Firewalls: back to basics
As cybercriminals become smarter, the attacks they’ll unleash on your business will become more creative and wreak more serious damage. This means that your first line of technical defence – your firewall – needs to be of the highest possible standard, and ready to protect your network from incoming threats via the internet.
But, the fast-moving world of cybersecurity means that it’s not always easy to access both current and comprehensive information about protective technology, even for the most fundamental cybersecurity provision – firewalls.
Having a basic understanding of what a firewall is, when and where you need one, what it can (and can’t!) do and a whole host of other important factors ensures you’ll make informed, effective firewall decisions. In turn, you’ll have the peace of mind that your business is protected from internet-based threats.
This is why we created this Ultimate Guide to Firewalls – all you need to know, in one place. Let’s get stuck in.
What is a Firewall?
In a sentence, a firewall is a system designed to prevent unauthorised access and malicious activity from entering a private network via the internet. Businesses and individuals use them as a vital shield against disruptive and destructive viruses and other malware, and they’re a key component of effective cybersecurity infrastructure. (It’s worth noting that although they can prevent malware from entering your network, they CAN’T disarm it once it’s there).
Firewalls typically take one of the two following forms:
Host-based firewalls are installed on individual machines or servers. They protect their host machine only. Most Microsoft operating systems come with a firewall pre-installed – a common example of a host-based firewall in action. Many of today’s consumer antivirus packages are sold with built-in firewall protection but standalone host-based firewalls are available from third parties too.
Network-based firewalls are usually a combination of hardware and software, designed to help protect an entire network. Large businesses might have a separate network-based firewall, whereas smaller outfits typically lean toward an internet router with a built-in network-based firewall.
How do Firewalls work?
It might interest you to know that the name “firewall” isn’t as arbitrary as it may first appear.
In fact, how a firewall functions is akin to its physical equivalent in the world of construction – an actual “firewall” (or fire-resistant system if we’re keeping up with the current lingo).
Let’s compare. In a building, a firewall is a fire-resistant separation barrier that contains harmful fire and smoke from spreading throughout a physical environment. They’re essential to preserving infrastructure and protecting people, and often decide the difference between disaster and continued trading. They’re non-negotiable for modern businesses.
Digital firewalls behave much in the same way, separating networks to prevent malicious traffic from accessing and unleashing havoc on your IT environment. As with physical firewalls, digital firewalls keep your business safe from threats that can rapidly spiral out of control and cause some seriously expensive damage or loss.
Now, analogies aside. At present, a typical firewall works by filtering malicious traffic using a set of rules called the “access control list”. These rules act as a directory of no-go activity, websites and users and both allow and deny permissions to keep your network and business safe. The access control list essentially blocks unwanted or dangerous traffic while controlling which machines can see beyond the network.
A typical access control list is based on several specific parameters including:
- IP addresses – A unique code that identifies a device on a network.
- Domain names – Unique identifiers for each website on the web. E.g k3starcom.k3btg.com
- Programmes – Software installed on a machine
- Port numbers – A 16-bit ranging from 0 to 65535
- Keywords – Words or phrases contained in the webpage of the domain you wish to block
As cyberthreats develop, the cybersecurity technology required to intercept them will also become more intelligent. Although access control lists are today’s norm, firewalls are evolving to separate traffic based on patterns and behaviours in addition to obeying the trusted access control list. Just speak to a managed service provider to find out how to best protect your network both now, and in the future.
When are Firewalls required?
Asking a cybersecurity question can often lead to a complicated answer – but not in this case! When are firewalls required? Any time you’re connected to the internet. A firewall plays a fundamental role in combatting the hoards of malicious bugs, bots, hackers and malware that are relentlessly attempting to breach your network and gain access to your systems.
Of course, internet connectivity is non-negotiable in our digital age but with the right technology, there’s no need to panic about being compromised. If you’re a personal internet user – perhaps working from home or using a personal device while on the road – you’re likely already to be sufficiently protected by built-in firewalls in your devices and internet routers.
Businesses, however, must take further steps to avert potential disaster. A compromised network can be an inroad to your sensitive data, business critical applications and finances, there can be dire consequences for your brand, profits and stability should you not have a firewall. Find out just how quickly a firewall breach can escalate here.
How do Firewalls support the security of a network?
