You may have heard of firewalls and how they are an essential part of your computer and network cybersecurity strategy. In this post, we describe what a firewall is, why they are essential for cybersecurity, and how to set up and maintain your firewall security system.
What is a Firewall?
A firewall is a device designed to restrict unauthorized access to a network or computer. It’s similar to a digital gatekeeper: it lets anyone out the door but only specific, authorized parties can come inside. Computers have a variety of different ports with different uses. For example, ports 80 and 443 are used for web traffic, while port 25 is a typical email port.
Additionally, a firewall is designed to restrict network traffic on a per-port basis. For example, an organization wants email traffic to be able to move between their network and the wider internet but may want network folder sharing to be restricted to computers within the protected network. Firewalls are designed to implement these security controls.
There are two main types of firewalls: host-based and network-based. A host-based firewall is one that runs on and protects a single computer. Standard operating systems (Windows, Mac, and Linux) come with built-in host-based firewalls. Enabling these built-in firewalls is a good idea since it protects your computers from threats that may have already breached your perimeter defenses.
Network-based firewalls are commonly used by organizations to protect the network as a whole. They can be built into routers or implemented as standalone devices. Most organizations have a firewall at the network perimeter limiting access to the network from the wider network.
Firewalls can also be used to segment an organizational network based on access requirements and protections. For example, computers within the enterprise that have access to data protected by regulations (PCI-DSS, HIPAA, GDPR, etc.) are commonly located on network segments separated from the rest of the organization’s network. This simplifies security of the protected data by drawing a firm line dividing “trusted” devices allowed to access the data from “untrusted” devices that are not.
Network-based firewalls are an essential part of your organization’s “perimeter” cyber defenses.
The Importance of Firewalls for Organizational Security
Firewalls are designed to be an organization’s first line of defense against cyber attacks. By limiting the traffic that crosses the network boundary to only authorized traffic, a firewall protects many potentially exploitable internal programs from danger.
Without a firewall, there is no clear boundary between “inside” and “outside” your network. The filtering provided by a firewall solution ensures that anyone inside your network can easily access external services but prevents external computers from initiating connections to internal computers – unless they meet specific access requirements.
Installing, configuring, and testing a firewall solution is an important first step in building a secure network.
Firewall Deployment and Testing
Once you have decided to install a firewall on your network, the next steps are choosing a firewall, configuring it, and ensuring that it works.
Selecting a Firewall
Firewalls come in various shapes and sizes. They can range from the most simple firewalls that accept or block traffic on a per-packet basis to stateful firewalls that make their decisions based on the complete history of a connection between two computers to Web Application Firewalls (WAFs) that are specifically designed to block certain types of frequent attacks.
Choosing the correct firewall is essential for protecting your network. For example, a more powerful firewall may be the best choice at the network perimeter, but you may not need all of this functionality when dividing two network segments.
An organization review can help you determine the threat detection that is best for your organization’s specifics needs and use cases. By identifying the specific types of data that your organization (and its firewall) needs to protect and the most probable types of attacks your organization will face, cybersecurity can help you determine where your organization needs to deploy a firewall and what kind will best fulfill your needs.
Setting Up Your Firewall
Like any other gatekeeper, firewalls need a way to determine who should be allowed in. The list of criteria that a firewall uses to decide whether to approve or deny traffic is called an Access Control List (ACL).
Defining the specifics of the ACL is the most important part of setting up your firewall solution. Defining the access controls too loosely can be as dangerous as having no firewall at all, since it may allow traffic to pass that could compromise your network’s defenses. On the other hand, too restrictive of access controls can make it impossible to do business as legitimate traffic is blocked. Access controls should be based on a thorough analysis of the organization’s business needs and the network requirements needed to support them.
Firewall ACLs are typically set up using a Default Deny access control policy. This means the firewall will deny traffic the ability to enter the protected perimeter unless it is told otherwise. The result of a mistake in writing a firewall ACL is bad, but Deny All errors are better than Allow All errors. An error defining an exception to a Deny All rule blocks legitimate traffic (which is bad).
An error defining an exception to an Allow All rule allows malicious traffic in (which is worse).
From this Default Deny policy, the firewall’s access controls are built up using rules that allow specific types of traffic to particular computers. For example, the company web server should be entitled to receive requests on ports 80 and 443 since these are the ports used for legitimate email traffic. However, these same ports should be blocked to other computers that don’t need to host externally-facing webservers.
Testing Your Firewall
Once a firewall has been chosen and configured, it’s necessary to ensure it’s working correctly. This involves a logical review of the network’s design and a technical analysis of the network defenses to ensure things are running perfectly.
A logical design review involves many of the same steps taken when choosing a firewall solution. The entire network diagram and the firewall ACLs should be reviewed to ensure the firewalls are actually protecting the network.
A technical review of the network defenses includes a penetration test of the network defenses to ensure the network defense plan is in place. If this plan has oversights or is improperly implemented, it can leave the network vulnerable to attack.
It’s important to find a service that evaluates whether your network defenses are protecting your organization’s sensitive information from cyber threats, leaving you stress-free and able to sleep better at night.
Why You Need a Firewall
Firewalls are the first line of a network’s cyber defense. This significantly decreases the threat surface of the network by blocking numerous ways in which a hacker can infiltrate the network.
Once a firewall is selected and configured, monitoring is essential. Continuous monitoring services are designed to help detect and respond to any potential cybersecurity threats that live in your network.
If your organization stores, processes, or transmits customer personal data or performs other functions protected by data protection laws and regulations, implementing a basic cybersecurity solution is a common requirement for maintaining compliance. Failing to implement and properly configure a firewall is commonly considered a failure to meet the minimum cybersecurity and may result in your organization being fined or facing legal action.
Schedule an assessment today to learn how you can better your organization’s network!
About the author
Contact CyberDefenses today to learn how we can help your company’s cybersecurity needs.