Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Ian Kilpatrick, Wick Hill Group: What Firewall Do And What Firewalls Don’t Do

March 2008 by Ian Kilpatrick, chairman Wick Hill Group

Over the last few years, security threats to companies have grown and altered dramatically and so have the defences. Traditional firewalls, installed over three years ago, are often not best suited for current threats and don’t protect against a number of newer threats.

What firewalls do

A firewall is a system designed to prevent unauthorised access to or
from a private computer network. Firewalls are frequently used to
prevent unauthorised Internet users from accessing private networks
connected to the Internet (often described as intranets). All messages
entering or leaving the intranet pass through the firewall, which
examines each message and blocks those that do not meet the specified
security criteria.

You need a firewall to protect your confidential information from those
not authorised to access it and to protect against malicious users and
accidents that originate outside your network. One of the most important
elements of a firewall is its access control features, which distinguish
between good and bad traffic.

There are various types of firewall. In ascending order, they are

* Packet layer
This analyses network traffic at the transport protocol layer.

* Circuit level
This validates that packets are either connection or data packets.

* Application layer
This ensures valid data at the application level before connecting.

* Proxy server
This intercepts all messages entering or leaving the network.

In the real world, threats have evolved over the years and firewalls
have evolved to deal with them. While it is still possible to buy packet
only firewalls, they are not adequate for business use. Protection
against combination threats is best provided by firewalls which combine
all of the above elements.

Specific functions performed by firewalls include:

* Gateway defence

* Carrying out defined security policies

* Segregating activity between your trusted network, the Internet and
your DMZ (a protected zone midway between your network and the Internet,
where you would perhaps have your web or email server).

* Hiding and protecting your internal network addresses (NAT)

* Reporting on threats and activity.

What firewalls don’t do

Even with a firewall, there are still many areas of risk for your
network. The most obvious is malware. Malware is a combination of the
words ’malicious’ and ’software’ and includes viruses, trojan horses,
worms, spyware/adware, phishing and pharming. Malware is most commonly
acquired through clicking on email attachments and email links.

Viruses, trojans and worms can cause a range of symptoms from the
annoying and/or embarrassing to the much more serious which can affect
the functioning of your business. Spyware/adware gathers information
about you. It can record keystrokes and, as such, can potentially be
very dangerous, revealing everything you do on your computer,

Another well-known threat, not covered by your firewall, is SPAM.
Dealing with SPAM can seriously affect your productivity and, as SPAM
often contains viruses and phishing emails, it is also a direct security
threat.

Phishing is about fake emails trying to extract sensitive information,
such as your bank passwords or credit card details and a variation of
this is pharming, where the criminal sets up a fake web site which looks
like one you normally use, typically a banking site. Once you enter your
details, the criminal is able to plunder your account.

Many people are also unaware that you can actually acquire malware by
simply browsing web sites. This is a rapidly growing threat and some of
the malware is used to create Botnets (see below). Some security
applications (e.g. those from Finjan) have a facility which protects you
against web sites containing malware, by checking the sites before you
click on them.

Another danger to your network is from a DDoS (distributed denial of
service) attack. This is a malicious attempt to prevent an organisation
being able to use its Internet based systems by flooding them with
emails until the servers are overwhelmed. These attacks are often
carried out by BotNet networks of compromised PCs, which are also used
in SPAM campaigns. Specific DDoS software can guard against this threat.

Other dangers to your network include unauthorised access, and the way
to deal with this is to have proper authentication procedures in place,
for both local and remote access. In many cases, passwords are not
enough and the use of strong authentication with tokens provides much
better security.

Further potential problems are from data theft or leakage, for example
when a laptop is stolen. The answer here is to encrypt all sensitive
data. Low cost solutions are available from companies such as Utimaco.
Finally all wireless use is risky and requires a specific wireless
firewall, and wireless VPN for remote access.

A firewall is no longer enough to protect a company network. Other
security solutions to combat the threats outlined above are also
necessary, as well as proper staff training.

One of the best ways to protect against the main threats not covered by
a firewall is to use a UTM (unified threat management) device. UTM
devices are multi-purpose security solutions which have a minimum of a
firewall, VPN, anti-virus and intrusion detection/prevention. Some UTMs
(sometimes known as super UTMs) also incorporate capabilities such as
web filtering (blocking problematic web sites), SPAM blocking and
spyware protection.

UTMs are usually lower cost than buying and installing several security
components separately. They are also typically greener, as one solution
uses much less power than multiple solutions. When buying a UTM or a
super UTM, it is important to ensure that your reseller sizes it
correctly i.e. ensures that it has the performance capability to deal
with current throughput and future business expansion. UTMs are
available from IT security companies such as WatchGuard and Check Point.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts