Protecting the enterprise was a far easier endeavor ten or more years ago. Companies primarily relied on the castle wall strategy of protection with the utilization of a strong firewall perimeter that encircled the servers, users and workstations within the confines of the on premise enterprise. It felt safe and pretty much was. However, much like the reliance on the medieval castle protection strategy that was eventually thwarted by the invention of gunpowder, trusting your network to the singular protection of a perimeter firewall is no longer enough. This is due to both the growing sophistication of the tactics used by cybercriminals as well as the evolvement of the enterprise itself. Businesses that have a web presence require triple firewall protection strategy today.
The Network Perimeter Firewall
The network firewall still serves as the foundation piece of your company’s security strategy. Its job is to protect the internal network from external threats originating from the Internet and secure outgoing traffic as well. Basic firewall protection does so through the opening and closing of ports. This requires a security professional to analyze what types of applications are utilized within the organization. Although this type of protection is still required, hackers rarely attack enterprises through port scans anymore. For this reason, firewalls now offer additional services and components in order to analyze traffic and terminate malevolent traffic streams. This multi-faceted approach is commonly referred to as Unified Threat Management (UTM). A UTM is an all-inclusive security solution that offers multiple security functions within a single system.
UTMs include intelligence-based services such as an Intrusion Detection System, (IPS) which analyzes incoming packets in order to identify suspicious activity. Once detected, an IPS will issue an alert and then attempt to eliminate the threat. Antivirus gateways have become a staple in order to cleanse incoming web traffic of malicious code and viruses. Basic web filtering is another popular component today as web filtering encompasses much more than eliminating games sites and web sites exhibiting poor taste. Web filtering also combats known launching sites for malware as well as parked sites that can be used for malware delivery or typosquatting. Some UTM devices even scan traffic at the layer 7 application layer to discern undesired traffic such as peer-to-peer traffic or media streaming.
A firewall is only as effective as its configuration however. Often times, outgoing firewall rules are ignored, yet their inclusion is vital to prevent outgoing SPAM and worms from spreading to the Internet, which can result in the blacklisting of your public IP addresses. It is important to have a knowledgeable cybersecurity professional on staff or contract one for implementation and support. For smaller businesses can utilize a managed services provider.
We live in a mobile world today in which computing devices are regularly transported outside of the protection of the enterprise perimeter. In these instances, your company laptops and tablets are completely vulnerable. For this reason, it is imperative to enable and configure a software based firewall on all mobile computer devices. Fortunately, Windows operating systems are integrated with an effective firewall component so no additional cost or licensing is required. Windows Defender, which is included with Windows 10 goes beyond the mere routine of port protection and is constantly being updated in each subsequent branch update with new features including intelligence based scanning. A host based firewall can also serve as a tool of last resort when the device resides within the enterprise itself. Again, a local firewall must be configured correctly to not only protect the host device, but also not inhibit its users from running authorized applications and tasks required to do their job.
Web Application Firewall
There were 4,149 data breaches in 2016 resulting in the compromise of more than 4.2 billion records. This seems surprising to many companies today as nearly all enterprises employ enterprise level firewalls to protect their infrastructure. The problem is that a network perimeter firewall is designed to protect the network at large. It can shield the servers that make up the hosting infrastructure for the web application site, but does little to combat malicious code and is unable to discern the complicated interaction exchanges between users and the application. Just as an online retail customer can interact with an online retail site, hackers can conduct malicious interactions as well. These attacks predominantly occur as SQL injections, cross-site scripting and malicious file executions. A modern day WAF is designed to protect against these and other OWASP Top Ten application risks. WAFs are able to discern fraudulent interactions from legitimate traffic. This is a highly complex task as hackers today weave their attack code within safe-looking website traffic. A WAF accomplishes this by intercepting and analyzing each and every HTTP request before they reach the web application. Because a WAF is a highly specialized and expensive security tool, many businesses choose a managed services provider rather than expend precious capital on the purchase of one.
Protecting your enterprise is no longer an easy feat today. Threats of all types come from all angles. By implementing a triple firewall protection strategy, your enterprise can be prepared to combat them on all fronts.
Please call NSC Information Technology Group at 713-974-3889 if you need to tighten up your security.