Get CyberSecure – Baseline Controls: Firewalls

Firewalls

As part of the CyberSecure accreditation, process businesses are required to “Establish Basic Perimeter Defences.” A number of technical instruments can be used to achieve this objective, but for the purpose of this article, we’ll focus on the one that is probably the most important to get familiar with – Firewall protection.

Introducing Firewalls

In basic terms a ‘Firewall’ is a technical instrument that allows controls to be applied to traffic passing across a network boundary; this of a border crossing between 2 countries. The intention of most Firewalls is to protect one network (the ‘trusted’ network) from threats that originate from the other (the ‘untrusted’ network); in most cases, the ‘untrusted’ network is simply the internet.

Two types of Firewall can be defined based on their location in a network and the infrastructure they defend. ‘Personal’ firewalls provide device-level protection, allowing controls to be placed on individual machines such as laptops, desktops, tablets and even mobile phones. A ‘boundary’ firewall, on the other hand, sits at the edge of an entire network and therefore protects all the devices that reside within it. Personal firewalls come in the form of software that often comes built-in to operating systems, whereas a boundary firewall may require the use of a physical appliance such as a dedicated firewall machine.

How do Firewalls work?

Firewalls allow for the enforcement of pre-configured rules which dictate which traffic is allowed to pass across the boundary of the network. Typically a ‘Firewall administrator’ is appointed to introduce new rules and withdraw obsolete rules as demand for services comes and goes. The administrator should apply restrictions to actions deemed high risk and restrict access to sites and services that either isn’t required for business functions or that may pose a threat to security.

Firewalls apply these ‘rules’ to network traffic using a concept known as ‘filtering.’ The 3 main methods of filtering are:

• Packet Filtering. A basic form of filtering that involves reviewing each packet of data and allowing or blocking progress based on pre-configured rules. Packet filters look at information such as source and destination IP addresses, protocols and ports. While relatively low-cost and easy to configure, packets filters are not impervious to attack by more advanced cybercriminals, who are often able to circumvent them.
• Proxy Server. Commonly found in environments where web filtering capabilities are important (such as schools and universities) a proxy server is a popular way to introduce Firewall protections. Proxy Servers sit between the end-user and the webserver of the site or service that is being accessed, acting as a sort of intermediary. They protect networks in a number of ways:
  • IP address concealment. Much like a VPN, a proxy server hides the IP address of the network device from which a request originates. This means the webserver doesn’t gain access to information such as details of the device making the request or your geographical location.
  • Most proxy servers offer encryption. This means that all data passing over across the internet between your network and the server will be in a coded form.
  • Web filtering capabilities. A proxy server is a popular method for applying web filters network-wide. Such filtering can be used to block website categories often associated with high levels of security risk, such as gambling sites.
• Stateful Inspection. While similar in concept to packet filtering, Stateful Inspection involves ensuring that inbound data packets can be matched up to a corresponding outbound request.

Deploying Firewalls

The size of your business’ network will largely determine how you go about deploying Firewall protection. In smaller networks consisting of only a few devices, software firewalls configurable at individual device level may offer sufficient protection. This in conjunction with proactive patch management, the use of anti-virus software and the removal of unnecessary software and services should be adequate to keep a small network secure.

This approach becomes impossible to manage when applied to larger networks, where a large number of devices means the firewall can only be effectively managed at the network’s outer perimeter. Larger networks may therefore require a dedicated Firewall server (which can be on-site or cloud-hosted) or a Firewall router.

Securely configuring and managing your Firewall

Simply having the presence of a Firewall isn’t enough, it’s important to configure and manage all firewalls as securely as possible as sophisticated hackers can exploit poorly set-up Firewall protections. Consider the following.

• Employ software Firewalls on mobile devices. Devices used to permit remote working must feature a software firewall. This is particularly crucial if such devices could be used on insecure public WiFi networks – a high-risk environment as far as data security is concerned.
• Configure ‘rules’ block unauthorised content. It’s important to introduce ‘rules’ to determine the traffic that should be ‘blocked’ or ‘rejected.’ Configuring ‘rules’ often requires balancing business needs with the requirement to keep data secure, and thus requires a dialogue between network administrators and departments.
• Delete ‘permissive’ rules when they’re no longer needed. A rule acts as an unlocked door that traffic can pass through when certain conditions are met. As time passes and certain rules are no longer required, the firewall administrator should delete them in order to prevent a large number of security loopholes from building up.
• Use strong passwords to protect administrator accounts. Administrative passwords should be complex and feature numbers, letters and special characters for added security.
• Limit administrative access. Consider appointing a single Firewall administrator, and only extend administrative permissions in cases where there is a compelling business need to do so. Additionally, consider additional security measures such as 2-factor authentication and limiting administrative control to certain computers.
• Keep a detailed record of Firewall Rules. The Firewall administrator should maintain a record of approved rules and manage the rule approval and removal process.

A fundamental technical element to achieving CyberSecure certification, Firewall protection provides that all-important first line of defence at your network’s edge.

We’re KDI 

Get advice, service and products that fit your unique needs. KDI is an expert partner for complete IT Services and Networking Support based out of the Greater Vancouver area. We are your one-stop IT solution, uniquely combining aspects of information technology, software development, and accounting expertise to make your work life easier.

Visit our contact page, send an email to info@kdi.ca or give us a call on (604) 574 7225.