We are starting today with the topic of firewalls, explaining what a firewall is and what you should consider when using it.
Table of Contents
What Is a Firewall?
A firewall can be described as a barrier protecting entire networks and separating network areas from harmful data traffic and hacker attacks. The network firewall is installed at the border between two networks. This boundary is usually between the World Wide Web and the company network. There are also so-called client firewalls that are installed stationary and only protect the end user’s computer.
Firewalls exist as hardware and software versions. All incoming and outgoing data traffic is examined by the firewall and checked using specific previously configured criteria. Data traffic is permitted if it meets the requirements set. If not, the traffic will be blocked. The data traffic is filtered based on the following criteria:
- Address filtering: source, destination addresses, and port numbers are checked
- Protocol filtering: the type of network traffic is limited, e.g., HTTP or FTP
- The attributes or the status of sent information packages are also checked
The importance of a firewall seems to have arrived: “All of the companies surveyed use virus scanners, firewalls and password protection for computers and other communication devices,” says the press release on the study. However, firewalls do not automatically offer the necessary protection; it depends on the configuration.
The answer to the question of how to properly configure a firewall is constantly changing. It is worthwhile to have the company’s firewall professionally audited. If you have any questions on the subject, please do not hesitate to contact our trained security experts. Why are regular exams practical? Applications, users, and new devices can be added, access authorizations change with the distribution of tasks and roles in companies, clouds, and mobile devices are introduced. Firewalls are valuable for protecting stationary IT and monitoring applications in the network, in the cloud, or on mobile devices. In addition to changes to the existing IT landscape, changes in the threat environment also make regular checks and adjustments necessary. If this does not occur, rules that have been set can deviate enormously from the actual protection requirement, which opens the door for attackers to spy out confidential data. How often tests are required depends mainly on the risk situation and changes in the existing IT.
It is essential not only to compare the configuration of the firewall with reality regularly. The firewall logs are also ideally protected. This means that records are encrypted and audited according to the four-eyes principle and stored with as little data as possible.
Different Firewall Approaches
Firewalls can follow different approaches: the most straightforward implementation would be the packet-filtering router. Various packet filters are configured on the router, which controls the data traffic with the sender, destination addresses, and port numbers. Common IP routers work with this method as the standard. Forging an IP address, which is easy to implement, is enough to gain unauthorized access. Because it is a straightforward process, it is also relatively inexpensive and unsafe if you do without further measures.
If you connect a firewall system between two packet-filtering routers, the “bastion host” process is created. An external router is responsible for filtering the IP traffic between the bastion host and the Internet; an internal router only allows IP traffic between the internal network and the bastion host. The protection is very efficient and expensive since a firewall system is required in addition to two routers and the configuration effort is relatively high.
Many companies find a well-administrable and efficient solution with a firewall server. Because this master these functions: internal and external firewall router, bastion host, and Internet application server. A complete solution has thus been found that includes all servers for all relevant Internet services. Several methods of filtering and controlling access ensure that a high level of security is achieved.
Attack Scenarios Against Firewalls
Break-ins apply to the most common attack scenarios: attackers use the foreign computer for themselves. This means that user data, IDs, and files can be spied on and manipulated. Break-ins very often go undetected; Attackers can sneak their way through without a trace. The paralyzing of service is also a common scenario: other users should be prevented from using a specific computer or port. This form of electronic sabotage can destroy data and cause the device to fail. Most attacks of this type are staged with information overload, which means that the intruder overloads the system or network with network inquiries, messages, or other processes to such an extent that the user can no longer work effectively. It would also be conceivable.
Unfortunately, usernames, passwords, and IDs are often transmitted unencrypted in clear text, which means they can be intercepted within the network. Attackers also use this to steal information. Network technologies such as the almost ubiquitous Ethernet or Token Ring make the entire network very audible in the local network. As with break-ins, attackers often leave no trace, so information theft is seldom discovered.
Check The Firewall
Although every company has different risks to cover, there are some general guidelines for configuring and widespread firewalls. This involves first finding a formal process to test and approve the settings of the firewall. In this process, the above changes to the IT landscape should be taken into account. When configuring the firewall, you should also assign minimum access and connection authorizations—the smaller the circle of access, the lower the potential risks.
