Firewall configuration

Don't let poor firewall configuration bring your business down, Omni Cyber Security can help! Had a quote already? Use our quote beater.

Firewall Configuration

Firewalls are network security devices (software or hardware) that are essentially a barrier that sits between your devices and the internet, or other external sources of data. Firewalls form an essential part of any company’s cybersecurity architecture, overseeing the safety of outgoing and incoming network traffic. Based on the security rules or configuration in place, the firewall either blocks or permits data packets travelling between the internet and your business’s network and computers. A correctly configured firewall will help block malicious traffic, such as viruses, malware, unauthorised access through remote logins, spam, and other malicious traffic such as e-mail bombs. The configuration of a firewall will set the rules in place for what can come into or leave your network. At the opposite ends of the scale, a firewall can be configured to let everything through or it can be configured to only let, for example, e-mails, to be sent and received.

Why have a server firewall?

A firewall is an integral part of an organisation’s cybersecurity strategy. When combined with other security measures, it can be highly effective. Your firewall can have its own distinct set of rules for outgoing and incoming server traffic. Outgoing rules are equally important to incoming rules. This is because if the server has been compromised by a cybercriminal, then the outgoing firewall rules can stop unwanted outgoing communication.

How do firewalls work

Firewalls work by assessing the incoming traffic based upon a predetermined set of rules. The firewall filters traffic from suspicious or unsecured sources, and this sits at the traffic entry point of a computer or laptop. These entry points are known as ports. It is at the ports where data from external devices is exchanged. Under this scenario, there are three elements of the system that should be understood: Source IP address - this identifies where the data is coming from Destination IP address - this identifies the device where the data is going to Port - this is where within the device the data is going to Only data from trusted sources can enter the destination (the IP address of the computer) and the trusted sources are then filtered further. This layer of filtering ensures that the data from the trusted source can only enter the assigned port or application.

What are the different types of firewall?

There are five types of firewall with different functions and scope. The types of firewall include: Packet-filtering firewalls Proxy firewalls Next-generation firewalls (NGFW) Network address translation firewalls (NAT) Stateful multilayer inspection firewalls (SMLI) Packet-filtering firewalls are the most common type of firewall, although they only offer very limited protection against cyber attacks and unauthorised access. Packet filtering firewalls examine each packet of incoming data and only allows them through if they match an established security rule. Data packets include a header, which includes the source and destination IP address, and the data, which is also referred to as the payload. This type of firewall will check the IP addresses of the source and destination, and if these match the security rule, then the packet is allowed through. There are two types of packet-filtering firewalls: Stateless firewalls - these assess packets of data independently from each other, checking the packet header, which alone lacks context and hence is less secure than stateful firewalls Stateful firewalls - these remember information about previously permitted packets to improve the level of protection and security The downside of stateless firewalls and stateful firewalls is that they cannot determine if the content being sent will adversely affect the application that it is going to. In essence, they can not determine the function of the data packet. Without being able to determine the function of the packet, packet-filtering firewalls will not be able to recognise a malicious request or a malicious action, if it comes from a trusted source. Proxy firewalls or application firewalls assess and filter traffic at the application level. A proxy firewall is an intermediary firewall that sits between two end systems. The firewall will evaluate the packet and then it will either be blocked or permitted. This function is known as deep packet inspection (DPI) or Layer 7 inspection and it looks at the data within the packet, as opposed to just the header or name of the packet. Next-generation firewalls (NGFW) have additional technology called deep packet inspection, that proxy firewalls and packet-filtering firewalls do not have. Next-generation firewalls can perform encrypted traffic inspection, anti-virus functions, and include intrusion prevention systems. Network address translation firewalls (NAT) work to keep individual IP addresses hidden, so that attackers can not capture specific or individual details, that can be used to attack individual IP addresses. Network address translation firewalls are similar to proxy firewalls but act as a barrier between outside traffic and a set of computers or devices within a network. Stateful multilayer inspection firewalls (SMLI) compare packets against known trusted packets at the network, application, and transport layers. Stateful multilayer inspection firewalls examine the whole packet and then pass each layer individually. They can determine the state of the communication to make sure that communications can only occur with trusted sources.

A firewall can be a piece of software or a piece of hardware, such as a router, that prevents unauthorised access to or from a private network. The most secure firewall configuration standards will include both:

  • Firewall software – this is a program that is installed on a computer and it regulates traffic through applications and port numbers
  • Firewall hardware – this is a physical piece of equipment that sits between your network and the gateway to the internet

In order to review your firewall configuration, you are best to employ a cybersecurity company that can conduct a security audit health check. A firewall configuration review will ensure that your business follows the best practices.

It is essential to review your firewall because improperly configured firewalls can have rules that conflict with each other. If this conflict exists, then parts of your network can slow down. On other parts of your network, the firewall could fail, leaving it exposed to cyber attacks and hackers.

A cybersecurity company can check your firewall configuration to identify any weaknesses or unnecessary exposure. They can make firewall configuration recommendations that will help to improve your cybersecurity. They will verify that the rules match the business’s policies and requirements, identify firewall rules that can be optimised or removed, and check the firewall operating system version for known vulnerabilities.

A firewall configuration is the set of rules that are followed to permit or deny packets of data in or out of the network or computer system The configuration of firewalls allow firewall filters to be added or removed, to cater to the security and operational needs of a company or organisation.

Firewall filters and rules can be configured to block packets of information for different reasons. They could, for example, block packets that contain a certain word or phrase, such as x-rated.

Firewall configuration best practices

Firewall configuration best practices include using internal firewalls in addition to your perimeter firewall. Your perimeter firewall only protects your systems from attacks or malicious activity, that originates from the outside. Internal firewalls offer a degree of protection against insider attacks and protect individual assets in the network. This makes it much harder for an attacker to move from one system to another and this gives you more time to respond to an attack. You should employ a cybersecurity management company who will check for regular security updates to firewall software. Just like any other software, firewall software can have vulnerabilities. The firewall software creators will provide updates, called patches, to remove these vulnerabilities as they are discovered. However, they have to be applied, so simply downloading a patch does not necessarily put it into action.

Would you like to learn more?

Drop us a line to find out more about how OmniCyber Security can help your company remain secure.