Is Your Company Network Vulnerable? — Firewall Checklist
Your firewall is there, lights blinking — but when were its rules last updated? A 5-step firewall checklist for SMBs, which ports to close, and why log monitoring is critical.
Your firewall is there, lights blinking — but when were its rules last updated? A 5-step firewall checklist for SMBs, which ports to close, and why log monitoring is critical.
İçindekiler ▾
- Firewall Installed, Security Missing
- What the Numbers Say
- 5-Step Firewall Checklist
- 1. Change Default Passwords
- 2. Close External Access Ports
- 3. Review the Rule List
- 4. Start Log Monitoring
- 5. Apply Firmware Updates
- Checklist Table
- Firewall vs IDS vs WAF — What Does Each Do?
- For Technical Details
- What Should You Do Now?
Summary: You have a firewall — but when were its rules last updated? According to Verizon’s 2024 report, 68% of data breaches stem from misconfiguration. In this article, you’ll find a 5-step firewall checklist for SMBs, which ports to close, and why log monitoring is critical. The entire checklist takes 1–2 hours to implement.
Hasan closed his accounting software on Friday evening and left the office. On Monday, a message was waiting on his screen: “Your files have been encrypted.”
The IT technician came, looked, and asked: “Did you have a firewall?”
— Of course, the box is right by the wall.
— Are the rules up to date?
Silence.
Nobody knew. Because nobody had checked.
Firewall Installed, Security Missing
You think you’re safe. There’s a chasm between thinking and knowing.
According to Verizon’s 2024 report, 68% of data breaches stem from human error or misconfiguration (Verizon DBIR, 2024). Kaspersky data shows a 32% increase in attacks targeting SMBs (Kaspersky, 2024).
The problem isn’t a lack of antivirus. It’s far more fundamental:
- Firewall rules haven’t been updated since the day of installation
- Default passwords haven’t been changed
- Remote access ports are open to everyone
- No log monitoring — an attack happened, nobody noticed
“Security is a process, not a product.” — Bruce Schneier, Harvard Berkman Klein Center
Buying a firewall box is not security. Configuring, monitoring, and updating it is.
Set it up once and forget it, and it’s no different from a wall with an open door.
What the Numbers Say
| Data | Figure | Source |
|---|---|---|
| Breaches from human error | 68% | Verizon DBIR 2024 |
| Increase in attacks on SMBs | 32% | Kaspersky 2024 |
| Average data breach cost | $4.88M | IBM Cost of a Data Breach 2024 |
| Attacks targeting small businesses | 43% | Accenture 2023 |
According to Accenture’s 2023 report, 43% of cyberattacks target small businesses (Accenture, 2023). IBM data puts the average cost of a data breach at $4.88 million (IBM, 2024).
If you’re thinking “we’re too small to be a target” — attackers don’t pick targets, they look for open doors. Automated scanning tools probe every IP address on the internet 24/7.
5-Step Firewall Checklist
1. Change Default Passwords
Is your router and firewall admin panel password still “admin/admin”? Default passwords for every brand and model are listed online. Attackers try these first.
You’ve locked your door — but left the key under the doormat.
Do this: At least 16 characters, mixed case + numbers + symbols. Router, switch, NAS, camera recorder — change them all.
2. Close External Access Ports
Are RDP (3389), SSH (22), and Telnet (23) ports open to the internet? These are the first places attackers look.
One of our clients had RDP open to the outside. At 3:00 AM, over 200 connection attempts per minute were coming in. Different countries, different IPs. An automated bot — not even human.
Do this: Close these ports. Remote access should go through a VPN, not directly exposed to the internet.
3. Review the Rule List
Is the VPN rule for the employee who left two years ago still active? Was that test port ever closed?
— What is this rule for? — I don’t know, but let’s leave it open — might need it.
A rule whose purpose you don’t know is a silent open door in your network.
Do this: Review all rules one by one. Disable any rule whose purpose you can’t identify. NIST SP 800-41 mandates regular rule audits.
4. Start Log Monitoring
A firewall without logging is like a security system without cameras. Without records, you can’t know what happened.
In Hasan’s attack, if logging had been enabled, we would have seen the abnormal traffic spike on Thursday night. We would have intervened on Thursday instead of Friday. Maybe nothing would have happened at all.
