What firewalls do and what they don’t do

Over the last few years, security threats to companies have grown and altered dramatically and so have the defences.

Traditional firewalls, installed over three years ago, often don’t protect against a number of newer threats.

A firewall is a system designed to prevent unauthorised access to, or from, a private computer network.

All messages passing through the firewall are examined and blocked if they fail to meet the specified security criteria. One of the most important elements of a firewall is this access control feature, which distinguishes between good and bad traffic.

In the real world, threats have changed over the years and firewalls have had to evolve to deal with them.

Even with a firewall, however, there are still many areas of risk for the network.

The most obvious is malware. Malware includes viruses, trojan horses, worms, spyware, adware, phishing and pharming. It is most commonly acquired through clicking on email attachments and email links.

Viruses, trojans and worms can cause a range of symptoms from the embarrassing to the much more serious, which can all affect the functioning of a business.

Spyware and adware gathers information: It can record keystrokes and, as such, has the potential to be very dangerous, revealing everything a person does on their computer.

Another well-known threat, not covered by the firewall, is SPAM. Dealing with SPAM can seriously affect productivity and, as SPAM often contains viruses and phishing emails, it is also a direct security threat.

“Traditional firewalls, installed over three years ago, often don't protect against a number of newer threats

Phishing is about fake emails trying to extract sensitive information, such as bank passwords or credit card details. A variation of this is pharming, where the criminal sets up a fake web site, typically a banking site. Once details are entered, the criminal is able to plunder the victims account.

Internet users can actually acquire malware by simply browsing web sites. This is a rapidly growing threat and some of the malware is used to create Botnets. Some security applications have a facility which protects against web sites containing malware.

Another danger to the network is from distributed denial of service (DDoS) attacks. This is a malicious attempt to overwhelm an organisations Internet based systems by flooding them with emails. Specific DDoS software can guard against this threat.

Other dangers include unauthorised access: The way to deal with this is to have proper authentication procedures in place, for both local and remote access. In many cases passwords are not enough.

Further potential problems are from data theft or leakage, for example when a laptop is stolen. The answer here is to encrypt all sensitive data and train staff appropriately.

Finally all wireless use is risky and requires a specific wireless firewall, and wireless VPN for remote access.

A firewall is no longer enough to protect a company network. Other security solutions to combat the threats outlined above are also necessary, as well as proper staff training.

Wick Hill is exhibiting at Infosecurity Europe 2008, 22nd – 24th April 2008, Grand Hall, Olympia. www.infosec.co.uk