Contact Us

Firewalls

January 1st, 2023

by: Alexa Stram

Research Team

What is a Firewall?

A firewall is a network security system that monitors and controls the incoming and outgoing network traffic based on predetermined security rules. It acts as a barrier between a trusted network and an untrusted network. Firewalls can be hardware, software, or both. They are used to protect a network from unauthorized access and to prevent malicious traffic from entering the network. Some types of firewalls include Packet Filtering Firewalls, Circuit-Level Gateway Firewalls, Stateful Inspection Firewalls, Application-Level Gateway Firewalls (Proxy Firewalls), Next-Generation Firewall (NGFW), Software Firewall, Hardware Firewalls, and Cloud-Based Firewall.

Basic Firewall Security Do's

  • The default action of any firewall should be to implicitly deny any packets not explicitly allowed
  • Any packet entering the network that has a source address of an internal host should be denied
  • No traffic should be allowed to leave a network that does not have an internal source address
  • Use role-based access control (RBAC) for firewall admins
  • Require MFA and/or set a strong password policy (complex passwords with upper and lower case letters, special characters, and numbers, 12 characters or longer, prevent password reuse)
  • Review firewall and router configurations every six months

Firewall Security Don'ts:

  • Allowing ICMP and the firewall can be pinged (except monitoring)
  • Having unnecessary services available on the firewall
  • Having open TCP/UDP ports that aren't needed
  • The firewall returns Deny response rather than drop for the ports that are blocked
  • Misconfiguration that allows a TCP ping of internal hosts with Internet-routable IP addresses
  • Trust commonly blacklisted IP addresses

Common Firewall Security Vulnerabilities:

  • ICMP is allowed and the firewall can be pinged from all traffic
  • Having unnecessary services available on the firewall
  • Having open TCP/UDP ports that aren't needed
  • The firewall returns Deny response rather than drop for the ports that are blocked
  • Misconfiguration that allows a TCP ping of internal hosts with Internet-routable IP addresses
  • Trusting certain IP addresses
  • DDoS Attacks
  • Insider Attacks

Small Business Firewall Best Practices:

  • Change your passwords
  • Implement 2-factor authentication
  • Create strong passwords
  • Establish basic security practices and policies for employees, such as requiring strong passwords
  • Protect information, computers, and networks from cyber attacks
  • Provide firewall security for your Internet connection
  • Establish security practices and policies to protect sensitive information
  • Train employees in security principles
  • Establish a mobile device policy
  • Keep software up to date
  • Make backup copies of important business data and information
  • Control physical access to computers and network components
  • Create a disaster recovery plan