Establishing a secure internet environment for your business can involve a lot of interlacing tools and software, and it does require a solid understanding of how cyber security works.
There are many different types of threats, so your business needs to have a diversified strategy in order to protect against as many of them as possible. Using anti-virus software is probably the most well-known method of protection but it should only form one part of the defence. To protect your data, your clients and your finances, you should know what do firewalls do for your business’ cyber security.
Firewalls form a very important part of a cyber security plan. Most personal home networks don’t require a firewall, but they are essential for businesses. This article is going to cover what firewalls are, what they do and how they work. It’s also important to know that there are threats that firewalls cannot protect against and which cyber security solutions you should use to round out your protective capabilities.
What Is a Firewall
Historically, firewalls were walls in buildings and cars that were specifically built to withstand fire and slow down the spread of the damage. Still in use today, firewalls provide a strong layer of protection between occupants and external threats. The world of technology has borrowed the term to describe a protective layer of technology that defends networks from digital external threats and unauthorised access. In this case, a firewall can be software-based or hardware-based and can be configured to provide varying and even conditional levels of access. A hardware firewall is likely the best solution for a commercial operation, but we will also cover why software-based firewalls may have a role to play.
What Do Firewalls Do
Firewalls provide a protective layer between your internal networks and data and the open internet. A firewall can be configured to perform specific security policies and defend gateways (the spaces where internet traffic must be received into your network).
Hardware-based firewalls are completely separate from the computers they are designed to protect, so offer the highest level of protection. The level of security a firewall can offer can be very high – in fact you can elect to close the firewall completely so that no information can come through at all. There may be little use for a closed network in general, but it may be useful to have the option if serious threats are registered. Typically, though, firewalls are set to allow certain types of information while working hard to block malicious data. Firewalls can also hide your internal network addresses which makes it more difficult for bad actors to target.
Software-based firewalls can also be used to block staff access to inappropriate websites. This can protect against known problematic sites but also can deter timewasting and inappropriate behaviour. One benefit software-based firewalls have over hardware-based is the ability to monitor outward bound traffic that originates from within the network. If a virus or malware has successfully made it onto the network, it may attempt to send sensitive data out or co-opt the device’s computing power to mine cryptocurrency or form part of a DDOS attack on another network. A software-based firewall can block this type of activity and stop it from reaching the internet, while alerting the IT department to the issue.
How Do Firewalls Work
Firewalls work by inserting themselves between networked devices and the internet, and then monitoring the information that passes through it. There are two basic types of firewall. A hardware-based firewall can protect many computers but can only monitor incoming data. A software-based firewall will only protect the device on which it’s downloaded but can monitor data originating from inside the network. Many small businesses choose to use a combination of both types for comprehensive protection. Here’s a general outline of what do firewalls do when they are in action in your workplace.
The IT department will outline rules that the firewall uses to deflect intrusions and attacks. The rules may limit the amount of traffic that can enter the network, or close down unused entry points if they are tested by external actors looking for a weakness. Here’s the process enacted by the firewall to protect the business network.
All data that is sent online travels in small groups called packets. These packets of data also carry information about the place it came from and where it’s going. The firewall will read the data in the packet and if the originating address is red-flagged (such as a known spammer or illegal site), the packet will not be allowed through to the network.
In addition to the firewall itself, a proxy file server can be established on the internet-facing side of the firewall. The proxy server will inspect the packets with the same rule as the firewall and allow or disallow packets through to the network. If the proxy is fooled and allows a damaging packet of data through it will be infected, saving the firewall and the network from damage.
State inspection is an advanced type of packet filtering. The firewall will inspect portions of the data instead of every part of every packet. The data must match stored examples of previously identified safe data. If the new information matches previously allowed data signatures it will progress through to the network. As with traditional packet filtering, disallowed packets are discarded and cannot reach the network.
Alerts and Records
The firewall can send alerts to the IT team or to end users if an attack is detected and stopped. These alerts can happen in real time, which allows cyber security protocols to be enacted quickly. The firewall also records all the information that passes through it, which creates a helpful record for the IT team to use for various improvement purposes.
