Security lifecycle management solutions provider Tufin Technologies has reportedly delivered some practical recommendations to make sure organizations are not exposed to hackers during the Christmas and New Year break.

In a recent survey conducted among 79 DEFCON attendees, 81 percent asserted that the holiday season was the best time for hacking business computer systems.

"It was the perception of the people we surveyed at DEFCON that the Christmas and New Year season are popular with hackers targeting western countries,” Michael Hamelin, Tufin's chief security architect said in a statement. “Additionally, 96 percent of hackers in the survey said it doesn't matter how many millions a company spends on its IT security systems, as it's all a waste of time and money if the IT security administrators fail to configure and watch over their firewalls.“

 It is popular perception that organizations do not have the normal number of staff manning their systems during the holidays and as such, more vulnerable to hackers.

One of the foremost Firewall Best Practices suggested by Tufin is to document all firewall rule changes. While this is not a pre-requisite in most firewall systems, Tufin recommends that all organizations do so because when modifications are made under pressing circumstances, protocol is ordinarily ignored. Every firewall modification must also be checked for adherence to compliance standards and change requests, keeping in mind that firewalls are a physical part of the implementation aspect of a company’s IT security policy. Tufin also recommends setting minimum accessibility for all access rules.

 Most firewall rules have three fields- source (IP address), destination and service. For convenience and business continuity, the trend witnessed among most IT systems is to assign a broad array of options in these fields. By doing so however, they are exposing their systems to a heightened risk. IT security personnel must also constantly review the rules and remove those that have become redundant, especially in cases where the base services itself have been decommissioned.

Rule bloat is common due to the inherent inability of firewalls to track redundant rules and delete them. Personnel need to keep abreast of developments in on server decommissioning, network decommissioning, and application upgrade cycles to have a grip over rules which are unused or not required. Most hackers look for entry by using redundant rules that are not removed by IT systems.

Lastly, Tufin recommends a comprehensive firewall review be conducted at least twice in a year. This is vital in case of merchants who often witness significant credit card transactions and is in fact, mandated by law as well for them. PCI (News - Alert) 1.1.6 requires merchants to conduct reviews every six months. Periodic reviews are important to maintain the usability of the rule base. Network and services are dynamic and constantly in a state of flux, so rules monitoring them must be subjected to periodic review.