. Also, implement role-based access controls to restrict exposure.
Online references:
Reduce Exposure to Internal Systems
Any device exposed to the WAN through a NAT rule poses a potential threat. Ideally, no device should be exposed to the web via NAT or inbound connections, including IoT devices.
Regularly audit and review all your NAT and firewall regulations to ensure that there are no WAN to LAN or remote access provisions operational. Employ ZTNA (or even VPN) for remote administration and entry to internal systems – AVOID exposing these systems, especially Remote Desktop access, to the Web.
For IoT devices, deactivate any devices that lack a cloud proxy service and necessitate direct access via NAT – these devices are prime targets for attackers.
Online references:
Activate Suitable Safeguards
Shield your network from exploits by implementing TLS and IPS inspection for incoming untrusted traffic using pertinent firewall rules. Fine-tune your TLS and IPS inspection and leverage trusted application FastPath offloading for optimal protection and performance tailored to your particular setting. Assure that you do not have broad firewall regulations allowing ANY to ANY connections.
Also safeguard your network from both DoS and DDoS assaults by configuring and enabling protection within Intrusion Prevention > DoS & spoof protection. Enable spoof prevention and flag all DoS attack categories.
Bar traffic from regions you do not transact with by instating a firewall rule to hinder traffic originating from undesirable countries or regions.
Ensure Sophos X-Ops threat feeds are activated for logging and dropping under Active Threat Protection.
Online references:
Activate Alerts and Notifications
Sophos Firewall can be set to warn administrators of system-generated incidents. Administrators should peruse the event list and ensure that system and security incidents are monitored to facilitate prompt action on issues and events.
Notifications are dispatched via either email and/or SNMP traps. To set up Notifications, navigate to Configure > System services and choose the Notifications list tab.
Online references:
Additional Information
Explore how Sophos Firewall is Designed for Security and reference the extensive online documentation along with how-to videos to optimize your Sophos Firewall experience.
About Author