In addition to the firewalls for your networks, consider firewalls for applications, clouds, and mobile devices. When checking, please check whether the respective firewalls are active and whether the configurations are correct – the development of a formal process helps here. If changes to the rules and regulations are made to the firewalls, these must be revision-proof, justified, and, last but not least, documented. Firewall checks should occur very regularly, and ideally, the logs are evaluated according to the four-eyes principle.
If you use firewall audit tools, please check whether the agency could optimize the firewall configuration. Also, check whether the device supports all firewalls that you use in the company. You should ideally contain the structures of such a tool in a test environment. Are incorrect settings reported? Do the tool match the hardware and software firewalls used? Can you draw any meaningful conclusions from the log files? And do you keep these reports tamper-proof?
Clean Up The Firewall Rules
As you can see from the previous information, the set of rules of a firewall is one of the most critical points. It is essential to clear out the rules regularly and to adapt them to current circumstances. We cannot know your current situation, but there is also some general information for clearing out the rules catalog, which we would be happy to present to you. Over time, many regulations accumulate, and performance can suffer, primarily when several administrators work on the same firewall. Maintenance is made more complex, and security risks increase. There are essential rules for an online shop operator, such as the PCI-DS standard, which requires you to remove unnecessary restrictions and objects. The following best practice approaches will help you clean up your firewall and router rules; You can work through all points manually. If you use software to manage the configuration, most things will take place automatically:
“Shadow” – & delete new rules: Contradicting rules are referred to as “shadow” and have no effect whatsoever. The same applies to unused or expired rules. Delete this.
- New connections: If source/destination/service routers are entered that you are not using, delete them.
- Naming rules: Record the naming of the rules and keep them so that everyone can understand the rules. Use logical formats, for example, “computer name” _IP for your hosts.
- Duplicates: delete object or rule duplicates, e.g., services or hosts that appear several times under different names.
- Long rule sets: Get used to breaking long rule sets into legible pieces. For example, set a maximum of 20 rules per ruleset. It is also essential to reduce the complexity of a group of controls by ensuring that regulations never overlap.
- Documentation: Rules, changes, names, and objects are documented, including their use, and stored securely.
- Zone-based compliance policy: after you have defined the guidelines, check them using an audit report.
- Priority of the set of rules: Frequently used rules should be sorted from the top. Many firewalls process packets using appropriately optimized algorithms so that the order does not matter. If yours is not one of them, you should sort the rules by priority to ensure clarity.
- Separation of firewall and VPN: if you separate your firewalls from VPNs, the VPN processing does not bring the performance of your firewall to its knees.
- Current software: New versions often get security and performance advantages, but sometimes also new functions, so there is not always an increase in performance. So that attackers cannot exploit old loopholes, make sure that your firewall is up-to-date.
- Interfaces: The firewall interfaces are matched to the switch and router interfaces. Means: if your router works half-duplex, your firewall should also be configured to half-duplex. The firewall and switch ideally report the same duplex mode and the same speed.
Firewall Failure – What To Do?
The best and most transparent rules are of no use if the firewall fails – failures can last from minutes to hours. To be prepared, take appropriate precautions: it may not be enough to have a replacement device available if the firewall fails, but this replacement must start automatically in the event of a failure. For example, you can have one firewall configured and active while another is a standby firewall. Connect the two devices with a failover cable – an appropriately modified serial link cable is sufficient here. Configure so that both firewalls send messages to each other at a specified interval, roughly every few seconds. If communication remains unconfirmed, require further communication attempts. If these also remain unanswered,
Coupling the firewall with a monitoring module is also advisable. This ensures that the content to be blocked is blocked. Integrate alarm mechanisms that notify you of any irregularities and errors.
The Firewall: Conclusion
Firewalls are essential to protect your online shop from manipulation, access, and espionage. Due to the possibility of distributing access rights, firewalls safeguard against any unauthorized access from both inside and outside. Unwanted traffic is blocked so that the firewall also protects your systems from malware. In summary, it can be said that a firewall ideally …
- controls access to the Internet and network,
- secures the data traffic for incoming and outgoing connections,
- applications proactively maintained,
- protects privacy and
- alerts you to activities that deviate from the routine and are therefore suspicious.
A firewall is undoubtedly part of essential protection but cannot guarantee security on its own. study mentioned at the beginning shows, all of the companies surveyed use a firewall. However, just activating the firewall is not everything: the configurations must be individually tailored to your risks and your IT landscape. Thanks to the firewall, if you check and log in regularly, your online shop is considerably more secure.