Do this: Enable firewall logs. Review them weekly. Repeated connection attempts and heavy traffic during night hours — these are warning signs.
5. Apply Firmware Updates
Is your firewall firmware up to date? Manufacturers release regular updates to patch security vulnerabilities. CVE-2023-30799, discovered in MikroTik RouterOS in 2023, affected thousands of unpatched devices.
Do this: Check the manufacturer’s site for the latest version. Apply updates outside business hours.
Checklist Table
| Check | Status | Priority |
|---|---|---|
| Default passwords changed? | ☐ | 🔴 Urgent |
| RDP/SSH open to internet? | ☐ | 🔴 Urgent |
| Departed employee access revoked? | ☐ | 🔴 Urgent |
| Firewall rules reviewed in last 6 months? | ☐ | 🟡 This month |
| Log monitoring active? | ☐ | 🟡 This month |
| Firmware up to date? | ☐ | 🟡 This month |
| Guest network separated? (VLAN) | ☐ | 🟢 Planned |
Even a single 🔴 means — handle it this week.
Firewall vs IDS vs WAF — What Does Each Do?
| Feature | Firewall | IDS/IPS | WAF |
|---|---|---|---|
| Layer | Network (L3-L4) | Network (L3-L7) | Application (L7) |
| Method | Port and IP filtering | Signature and behavior detection | HTTP request analysis |
| Blocks | Unauthorized port access | Known attack patterns | SQL injection, XSS |
| Position | Network boundary | Inside or at boundary | In front of web server |
| Required for SMBs? | ✅ Essential | 🟡 Recommended | 🟡 If you have a website |
A firewall alone is not enough — but it’s the starting point for everything. You don’t install an alarm system before locking the door.
For Technical Details
In this article, we covered the “what to do” side. What about “how to do it”?
A MikroTik firewall ruleset line by line — including brute force protection, VLAN isolation, and automatic blacklisting with address lists:
→ MikroTik Firewall — Brute Force at 3 AM and My Ruleset (Erdem Özyurt, technical deep-dive)
What Should You Do Now?
- This week: Change your firewall admin password and check externally open ports
- This month: Review all rules — disable any whose purpose you can’t identify
- Ongoing: Start log monitoring — make a habit of 15-minute weekly reviews
These three steps take 1–2 hours. But considering the cost Hasan paid — you’ll get off cheap.
Hasan now checks his logs. Once a week, Friday evenings.
He was checking before too, actually. But now he knows.
→ Want to know your network’s status? Free Discovery Call
Sources: Verizon DBIR 2024, Kaspersky SMB Threat Report 2024, IBM Cost of a Data Breach 2024, Accenture Cybersecurity Report 2023, NIST SP 800-41 Rev. 1
Kaynaklar
- 68% of data breaches involve human error or misconfiguration — Verizon Data Breach Investigations Report (2024)
- Cyberattacks targeting SMBs increased by 32% — Kaspersky SMB Threat Report (2024)
- The average cost of a data breach for small businesses is $4.88 million — IBM Cost of a Data Breach Report (2024)
- 43% of cyberattacks target small businesses — Accenture Cybersecurity Report (2023)
Sıkça Sorulan Sorular
We have a firewall but were still breached — why? +
Installing a firewall is not security. Properly configuring it, keeping it updated, and monitoring logs is security. A firewall whose rules haven't been updated in years is no different from an unlocked door.
We're a small company — who would target us? +
Attackers don't choose targets — they look for open doors. Automated scanning tools probe all IP addresses on the internet 24/7. Shodan lists over 10 million devices with open ports. It's not size that makes you a target — it's vulnerability.
How often should I review firewall rules? +
A minimum of monthly rule reviews and weekly log checks is recommended. NIST SP 800-41 also mandates regular rule audits. Access for departed employees, temporary ports, and old exceptions should be cleaned up regularly.
Is a firewall enough on its own? +
No. A firewall is your network's front door — but you also need log monitoring, intrusion detection (tools like Zabbix, Graylog), and trained staff. As Bruce Schneier says: security is a process, not a product.
Where should I start? +
Three steps, one hour: change default passwords, check externally open ports, start log monitoring. These three steps significantly reduce your attack surface.
Profesyonel Destek mi Lazım?
Bu konuda yardıma ihtiyacın varsa yanındayız. Kurulum, konfigürasyon ve sorun giderme için ulaş.
