Firewalls and why you need one
Today I heard about a hospital in California that was dealing with a ransomware cryptovirus. In case you don’t know, a cryptovirus encrypts everything on your computer and any shared drive you might have, then asks you to pay an astronomical fee to get it decrypted. Most of the time, even after the fee is paid, the drive is never decrypted.
These types of viruses are becoming more and more prevalent in our internet society today. If that hospital had invested in a decent email spam and virus firewall, that may never have happened.
A firewall protects your network, your computer, or your email from bad stuff getting in OR going out. They ensure safe, reliable transport of data. It can seem a little cumbersome at first but once in place firewalls do their job quietly in the background. Let’s take a look at some common uses of firewalls and how they should be implemented in your network.
This is usually posted at the gateway of your network. Your firewall is usually a part of your Internet service and can be a part of the modem that attaches to your network. In larger networks this is a standalone security appliance that is configured to handle the complex network traffic inbound and outbound from your network. Typical enterprise level firewalls include manufacturers such as Barracuda, Cisco, Juniper, Extreme, and SonicWall. These companies also offer a small to medium business appliance and I feel All networks should have a standalone appliance at the gateway of the network. Standalone firewalls serve multiple functions:
- Blocking unwanted traffic from entering the network: Blocking bad or virus traffic from exiting the network, typically as a result of an infected workstation or other device.
- Providing a virtual private network connection (vpn) into the network.
- Providing Network Address Translation so your servers and other publically accessible devices are not ‘seen’ on the Internet but your firewall provides the external face and hands the network traffic to your internal server after inspecting each and every packet.
- Providing Port Address Translation so services like remote desktop or other protocol based services can all be handled by the firewall and handed back to the device on the inside of your network.
I’ve seen some external firewalls configured to be the internal AND external gateway of the network but I advise against this configuration for many reasons that we can discuss in future blog posts.
A Workstation firewall is a software program that runs on your computer that allows or blocks traffic to and from your computer. Sometimes these can cause more problems than they solve by blocking services such as DNS, DHCP and other important network protocols until the firewall is configured to allow them. If you don’t have a standalone appliance at the gateway of your network I strongly recommend having your Workstation firewall on and active.
A workstation firewall acts like a Standalone network firewall by blocking unwanted traffic, maleficent intrusions, and other inbound traffic from penetrating further into the computer system. It is considered a software based firewall since it runs in the background on your computer and not on a standalone network appliance. It performs similar basic functions, but cannot be used for Network address translation, port address translation or VPN. Microsoft has an internal firewall that is usually on by default, however the default settings can cause issues when performing enterprise level administration like joining the computer to a domain, or even receiving a dhcp address. Ports must be opened on the computer to allow these protocols to interact, and Microsoft has created a private and public “profile” to allow different sorts of traffic into the workstation or laptop.
Spam and Virus firewall:
Many people misunderstand the function of a spam and virus firewall. When you have Antivirus or anti-spam software installed on your computer that does NOT necessarily mean you are completely protected from viruses. A virus or Trojan could still be sent to you through email and manually opened ( such was the case of the hospital mentioned at the beginning of this post) a spam and virus firewall blocks email from EVER REACHING YOUR EMAIL BOX since it scans each and every email for unwanted attachments. Lately, these devices and cloud based services contain a sandbox feature that will open attachments sent to your computer and detonate any executables contained within to make sure the attachment is safe before forwarding the message to you. I feel everyone should either have an appliance based spam and virus firewall or subscribe to one of the many cloud based services that feature this.
Understanding the differences in firewalls can ensure you never have to face a crypto or other type of virus and will protect your computer and network devices from unwanted malicious attacks and infections. As always pleaee visit canyonhorizon.com for more information regarding firewalls, their use within your network, and how to effectively incorporate them into your business or work process.