What is a firewall and why you need more than one
February 26, 2016
This is the third in a ten part series on information technology security from SBAM Approved Partner NuWave Technology Partners.
Think of a firewall as the front door of your house. If you only have a screen door, it will stop flies and bugs and may get someone to knock nicely. But, it will not stop anyone who really wants to come in. On the other hand, if you have a three foot thick bank vault door, then almost no one is getting through it.
Firewalls are the same way. A wireless router can be purchased off the internet or from any big box store for under one hundred dollars. It will provide basic firewall services but can easily be breached. An enterprise class firewall can cost over six figures. However, when it is configure properly, almost no one can penetrate it. Obviously, neither of these options are appropriate for a small business so, what is the right firewall for a typical small business.
First, we should understand the purpose of a firewall. It is a system designed to prevent unauthorized access to or from a private network. A firewall can be a hardware appliance or a piece of software running on a standard computer. There are two key parts of this definition. First, a firewall should only prevent unauthorized access, which means it has to determine what or who is authorized to access which specific assets behind the firewall. Second, it must protect the network not only for incoming threats but also from unauthorized traffic leaving the network. This is known as ingress (inbound) and egress (outbound) filtering. Most firewalls are configured to allow all traffic to flow out of the network which can lead to serious issues and loss of corporate data.
One of the dangers of not having egress filtering is when a workstation gets malware that configures it to be an email server and sends spam emails. The emails that are sent could contain any data on the corporate network that the user has access to. This type of malware also tends to send thousands or even millions of emails in a short period of time. The result will be the company’s public IP addresses will be blacklisted, prohibiting even good emails from being delivered. With a simple egress filtering rule, this situation can be avoided. This rule would only allow email traffic out of the network from an authorized source, the corporate email server.
Back to the home analogy. Not only does the front door need protection but most of the rooms in the house also need to have doors with locks. This is equivalent to each computer having its own firewall. For several versions Microsoft Windows has included a software firewall with the operating system. This firewall provides added protection. So even if an intruder gets into the network there is more work to get past the computer’s firewall and to valuable data. It should be no surprise that wealthy, high profile people often have safe rooms in their house that have steel or concrete walls and heavy duty doors to provide further protection. A server with highly valuable data may need its own advanced firewall to provide adequate protection of this high value target. This is known as “layers of protection” and may look something like this.
Firewalls are often packaged with additional software to provide services such as anti-virus, web content filtering, spam filtering, and intrusion detection and prevention. These add on services often require an annual subscription to keep them active and up to date. Even with the highest level of firewalls in place, if they are misconfigured, an intruder can potentially gain entry.
To find the right firewall or combination of firewalls to meet your business’ security requirements and insure that they are configured correctly, a company with a security specialist should be engaged. These companies can perform network and security assessments to determine the current environment and potential areas of vulnerability. They can make recommendations for hardware, software, and proper configuration to mitigate the vulnerabilities. They can then rerun the assessments to show before and after reports with risk scores and the improvements that have been made. This gives the business owner a report card of sorts as to their security risks. The assessments should be run on a recurring basis to demonstrate the continued protection or find new vulnerabilities that have been introduced through maintenance or upgrades.