What’s in a Firewall?
Quite simply, a firewall is a hardware device or software solution that “walls off” traffic from coming in or going out of your network. Internet traffic runs over ports on your network. A standard firewall will close all of these ports except for ones that you commonly use, such as port 80 for your web browsing or port 443 for your secure web browsing. This prevents an attacker from coming in through a “back door” or another port on your Internet device that might be listening for commands.
I have a Firewall in my modem. That means I’m OK, right?
While most modems that connect your business to the Internet will include a built-in firewall to block ports, but I’m going to focus on “Next-Gen” firewalls. These are also referred to as UTM’s for Unified Threat Management. This is really what you want to be discussing when you’re talking about Firewalls in 2015. A UTM will not only act as a basic firewall to block ports or allow specific traffic through, it can also perform intrusion prevention, advanced threat protection, antivirus scanning, remote access and VPN capabilities, load balancing, bandwidth throttling, web and application filtering, data loss prevention, and even spam filtering in email. You usually have access to some robust reporting from the device to see just how your network is being utilized. Essentially, this becomes the security hub of your network, with one standard to apply across your environment.
Uhh… That’s all great, but I have no idea what you just said.
Ok. I just said a bunch of words that mean nothing to you. Let’s go through them one-by-one so you have a better understanding of why a UTM is good for your business. I talked about the basic function of a firewall above, and that’s covered in UTM.
Intrusion Prevention: Think of this as your “beat cop” for your network. The Intrusion Prevention System (IPS) is watching the network traffic, looking for patterns that are commonly associated with malicious activity. When it recognizes network traffic as suspicious activity, it can stop the network traffic and “drop” the communication on the network. It’s important to maintain your maintenance with the UTM vendor, as the Intrusion Prevention “patterns” are updated on a regular basis to take into account new threats and new ways of attacking your network. Just like your Antivirus needs to be updated, your IPS needs to be regularly updated.
Advanced Threat Protection: If IPS is your “beat cop” in your network, Advanced Threat Protection is your NORAD Command. ATP works with other systems in the UTM to oversee the “big picture” to track down advanced malware on your network, such as a botnet infestation. When you have members of a botnet in your network, not only are you participating in a malicious attack, your network resources are being drained by someone else that has control of your machines. Even Fortune 500 companies are at risk, and this problem will probably get worse before it gets any better.
Antivirus Scanning: As simple as it sounds, the UTM will scan traffic and block viruses before they come into your network. This is the added bonus to your personal antivirus application that you run on your individual machines, as this can stop an attack before it even gets into your network. Just like the IPS, the virus definitions need to be regularly updated, so it’s important to maintain your maintenance and support with the UTM vendor to keep your AV scanner working properly.
Remote Access and VPN Capabilities: A VPN is a Virtual Private Network. When you connect to your office network through a VPN, you are using a secure connection to communicate back and forth with your office network. It’s as if your device is actually inside the office and on the network in the office. With the UTM, you can get added security features like dual-factor authentication where you use two methods to authenticate your identity with the network. Usually, you provide a password that you know along with some rotating code provided by another device or application. You can also restrict how VPN users may access your internal network. Maybe you only want remote users to be able to access the printers, but you don’t want them to access your file share server. This is all managed within the VPN of the UTM.
Load Balancing: This feature would mainly be used for offices where you’re running multiple servers and you need to make sure that one server isn’t “hogging” the Internet connection, which would make it appear that one or more of your other servers are offline. You balance the Internet load between the servers that need access to the Internet. For most small businesses, this feature won’t necessarily apply, because your servers will probably be in the cloud.
Bandwidth Throttling: This feature comes in handy when you have an office full of Hulu and Netflix users. You pay for a fantastic Internet connection, but you can’t figure out why your speed tests never come close to what you’re supposed to be paying for. Have you looked at what your users are doing with your connection? Bandwidth throttling will allow you to “throttle” the connection to each connected device so that any one device isn’t pulling in more than their fair share. You can set rules up that allow specific users access with little limitation while other users may have limitations that allow them to do their job, but not much more. When you’re running a large business from a slower connection, this feature becomes critical to just stay online.
Web and Application Filtering: With this feature, you can have the UTM filter out all traffic from or for a specific application, a web site, or a category of web sites. Maybe you want to filter out all Facebook traffic. Maybe you just want to allow Facebook for your Social Media person, but nobody else in the office. This feature will allow you to do this and much more. You can filter out specific web sites and even categories of web sites (block all porn, weapons, and violence sites). When used in conjunction with a good Acceptable Use Policy, you can maintain control over what your users are doing on your network and receive feedback from the UTM when your team is not complying with your AUP.
Data Loss Prevention: This feature is useful when you want to make sure that your Intellectual Property isn’t being sent outside of your network. DLP scans for key data elements that you want to make sure stay in-house. If your key employee decides to send your latest product specs and client list to your biggest competitor, DLP blocks this communication. DLP works best when implemented with a solution on each individual device that prevents this same data from leaving your devices via portable storage devices.
Spam and Virus Filtering in Email: The UTM can provide added security to email communications by scanning for malware as well as blocking spam. Some UTM’s also allow you to setup encryption to send encrypted email between multiple branch offices. For the most part, you probably won’t be using these features as a small business, because your hosted email service will most likely take care of these features for you.
Reporting: Wouldn’t it be nice to get an executive report of what happened on your network, today? Most UTM’s will provide reporting that allows you to see how your network is being used. Whether it’s seeing a spike in HBO Go traffic or seeing excessive, unexplained connections to China, the ability to have real-time reports on how your network is being utilized will help you better understand where you may be at risk.
Those are all cool features, but we’re a small company and nobody knows about us to attack us.
Maybe nobody knows you now, and maybe hackers aren’t specifically targeting you. But do you have control over every web site your team is accessing? Do you know for sure where they’re going and can you be 100% sure that they aren’t visiting web sites with malicious code? And no, Mac users, you’re not magically safe because you run OS X. While a basic firewall will help to block non-common ports, I can install an application that will allow me to take over your machine and have access to your network, all via port 80 which is commonly not blocked by your firewall. Are you doing what you can to keep your network safe?
Our strong recommendation is that small businesses look into UTM solutions that will help keep their networks and data safe and protected. As always, it’s better to be safe than sorry, and a UTM is cheap insurance when it comes to the integrity of your company’s intellectual property, network, and data.
We love solutions from Sophos, and Tech Officers is also a re-seller of Sophos UTM’s. In most cases, we can meet or beat deals that you find online, so feel free to reach out to us if you have questions on a solution from Sophos.
Until next week, I’m wishing you a prosperous and productive week.