Are your firewalls ready for a security breach?
- Date: Jul 24, 2016
- Comments: no comments
- Categories: Blog
If you have a local network connected to the web, nasty people are going to attack it. It doesn't matter how minor a target you think you are; "security by obscurity" doesn't work.
A firewall is an essential component of a secure network. It reduces the number of attack routes, so you can focus on guarding the services that people in the outside world need. The basic rule is: If you don't need it, don't allow it.
A firewall can be a separate machine that stands between the Internet and your network, or it can consist of software that runs in the router. A separate firewall usually offers more configuration options. Either one guards the entrance, deciding which requests should go through.
Remember the Great Wall of China, though. It kept the Mongols out for centuries, but eventually they were able to go around it. If you let partners come in behind your firewall, and they don't have proper protection, you've left a hole open for a security breach. If you have highly sensitive data, you may need an additional firewall in front of the machines which manage it.
It's like a corporate office that has sensitive facilities. A security guard sits at the main entrance and checks people who come in, but the secure rooms have locks on the doors and perhaps another guard, one who's much fussier about who can get in. Similarly, a subnet that deals with HR records or patient data benefits from its own firewall. It's defense in depth.
Finally, individual desktop computers or servers can set up their own firewalls. These should keep out access which may be legitimate for the network as a whole but not for those machines. Most desktop machines, for instance, don't need to act as Web servers.
Configuring a network's firewalls requires someone with a strong understanding of network protocols and security issues. The setup needs to restrict access but not get in the way of legitimate operations. Please contact Smartweb to learn how our managed IT services minimize the chance of successful attacks.