Firewalls remain a critical component to every business' IT security posture. Much like a firewall in a physical building, they are designed so that if one part of the network is under attack, other systems on the same network are able to remain unharmed. Let's look at some interest facts about firewall protection that give weight to their importance.
Types of Firewalls
Firewalls can exist either as dedicated hardware appliances, software on a machine, or as a managed service. Home users typically have access to a software firewall through their operating system that they can typically control themselves, including shutting it off altogether.
Hardware appliances are usually routers that include a built in hub and network card. Other systems will connect to this router to access each other and the Internet.
Firewalls further distinguish themselves by the mode of filtering that they operate. There are 3 such filtering mechanisms:
- Packet Filtering: Based on how you've set up the firewall, you can establish which packets of data are allowed to flow through your network. Any packets that are unwanted will be dropped by the firewall
- Proxy: A proxy firewall will act as the intermediary between a recipient and an external system. This results in your system IP addresses being hidden from attack as well as providing the protection that firewalls provide.
- Inspection: The firewall inspects each packet that flows through it, deciding whether to drop it based on particular characteristics such as an email that contains vulgar language.
How They Function
Firewalls are driven by security rules which your administrators would establish. For example, one rule might be to allow only one system Telnet traffic and deny to all others.
Firewall protection rules can typically accommodate the following information for rule creation:
- IP Addresses: It's possible to block certain machines based off of their IP address on the Internet. This can be useful for example, if you noticed an unrecognized system attempting multiple unsuccessful login attempts to a mail server. Moreover, you can even make the decision to block off entire countries that are hotbeds for attackers if they are not within your clientele scope.
- Domain Names: Your administrators can block access to particular websites such as Facebook, or only allow a specified subset of sites to be accessible, such as all ending in .edu. Why would you want to do this? Recent statistics indicate that the average employee admits to wasting up to 3 hours a day surfing the Internet.
- Protocols: For each system on your network, you can decide what services you want to permit on them. This is an important step to security hardening as you want to minimize available services. Each service that is available is the equivalent to a window in a house. If just one window is left open via a vulnerability, this can allow an attacker to slip through.
- Ports: A service can potentially run through any port so for more control, you may wish to align services to specified ports. This helps prevent rogue services from being run by employees, such as an FTP server at someone's machine.
- Keywords: Modern firewalls allow sifting through all the data flowing through the network to block out particular keywords that are perceived as intrusive data. For example, you may wish to block offensive language or adult-oriented web sites.
Armed with this knowledge, you should now have a better understanding of why firewalls are a critical component to your network security. If you'd like to learn more about managing your IT security, click the link to our whitepaper below!