By Andreea Andrei, Marketing and Business Administration Executive at The Cloud Computing and SaaS Awards
This article is part of an A to Z series by Cloud and SaaS Awards, continuing with F for Firewall
A firewall is a software program or hardware device that filters and analyzes information that comes through an Internet connection. It represents the first line of defense because it can prevent a malicious program or attacker from accessing your network and information before any potential damage is done.
Types of firewall
A proxy firewall is as close to an actual physical barrier as you can get. Unlike other types of firewalls, this one acts as an intermediary between external networks and computers and avoids direct contact between the two.
Like a gate guard, it basically watches and evaluates incoming data. If no problems are detected, the passage of data to the user is authorized.
The disadvantage of this type of security is that it sometimes interferes with incoming data that does not pose a threat, which reduces functionality.
Stateful inspection firewall
A stateful inspection firewall, now considered a “traditional” firewall, allows or blocks traffic based on state, port, and protocol. Monitor all activity from opening to closing a connection. Filtering decisions are made according to the rules defined by the administrator and the context, which refers to using information from previous connections and packets belonging to the same connection.
Unified Threat Management (UTM) Firewall
A UTM appliance often loosely combines the functions of a stateful inspection firewall with intrusion prevention and antivirus. Additionally, it can include additional services and often cloud management. UTMs focus on simplicity and ease of use.
As their name suggests, UTMs centrally manage most of the threats that can affect an organization. The main functionalities that they incorporate are:
- Intrusion detection and prevention systems “IDS/IPS”
- Virtual private networks or VPNs
- Wi-Fi wireless network protection systems
- Content filtering
Next Generation Firewall (NGFW)
NGFW is, very briefly, a firewall that is capable of applying access control at level 7 (application layer). This means that these firewalls understand the different applications that generate the traffic that passes through them, and they are not limited exclusively to letting it pass because they have a rule to allow TCP port 80, but they are able to distinguish the traffic of that port 80 and see if they are connections from Facebook, Gmail, YouTube, to give a few examples.
But an NGFW does more than that. In fact, it is a set of security features that used to be on different devices, and the concept of NGFW has been unified in the same device: the Firewall. This has been possible thanks to the technological progress of processors and hardware in general, as progress was made, firewalls were given more power and they could do more and more things.
What key aspects to look for when choosing your firewall?
- Number of concurrent users the device will support (connected locally, via Wi-Fi, via VPN, etc.)
- Number of concurrent sessions
- Configurable ports. Calculate the number of LAN ports you need depending on the size of the network: local area network (LAN), wireless network (WLAN) or DMZ. Properly size the device based on the growth that may occur, so that it is operational for a period of approximately 3 years. The models for medium-sized companies (around 100-150 users) already incorporate high connectivity ports (1 Gbps – SFP), 10 Gbps SFP+ ports, and fiber.
- USB ports. Very useful to configure 3G/4G networks and offer them as an alternative to access the Internet. They are also used to make a backup of the device configuration.
- WAN ports to offer redundancy or high availability of lines. That is, configuring the device so that in the event of a service outage, with the Internet Service Provider (ISP), it can automatically have access to the Internet through a second line.
- Ease of administration, with an interface as intuitive as possible, with reports preparation. Take into account e.g. that the process to carry out the firmware update is automatic.
- The throughput, which is the processing capacity when performing a certain function. The most prominent are:
– VPN tunnels – secure connection between the office and a remote worker; or between multiple offices.
– Intrusion Prevention System (IPS) – packet inspection and behavior analysis.
– Proxy – basic perimeter antivirus, which is the first line of defense to protect the internal network. NGFWs incorporate many functions in a single device, but keep in mind that having all the available functions activated causes a significant drop in performance.
- Wifi. Some models incorporate antennas and allow having a wireless connection in your company. Take into account the quality of the signal since if we are in a very large office, or if there are blind spots, it will be necessary to add access points that give the correct coverage to all users.
If the firewall does not have antennas and is limited only to physical connections, it will be necessary to install Access Points (APs) that provide Wi-Fi connectivity to users.
- Detection and protection system against Advanced Persistent Threats (APTs) and targeted attacks (endpoint integration), as well as user and application visibility.
Tips to strengthen your firewall
All sectors have been forced to tighten the security of their networks and strengthen their online protection due to the increase in cyberattacks. According to the 2022 Cyber Threat Report by SonicWall, there were 623.3 million ransomware attacks last year worldwide, an increase of 105% compared to 2020.
It is important to note that almost all digital threats monitored increased last year, including encrypted threats, IoT malware, and cryptojacking. Thus, an understanding of how your firewall can be strengthened can be useful in current times.
Set only the firewall rules that are really needed
A firewall intercepts all communication and decides whether information can pass through the devices. By default, they block all incoming and outgoing traffic, it is as if they aren’t even connected to the Internet.
While this is a very secure state, you have to create a set of rules to tell the firewall what you consider to be secure.
As rules are created to allow traffic in and out, they also create small holes in the firewall through which the traffic flows. Therefore, the more rules created, the less secure the network will be.
Perform frequent reviews of your firewall settings
With these reviews, you will keep your device synchronized with the needs of your users and as IT administrators it allows you to have control of the needs of the device, updates, policies and guidelines are essential for constant review. It is recommended to create a weekly review schedule.
Validate pending updates of the system
Device updates serve 3 purposes:
- Deliver new functionalities and features;
- Correct errors or bugs;
- Improve performance on device resources.
An updated system guarantees not only protection against threats or suspicious behavior, but also allows your device to maintain its performance and workload level, which will result in a firewall that will operate correctly, both logically and physically. This is why is important that, within your administration activities, you perform tasks to validate the pending updates in the system.
Overall, firewalls prevent many attacks. They also prevent remote access to enterprise workstations and servers by isolating a network and the Internet at large, like a retaining wall.
Information is so important to achieve the objectives in organizations that it is considered the most important asset. Therefore, it is subject to various threats, such as theft, counterfeiting, fraud, disclosure and destruction, among many others.