We’ve mentioned that firewalls are your first line of cybersecurity defence – the fundamental barrier preventing malicious activity from infecting your network. But what sort of activity are we referencing here? To demonstrate what can happen when a firewall is absent or ineffective, we decided to undertake a test.
We set up a fake website with no web application firewall protection (we DON’T recommend that you try this yourselves – our cybersecurity experts handled this in its entirety), to see what kind of attention it received from black hats. Find out what a black hat is here.
Within 12 hours of being live, the site received its first brute-force login attempt. In the following 25 minutes, there were over 8,400 similar attempts to hack into the website. It took 12 hours for hackers to find our dummy site and attempt to compromise it an eye-watering 10,000 times in just 25 minutes. If you’re wondering, that’s an average of 336 hack attempts per minute!
Malicious login attempts are a perfect example of the top-line threat that firewalls intercept and protect your business against. If a website that’s only been online for several hours can be targeted with such ferocity and frequency, just imagine what kind of threat that a well-established network will be facing.
What Firewalls can and cannot do.
With so many different firewalls available to you, the precise details of what firewalls can and can’t do are inconclusive. However in general, it is safe to assume that:
|Firewalls can:||Firewalls can’t:|
|Prevent unauthorised access to your network||Protect your network from Malware.*|
|Hide and protect your internal network addresses||Protect users from SPAM|
|Report on threats and activity||Stop Phishing attacks|
|Control some employee behaviours||Stop a hacker from physically accessing your network|
|–||Prevent all Ddos attacks|
*The Sonicwall products we recommend can actually protect networks from Malware. For example, Sonicwall CAPTCHA can stop a corrupt file from communicating with a network and may even block the file entirely. Contact us for more information.
Can Firewalls be hacked or breached?
The bad news is that yes, a firewall can be hacked or breached. Even though firewalls are becoming more robust, resilient and intelligent, cybercriminals are working in tandem to find covert ways to breach your network and access all the valuables it contains. At present, the most common types of firewall breaches are:
Bypassing the perimeter – connecting to an internal user via email and coaxing them to a malicious webpage.
SQL injections – if your company website or applications are poorly coded, a hacker may be able to breach login screens and take control of a database without hitting your firewall.
Social Engineering – None of us think we’d fall for it, but if a hacker disguises themselves behind a seemingly legitimate email address – such as that of a CEO- who’s to say how you’d respond. Read more about social engineering here.
Physical access to server – Protecting your network isn’t always through digital means. A hacker could physically access your server room, bypassing your firewall.
Out of date or misconfigured firewalls – It goes without saying, if your firewall is misconfigured or out of date, it could potentially have holes and weak spots for black hats to penetrate.
Get your risk score in 5 minutes with our free Cybersecurity Scorecard
Where should Firewalls be placed in a network?
Without exception, a firewall should be placed at the border of your network. As a rule of thumb, all of the devices belonging to your business – such as desktop PCs, laptops, mobile devices and smart devices – sit on one side of the firewall, with the internet on the other side.
For more technical advice on network topology, contact us here.
Who makes Firewalls?
There are many third-party firewall vendors out there and finding the right fit for your business can be tricky. K3 is proud to partner with SonicWall for powerful firewall technology that intercepts and blocks a wide range of dangerous cyberthreats. SonicWall’s scalable, cutting-edge products leverage the power of cloud technology and can be customised to networks of all sizes. Get in touch for help finding the right firewall for your business.
Are Firewalls free?
Some are essentially free, yes, but this applies to the realm of personal internet use and shouldn’t be used as the default for business internet use of any kind. For example, network routers typically have a built-in firewall capabilities and host-based firewalls are often pre-installed on machines and devices (e.g., Windows 10 firewall).
Businesses should invest in an enterprise-grade firewall that’s configured to their requirements. The alternative is operating with severe known business risk that can result in your business being non-operational, having its data held hostage or its cash stolen. With advanced firewalls available that are tailored to your business’ needs and budget, with tiered monthly plans and no upfront cost, there’s an option for everybody.
We also recommend using a firewall managed service as an alternative to installation only. This way, you can benefit from the precision that comes with specialist knowledge and have peace of mind that nothing will slip the net thanks to continual monitoring.
For information about how K3 can help you select a firewall and more about our service powered by SonicWall, click here.
For more great free cybersecurity resources, visit our Security Surgery.
Or to chat with one of our advisors, contact us via email or call us on 0844 579 0800