Before you begin changing any of your existing firewall rules, you should establish a formal process that you will use for any modifications, if you don’t already have such a process. A typical change procedure might involve the following steps:
A change request process that business users can use to ask for alterations to the firewall configuration
An assessment process with which the firewall team analyzes the risk and determines the best course of action to balance the business users’ needs with security needs
A testing process that ensures that any changes to firewall rules will have the desired effect
A deployment process for moving the new rule into production after it has been tested
A validation process to ensure that the new firewall settings are operating as intended
A documentation process to track the changes that have been made
If you have a small security team, it might be tempting to implement changes less formally. But experts say that following the process strictly can help avoid lapses in security caused by poor firewall configuration.