As an outsource security partner BAI provides managed security, managed firewall, managed ids, content filtering, internet security, network security, penetration testing, and vulnerability testing.

In many successful companies today, information security is becoming a high priority.  One of the hot topics and a device that everyone seems to associate as the single most important element in securing the environment is the firewall.  The firewall is that magic box that separates your production systems from the anonymous outside world of the Internet.  It is true that the firewall can be considered the cornerstone of a secured environment.  However, simply having any firewall in place certainly does not constitute a secured environment.

First, let’s discuss the broad term “firewall” itself.  There are presently a myriad of devices today being described as firewalls.  Simply stated, you can classify firewalls in three categories:

Basic Filtering / Proxy Devices:  These devices provide the most basic and cost-effective solutions for businesses or home users with a very limited security budget.  They should only be used in situations where there is only outbound traffic and very limited or no traffic inbound to the production network.  This is because these devices do little or nothing to monitor the traffic that does pass through them.

Small-office Firewalls:  These devices are the fastest growing segment of the firewall market.  Many companies are producing these new small-office or midrange firewall devices.  The main emphasis here is a firewall device that businesses can afford, while achieving a higher level of protection when allowing some traffic to pass into the production environment.  They have some form of built-in reporting and some even have a form of alerting for various security events.  Unfortunately, these devices offer very little in terms of additional monitoring (inspection) of the traffic that is allowed to pass through them and therefore are still vulnerable to several popular types of attacks.

Enterprise Firewalls:  Enterprise firewalls are designed with large-business needs in mind.  They offer extensive management and reporting capabilities, as well as incorporate more sophisticated inspection of both outbound and inbound traffic.  Even when traffic is allowed to pass through the firewall and into the production environment the firewall inspects the contents of each communication and ensures the traffic is what it appears to be.  This additional inspection provides a very significant advantage over the small-office firewall and can even prevent many common security threats.

One misconception today is that most firewalls are created equal and many IT managers often do not know about or understand the differences between small-office and enterprise firewall technologies.   It is this misconception that can create unknown risks for companies who believe their firewall is sufficient.  Hackers can take advantage of the lack of inspection by small-office firewalls and in some cases circumvent the firewall all together by imbedding malicious code within what appears to be normal network traffic.    Several vendors like Checkpoint, which currently has about a 65% market share, are now incorporating their inspection technology into home and remote/small office firewalls at very competitive prices.

One of the most serious problems today with firewall implementations is the fact that a very high percentage of firewalls are actually improperly configured.   These issues range from poor use of configuration standards to not blocking unnecessary traffic that can and do lead to actual intrusions.  Poor setup and configuration, as well as little or no monitoring resources from within the technology group are some of the most common causes for denial of service attacks and successful intrusion attempts.

Even with a properly configured and monitored firewall device that provides inspection technology, IT managers and alike have to realize that even then their security posture may be suspect.  If the servers that are accessed through the firewall by Internet users are not administered properly with current security fixes and patches, the entire environment is still vulnerable.  Because of the difficulty in staying current with all of the new security updates to web, email, database, and other servers many companies need to look to Intrusion Detection Systems (IDS) to identify when intruders are trying to take advantage of server vulnerabilities.  IDS technology can identify many types of malicious activity that take advantage of security flaws and reduce the risks of not having the latest patches applied.

As you can see, simply having some kind of firewall device in place definitely does not constitute a secured environment.  All companies should be consulting with either internal or outside security experts about the risks of their firewall selection and administration, perform regularly scheduled penetration testing audits, and/or consider Managed Security Service Providers (MSSP) before they really feel a sense of confidence with their security protection.