Hardening the Firewall with the Crown Jewel Analysis Approach

Hardening the Firewall with the Crown Jewel Analysis Approach

12.9.2024

Hardening the Firewall with the Crown Jewel Analysis Approach

The Crown Jewel Analysis is a fundamental risk management methodology that helps you identify what needs to be protected within your organization and how to protect it. In essence, this methodology consists of three parts: identifying critical assets, evaluating them, and developing risk prevention methods based on the threats to these assets.

Crown Jewel

Crown Jewel Analysis (CJA)

The critical assets identified through Crown Jewel analysis are at the core of security policies. The firewall plays an essential role in protecting these assets. Managing network traffic with customized security policies, reducing the attack surface, establishing security layers, controlling the connections between these layers, tracking configuration errors, and conducting active monitoring are all network-level measures that can be taken to protect critical assets.

Protecting Your Valuable

Protecting Your Valuable Assets with COSLAT Firewall

Reducing the Attack Surface

One of the first measures to take with Coslat Firewall is to segment assets into different networks based on their value. This can be done by using VLANs or creating separate interfaces on the Coslat Firewall. Access to networks containing valuable assets (such as servers) should only be granted when necessary, and security policies should be developed accordingly. It’s also essential to segment not only servers but also user computers, mobile devices, and guest networks based on their asset value. This segmentation will reduce the attack surface.

Using Different Security Layers

Simply segmenting networks is not sufficient for ensuring security. Additional security measures must be implemented at various levels. For instance, harmful content in user networks should be blocked using services like the URL Filter, Application Filter, and Antivirus available on Coslat Firewall.

Additionally, for services accessible from both the internal and external networks on servers, the IDS/IPS (Intrusion Detection and Prevention System) service should be used to prevent potential attacks.

Configuration Tracking and Active Monitoring

It’s essential to track the history of security configurations and be able to quickly revert in case of configuration errors. Coslat Firewall allows for easy rollback from such errors by tracking configuration history.

Monitoring the traffic to critical services and setting up alerts through policies for this traffic is also necessary. With Coslat's alert services, you can be notified about unwanted or potentially dangerous traffic, allowing you to quickly detect and respond to threats.

Conclusion

By following these simple steps, you can segment your assets according to their risk level and implement fundamental security measures.