A few years ago, there was a statistic floating around the internet about how quickly hackers could find unprotected computers. That number, between 6-10 minutes, was used to scare individuals into using firewalls and other security tools. Today, the time it takes hackers to find unsecured businesses isn’t all that different. Hackers can still detect and gain access to unprotected systems in under an hour.
In part, that’s because just like businesses, hackers are using automated tools to do the grunt work. These tools, called sniffers, are nothing more than bots that cruise around the internet looking for a computer that’s unprotected or poorly secured. When one is found, the controlling criminal is alerted, and they go to work breaching the system. Sobering thought, isn’t it?
Even more frightening is that many of the companies breached think they are secure because they use firewalls. But having a firewall isn’t enough. Businesses need to also understand how the firewall works and ensure that it is properly configured to protect the business.
Software Versus Hardware Firewalls
One confusing factor of using firewalls is that there are software firewalls and hardware firewalls. A software firewall is a piece of software that resides on a computer or server and protects individual machines against harmful traffic. Unfortunately, many companies rely only on software firewalls to protect their assets. Software firewalls are difficult to use and not always reliable for multiple computers or a network.
Hardware firewalls are an alternative and are used in situations where there is a network and several machines to protect. Connected to the network, all traffic is routed through the firewall appliance, which allows or disallows the traffic based on rules set by the user. The next challenge becomes apparent when it’s time to set those rules.
Configuration—the rules that govern how a firewall blocks and allows traffic—is one of the biggest problems with any firewall. A common mistake made by businesses installing a firewall, without the help of an experienced professional, is leaving the settings in the default, out-of-the-box configuration. Criminals know what these configurations are and will exploit them. Sending a sniffer across the web to find misconfigured firewalls is easy. The problem is so prevalent that Gartner Research estimates that 99 percent of all firewall breaches through 2020 will be caused by misconfiguration.
Some of the settings that aren’t changed, or that are not set correctly include:
- Broad policy configurations. When putting a firewall into place, one of the most common mistakes is to set policies to broad approvals intending to narrow them over time. But IT staff are busy, and what usually happens is that the broad permissions are never retracted. A safer way to configure the firewall is to narrow permissions from the start, called the principle of least privilege, and then widen those permissions as necessary.
- Unconfigured port restrictions. Firewalls have numerous ports that are open all the time. This means that traffic can flow through those ports without restriction and criminals know that. They look for these open ports and use them as a way into your network. Once there, they have access to everything on your network. Firewall administrators should ensure all open ports that aren’t required are disabled. For those that are required, protection should be put in place to monitor the traffic that flows through them.
- Firewalls that aren’t monitored. Putting a firewall in place and not monitoring it is like mixing a cake but not putting it in the oven. The job is only half done. Monitoring enables features like alerting for unusual traffic or potential cyberattacks. Administrators are alerted as soon as something out of the ordinary happens, so they can verify the attempt was blocked and determine what next steps are. If something made it past the firewall, alerts reduce the time to response.
Finding the Right Firewall
Choosing a firewall can be a maddening process. Features vary with each different model of the appliance, and some are more effective than others. When looking for the right firewall, companies should first take their business needs into consideration. For most, a next generation firewall (NGFW) appliance is the best option. NGFWs include advanced features such as web and spam filtering, built-in antivirus, and encryption.
Firewalls are foundational to proper network security. However; a firewall that’s not sufficient to protect your network, or that’s poorly configured can be as dangerous as not having one. Protect your business by taking the time to ensure that the right firewall is in place and that it is configured properly.