Keeping your front door locked is the first step in keeping intruders out of your home. Keeping your network’s front door locked is the first step in keeping intruders out of your systems. A firewall provides that first line of defense for your business; here’s what to look for.
It used to be relatively simple for firewalls to offer protection. They blocked or allowed access based on rules regarding ports, protocols, applications, and IP addresses. It could be administratively challenging to keep track of the reasons behind the rules, making maintenance difficult, but the overall idea was straightforward.
Today the protection offered by firewalls needs to be much more technically robust and flexible. Threats come in so many varieties and are created and modified so frequently that limits based on lists of ports don’t offer enough protection. Instead, firewalls must:
- protect applications regardless of port. Applications today aren’t always run on standard ports, so application-based controls need to be able to identify applications no matter which port they’re using.
- control applications at the feature level. The firewall also should offer fine-grained controls to ensure application usage conforms to corporate policies. Many online services offer multiple functions, only some of which may be allowed.
- identify users appropriately. IP addresses aren’t enough to determine who’s accessing your network. Where possible, user-based policies ensure access is limited appropriately no matter where a user connects from. Remote users need the same access and same limitations as on site users.
- inspect encrypted traffic. It’s ironic that encryption keeps traffic safe as it travels over external networks but hinders safety once the data reaches your network. SSL inspection is critical to protecting you from dangerous traffic, but needs to be performed rapidly with minimal performance impact on end-users.
- cope with the unknown. It isn’t enough to scan the traffic you expect; your firewall needs to be able to inspect and manage the traffic you know nothing about, including unknown applications and atypical ports. Blocking unknown traffic may prevent users from accessing needed services, but allowing unknown traffic presents a high risk to your systems.
- minimal performance impact. We mentioned above that SSL inspection can potentially cause performance issues users notice; that’s not the only possible performance impact. Since all your network traffic goes through your firewall, even if all your firewall did was automatically say yes to everything, it would be a potential bottleneck due to volumes. Firewalls need the appropriate amount of ports, CPU capacity, and network in order to do their job without keeping other systems from doing their own jobs effectively.
Firewalls require oversight, but a solution with an easy to use dashboard and minimal routine administrative work eases the impact on your team. It’s also important that your firewall logs capture detailed information that can flow into analytics programs to identify possible attacks on your network.
Finally, the cost of your firewall needs to fit your budget, but balance that investment against the potential costs of doing nothing. The estimated cost of a data breach is $150 per record stolen, according to the latest Ponemon report. With malicious attacks the main cause of breaches, the value of a firewall is obvious.
CCS Technology Group offers security services that guard your sensitive data with firewalls and other protective technology. Contact us to learn more about implementing an effective cybersecurity strategy.