Firewalls Don’t Protect Against All Threats
We discussed what do firewalls do, but there are some types of threats that firewalls are not designed to counter. Anti-virus software should always be kept up to date on all devices in order to prevent or highlight any issues. Firewalls are not able to stop the following issues from happening so it’s important to be aware of them and have other protective measures in place.
Viruses and Malware
Viruses can gain access to your network through infected files and many other means. Some act quickly and make their presence known while others can lay dormant for some time, silently collecting data to send to hackers or competitors. Viruses and malware can make infected devices run slowly or may lock users out completely – the latter often comes with a ransom note demanding payment for return of access.
Many files and applications have short lines of code embedded that make them easier and more efficient to use. These macros are very useful in business settings but can easily be manipulated to become malicious. The macros slip past detection protocols and can set off a chain reaction that leads to loss of data or other unenviable outcomes.
Distributed Denial of Service (DDOS)
Denial of service (DDOS) attacks are highly coordinated, targeted attacks on a specific target. It involves many computers requesting to access a single server at the same time. When the server responds and attempts to establish a session the other party disappears (Similar to a prank phone call where the caller hangs up as soon as the person answers). When these requests are made quickly and relentlessly the target servers become overwhelmed and crash. The attacks can be organised through volunteers working on individual devices but it’s more likely to be the work of thousands of hijacked computers or Internet of Things-connected devices, known as a botnet.
Email Session Hijacking
Spam emails are often identified by the servers they are sent from. If hackers can access your email SMTP server, they can send spam to your contacts and others. The emails are more likely to avoid spam filters as they come from a legitimate server, and recipients may be more likely to trust them because they come from a reliable source. Unfortunately, this can do a lot of damage to a business’ reputation, makes the real source of the spam difficult to detect and be troublesome to correct.
Bad actors sometimes impersonate legitimate company emails in an attempt to trick recipients. If an email looks trustworthy the links may be followed without question. Sadly, these links direct users to fraudulent websites where malware is often downloaded, or login data is stolen. Phishing emails can also be a problem if a business’ email server has been hacked as above. Sensitive or confidential information may be shared, for example. There have also been cases of money transfers being requested by hacked accounts which has led to significant financial losses for businesses.
How to Complement a Firewall
Firewalls are an indispensable part of your cyber security protocol, but they shouldn’t be your only defence. There is an ongoing race between security experts and hackers, and there is no end in sight. Do not trust that your current firewall is impenetrable. There are additional steps you should take to round out your protective behaviours for your business networks.
Because many malicious infiltrations happen via email, often the best defence you have is your staff. Train them regularly on how to identify spam and fraudulent phishing emails, and what to do if they receive one. Develop a culture of cyber security at all levels of the business by talking about it regularly and rewarding those who act to protect the business.
Work with your IT support team to establish the most effective type of anti-virus software. Ensure that it is updated automatically, as new threats are identified frequently. The software should be installed on every staff computer. Mobile devices can also be protected in this way.
Software and applications release updates when bugs and security loopholes are identified. If you choose not to update your software, you leave known holes in your security that hackers will be seeking to exploit. It’s recommended that software and applications should update automatically on all staff devices.
Unified Threat Management (UTM) Devices
A Unified Threat Management (UTM) device may offer a more comprehensive cyber security package if you are unfamiliar with the individual components or do not have access to local IT experts. A UTM device will have a firewall, VPN, anti-virus and intrusion detection and prevention programs included. More advanced models may include web filtering and other specific protective programs like spyware detection or spam filters.
Firewalls are very effective and can be tailored to provide bespoke protection for your business. Protecting your networks from unauthorised access is one of the most powerful and efficient ways to provide cyber security for your business. When used in conjunction with a cyber security strategy that includes anti-virus software and staff training it forms a powerful defence against hackers and malicious actors.
About Mustard IT, your security partner
Mustard IT is a trusted team, experienced in security and able to explain complex issues to you in a language you’ll understand. Contact us today to find out how we can help you.