5 Things You Must Know About Firewalls

5 Things You Must Know About Firewalls

How much money will your company need to lose before you stop procrastinating on cybersecurity matters?

There is always a “too late” option, when the cyberattack puts you out of business, which happens to 60% of small businesses within six months of a cyber-incident. Although most companies know of the dire consequences of cyber threats, they postpone addressing them for various reasons. Many assume that “everything is fine right now,” so their response is reactive instead of proactive – which is a lot more stressful, and most of all, risky.  According to the Better Business Bureau and their 2017 State of Cybersecurity Report, the top five factors that prevent SMBs from advancing in their cybersecurity efforts are as follows:

  1. Lack of resources
  2. Lack of expertise or understanding
  3. Lack of information
  4. Lack of time
  5. Lack of training

Just like putting off going to the dentist, that decision can often come back to bite you (pun intended).  When this happens, we often remember the old Benjamin Franklin axiom: “An ounce of prevention is worth a pound of cure.”  According to the PwC Health Research Institute analysis, the likely cost of a serious cybersecurity breach in the healthcare industry is $200 for every patient’s record, when the cost to thwart a cyberattack is only $8 for every patient’s record. This figure alone should motivate you to take action.

Many small businesses don’t know where to begin. One of the first lines of defense a business can take is to have a properly configured and installed firewall on their network. Here are five key things you should know about firewalls:

1. What is a firewall and what does it do?

A firewall can be either hardware or software-based.  Our Windows-based machines have a built-in firewall, but generally speaking, when talking about firewalls we are referring to hardware.  A firewall is a network-based perimeter security device that is intended to protect your network’s devices from the dangers that exist on the Internet.  Data is exchanged between your network devices and destinations in cyberspace and firewalls monitor this data (sent in packets) to check whether they are safe or not.  The firewall does this by establishing whether the packets meet the established rules and rejects any packets of data that don’t.  If it didn’t do this, within minutes of connecting a device to the Internet, attackers would attempt to compromise our computers.

2. All firewalls are not created equal

We talked about software-based firewalls which may live on a computer’s software, but these types of firewalls are very limited in what they can do.  Older physical firewalls have the same types of limitations.  They are good at blocking and allowing specific ports, sources, and destination IP addresses, and they can also translate and route traffic into your internal network.  This type of functionality used to be sufficient, but with the advanced threats out there today, that’s no longer the case.  Nowadays, we talk about Next Generation Firewalls (NGFW).  What sets these devices apart from their older counterparts are their advanced features: specifically, their ability to inspect individual packets for malicious payloads.  Unified Threat Management (UTM) consolidates multiple security and networking functions such as anti-virus protection, web content filtering, application control, and intrusion detection/protection (IDS/IPS), all on one appliance protecting the network.  While we want our firewall to inspect every packet individually, what we don’t want is to feel that the firewall is slowing down the network.  We want the firewall to be transparently running in the background providing peace of mind without demanding our attention.  That is accomplished by sizing the firewall properly and using one with a security-centric processor to handle all those UTM tasks.  Providing that is a pretty sophisticated challenge, so don’t make the mistake of buying a firewall at a big box store thinking that it will solve all your security problems.

3. Firewalls and firewall rules must be constantly updated

Things are constantly changing in IT, and managing all the changes is one of the biggest problems that businesses face.  Maintaining a clean set of firewall rules is one of the most important firewall management functions. However, many businesses continue to struggle with this task, leaving them open to increased risks such as open ports, unwanted VPN tunnels, and unnecessary complexity which could lead to the firewall being unknowingly bypassed altogether.  On top of that, the firewall itself needs to be constantly updated to ensure that it can detect the most recent threats.  The firmware on the firewall itself may need to be updated if engineers discover a vulnerability.  Keeping up with all of these updates can be overwhelming, and most businesses simply forget to do them.  That’s a potentially fatal mistake.

4. Encryption can be bad for your firewall

Encryption was created to prevent unwanted eyes from viewing the data we are transmitting and receiving.  The paradox is that this increased security could be preventing your firewall from doing its job of inspecting packet payloads for malicious content.  If a packet reaches a firewall and the firewall has no way to decrypt the packet and inspect what is inside, it will most likely be passed on to its final destination.  The way to resolve this – and get the firewall back to where it can look for malicious payloads – is to institute SSL Deep Packet Inspection (DPI) on the firewall. DPI allows the firewall to become a “man in the middle” for all Internet traffic and ensure that the local network is properly protected.  This process is CPU intensive, so again, a properly-sized firewall is critical.

5. Firewalls aren’t just about security

We put firewalls on a network to help secure it from malicious attacks, but there are some great added benefits from NGFW that aren’t necessarily security-related.  Good firewalls will give you the ability to run and view detailed reports about network traffic.  These can be critical if you have to meet certain compliance requirements, such as PCI or HIPAA. Because a firewall is a network device at its core, you will gain increased visibility into your network.  No more need to create a mirrored port on your switch and run Wireshark or another packet capture program, because today’s firewalls will allow you to view real-time and historical traffic on your network –  a great aid in troubleshooting network issues.  Firewalls can also help enforce company HR or other group policies by leveraging web content filtering controls; these can also maintain productivity by limiting access to certain time-consuming sites.  Application control helps prevent bandwidth overutilization by bandwidth-hogging applications such as video streaming services.  Since company employees are not always local, the firewall’s ability to support remote users – and doing it in a secure manner – is critical for increased productivity.

 

While there are many things to consider when implementing firewalls or updating your existing firewall, a basic understanding of what they do and what they can’t do is important.  Firewalls are evolving constantly with more functionality and advanced features. That’s an important aspect in combating today’s threats, but often makes implementing firewalls and firewall policies more complex.  Small businesses often have a hard time implementing and maintaining security on their own, largely due to the fact that security professionals are hard to find and expensive to keep on staff.  As a result, more businesses are turning to a Managed Services Provider like TPx for their security needs, which allows them to get that enterprise level security at a price they can afford.

Ready to get peace of mind and stop procrastinating on your security? Talk to a TPx specialist today.

 

About the Author

Erik Nordquist is the Senior Product Manager for TPx Communications’ managed security services. He’s led a broad range of critical activities, including Field Operations and the Hostmaster team where he built TPx’s anycast DNS network to service its 55,000 customer locations. His work on the Network Integrity team made him the resident expert for mitigating Denial of Service (DoS) attacks. After interfacing with customers for years, Erik is bringing his customer-focused approach to his Product Manager role, helping to deliver first-in-class security services to TPx clients with unsurpassed customer support.