Does your company use a firewall? How do you secure your network borders? Is network perimeter protection important? Let's review some concepts to help with these issues.
firewall
A firewall is a security device that controls the flow of data on a network. With it, you can filter traffic, configuring what should pass through and what should be discarded. It can be installed between two different networks, between two segments of the same network or even on an end equipment connected to the network.
The origin of the term firewall explains its concept well. The word emerged in the 17th century to identify a type of wall, used in civil construction, whose material prevented the spread of fire. These fire walls, or firewalls, were used to increase the safety of buildings, preventing a possible fire from spreading to other parts of the building.
When correctly configured on a computer network, the firewall works as an additional layer of protection against external attacks and increases the security of the company's network, equipment, systems and information. Typically, the firewall is one of the main defenses at the perimeter of a private network, being an essential component in protecting against unwanted traffic and intrusion attempts.
In IP Firewall, the more traditional structure allows the creation of rules for blocking or releasing packets based on characteristics such as protocols (TCP, UDP, ICMP, etc.), services (HTTP, HTTPS, IMAP, SMTP, etc.), ports ( individual ports, lists or ranges) and traffic source and destination IP addresses, including host addresses, networks and address ranges. It is possible to configure each rule for log generation, if desired, in order to keep a record of all blocked and/or released connections.
Network perimeter
The internet is an environment with not very explicit borders. You are responsible for understanding the perimeter of your private network and securing it. If your network has resources that need to be accessed externally, you need to control exactly what can be accessed, and from what source.
The perimeter separates networks with different levels of trust, such as, for example, private internal network (trusted) and external internet network (untrusted). You can also separate networks with different roles, user groups, or other criteria.
The firewall, being a perimeter protection mechanism, is positioned at its edge: by controlling the traffic that passes through the firewall, we will be controlling what enters and leaves the protected perimeter.
Why secure the network perimeter?
It is needless to say that the company's networks, equipment, systems and information need to be adequately protected to reduce risks and maintain competitiveness and business continuity. Protection can (and should) be provided for each piece of equipment and each system, at all levels where this is feasible.
The scalability of individual protection for all equipment and systems on the network, involving protocols, services, ports and addresses, is the problem. In a network with 5 devices, not so much. However, in a network with 20 devices, it is starting to be a challenge.
Desktop computers, notebooks, servers, NAS storage, Android smartphones, iPhones, TVs, surveillance cameras – are you sure that all of this equipment is 100% free of vulnerabilities and closed against intrusion or abuse? That wouldn't be possible. And this is one of the main reasons why protecting the network perimeter is a very relevant security measure.
Currently, protecting equipment connected to the network is as essential as seeking to protect business information. To protect business information, it is necessary, among other things, to protect the equipment and systems that store and process this information.
Equipment connected to the network, its operating systems, internet browsers and other software components have vulnerabilities. Many already corrected, many yet to be discovered, exploited and abused, increasingly quickly, even before the developer or manufacturer prepares and distributes the respective correction.
The perimeter firewall prevents unwanted external traffic from crossing the network edge and accessing potentially vulnerable internal network systems and equipment, which would constitute an invasion. Likewise, it prevents internally originated connections from accessing prohibited external resources, depending on the implemented settings.
Even though much of the work and business information is currently in the cloud – usually in protected environments – it is also necessary to protect the equipment that accesses such information. As long as the devices used for access are within the perimeter of the company's private network, protecting them is the company's IT management responsibility. A firewall to protect network borders is a feature that typically provides a valuable additional layer of protection.
An example of exploiting vulnerabilities in equipment is the botnet called Satori, also known as Mirai Okiru, which invades equipment connected to the internet and gains control over them, forming a gigantic network of remotely controlled “zombies”. With this, the botnet obtains a great processing capacity and connectivity, and can be used to send mountains of spam or massively attack a website until it takes it down. The Satori botnet, very active in 2018 and with a significant presence in South America, takes advantage of two vulnerabilities: CVE-2017-17215, whose attack is directed to port 37215; and CVE-2014-8361, with an attack on port 52869.
An infected device becomes a zombie and searches its own network for other vulnerable devices so that it can spread the malware and expand the botnet.
But the question is: which Firewall solution should I use on my network?
Below, we list some Firewall solutions aimed at corporate environments, and which we believe are worth analyzing functionalities and values, according to your company's needs.
Firewall Solutions
Currently, the main network firewall solutions offer complementary features that go beyond the packet filter that is the IP Firewall itself. Features such as load balancing (to use multiple internet links), VPN connections (for secure remote access to the company network) and webfilter, to more precisely control which sites are allowed and which sites are blocked, are offered. , for safety and productivity measures.
As a way of exemplifying Firewall solutions, below are examples of the firewall configuration interface in different solutions. The focus at this point is configuring the IP Firewall , that is, the packet filter that controls traffic between networks based on protocols, services, ports, source and destination IP addresses.
FortiGate
See more about FortiGate solutions (content in English)
SonicWall
See more about SonicWall solutions
Lumiun
See more about Lumiun Firewall
Sophos
See more about Sophos Firewall
pfSense
See more about the pfSense solution (content in English)
Linux iptables
See more about netfilter and iptables (content in English)
Conclusion
Yes, your network needs the protection of a firewall at the border with other untrusted networks, such as the internet.
Unless: there is no equipment on this network; or that this equipment and its systems are permanently free from vulnerabilities (both old and undiscovered); and only information circulates in this network whose loss or publication is irrelevant – in this case, there is no need for a firewall.
Therefore, it is understood that it is normally important to have the protection of a properly configured firewall on your network.
It is up to those responsible for business management and Information Technology to adopt, maintain and review actions aimed at protecting business information. Protecting the perimeter of the company's network is an important action for the security of the network and the information that travels through it.
To implement a new firewall on the network, accurately and effectively, with less hassle and fewer complications, try to understand which solution is most suitable for your company size and profile. Features such as predefined configuration policies, firewall rule templates, management via a cloud panel and permanent technical support, which are offered by some solutions, can make a big difference in deploying and operating the solution with security and reliability.
Until later!
6 comments
Comments closed