3 Firewall Challenges That Can Leave Your SMB Unprotected
October 11, 2017
A few years ago, there was a statistic floating around the internet about how quickly hackers could find unprotected computers. That number, between 6-10 minutes, was used to scare individuals into using firewalls and other security tools. Today, the time it takes hackers to find unsecured businesses isn’t all that different. Hackers can still detect and gain access to unprotected systems in under an hour.
In part, that’s because just like businesses, hackers are using automated tools to do the grunt work. These tools, called sniffers, are nothing more than bots that cruise around the internet looking for a computer that’s unprotected or poorly secured. When one is found, the controlling criminal is alerted and they go to work breaching the system. Sobering thought, isn’t it?
Even more frightening is that many of the SMBs breached think they are secure because they use firewalls. But having a firewall isn’t enough. Businesses need to also understand how the firewall works and ensure that it is properly configured to protect the business.
Software Versus Hardware Firewalls
One confusing factor of using firewalls is that there are both software firewalls and hardware firewalls but they not technically the same. A software firewall is a piece of software that resides on a computer or server and protects individual machines against harmful traffic. Unfortunately, many SMBs rely on software firewalls to protect their assets. The problem is, when multiple computers or a network needs to be protected, software firewalls are difficult to use and not always reliable.
Hardware firewalls are an alternative to software firewalls and are used in situations where there is a network of and several machines to protect. The firewall appliance is connected to the network and all network traffic is routed through the device which allows or disallows the traffic based on rules set by the user. The next challenge becomes apparent when it’s time to set those rules.
Configuration—the rules that govern how a firewall blocks and allows traffic—is one of the biggest problems with both hardware and software firewalls. A common mistake made by SMBs installing a firewall without the help of an experienced professional is leaving the settings for the firewall in the default, out-of-the-box configuration. Criminals know what these configurations are and will exploit them. Sending a sniffer across the web to find misconfigured firewalls is easy. The problem is so prevalent that Gartner Research estimates that 99 percent of all firewall breaches through 2020 will be caused by misconfiguration.
Some of the settings that aren’t changed, or that are not set correctly include:
- Broad policy configurations. When putting a firewall into place, one of the most common mistakes is to set policies to broad approvals intending to narrow them over time. But SMB IT staff are busy, and what usually happens is that the broad permissions are never retracted. A safer way to configure the firewall is to narrow permissions from the start, called the principle of least privilege, and then widen those permissions as necessary.
- Unconfigured port restrictions. Firewalls have numerous ports that are open all the time. This means that traffic can flow through those ports without restriction and criminals know that. They look for these open ports and use them as a way into your network. Once there, they have access to everything on your network. Firewall administrators should ensure that any of these open ports that aren’t required are disabled. For those that are required, protection should be put in place to monitor the traffic that flows through them.
- Firewalls that aren’t monitored. Putting a firewall in place and not monitoring it is like mixing a cake but not putting it in the oven. The job is only half done. Firewall monitoring enables features like alerting for unusual traffic or potential cyberattacks. As soon as something out of the ordinary happens, administrators are altered so they can verify the attempt was blocked and determine what next steps are. If something made it past the firewall, alerts reduce the time to response.
Finding the Right Firewall
Choosing a firewall can be a maddening process. Features vary with each different model of the appliance, and some are more effective than others. When looking for the right firewall, SMBs should first take their business needs into consideration. For most SMBs, a next generation firewall (NGFW) appliance is the best option. NGFWs include advanced features such as web and spam filtering, built-in antivirus, and encryption.
Firewalls are foundational to SMB security, however, a firewall that’s not sufficient to protect your network, or that’s poorly configured can be as dangerous as not having one. Take the time to ensure that your business is properly protected with the right firewall and that it is configured properly.
If you aren’t sure about your existing firewall or if you’re ready to upgrade your business’s security contact Advanced Network Solutions. Our professional IT staff is ready to answer your questions and help you find the right firewall solution.