TECHNOLOGY

August 21, 2018,Posted by: V

Data Security - Part 7 - The Great Firewalls!

This is the seventh of a series of articles on data security. Here we need to understand that firewalls are great, but how can they be implemented correctly and what are the best practices for both business and individuals!

THE GREAT FIREWALL(S)!


Data Security - The Great Firewalls!

Firewalls have played THE most crucial part protecting network and data for a long time. However, most organizations, even technology companies, have very lax or no standard policies on firewalls, it’s rules and their implementation.
The policies and procedure document mentioned earlier should have a section on firewalls. Proper professional planning on firewalls and implementation is the most crucial “lock” that can be employed to secure your network and the crucial data.
Firewall rules by default should lock everything, including all ports, port forwarding etc. and open only those limited ports that are a must to run the business or the organization. No port or access should be open, just because it can be “helpful” or “maybe” required.
Firmware and software of the firewalls should always be updated to the latest version available. It is recommended to get firewalls with subscription services, even though this adds a recurring fee, to ensure ongoing protection from any new and latest threats.
At least once a year all the firewall rules should be noted, wiped out and re-implemented based on the then current requirements. This is required, because over a period of time, new rules are added without old ones being disabled or removed.
I have seen many a firewall with enabled old antiquated rules enabled that made the entire network highly vulnerable. The idea is to completely wipe out all existing rules and repost as required. Backing up the current rules and restoring on the same or newer firewall cannot be more worse than not having a firewall at all!
If possible, replace the firewall every year or at least once in two years. Before the old one is discarded, factory reset the device, wipe everything out and preferably physically destroy the device.
Alerts and warnings from the firewalls should be monitored closely and acted upon immediately.
Do the same with the software firewall built-in the computer operating systems like Windows. Always enable and use the computers firewalls, including desktops and servers. Use the above logic and process for the servers’ firewall rules on port opening and forwarding.



DOUBLE WALLED, RATHER DOUBLE FIREWALLED


Most businesses and organizations consider that having a good firewall to the outside world and some internal security is sufficient protection of their network and sensitive data. However, just relying on an external barrier is not sufficient protection against attacks. Once any cyber-criminal gains access to the network, then everything is wide open to plunder. Internal security, network segregation and other defenses are equally important.
Firewall to outside world is an absolute must. A robust hardware firewall with minimal ports opened and forwarded helps build a strong defense.
However, most businesses and organizations fail to realize that once an attacker gains entry to the network, they can easily navigate anywhere to access any or all data and encrypt the drives with crypto virus.
Best practice is to consider the internal users as if they are always accessing from outside. This is much more valid these days with a large percentage of user base being remote. Segregate and isolate internal networks between different departments. For example, finance and QA or development should be isolated from each other.
VPN should be mandatory for any remote user connecting back to the company’s network. However, the VPN network inside the organization itself needs to be and should be isolated from the internal networks with a barrier of its own. This will minimize risk once someone gains entry to the internal network via VPN.
You don’t need to buy so many hardware firewalls. There are quite a few good devices that offer virtual firewalls, just like virtual machines on one server.
Next very important is to firewall and separate the servers from user devices. Consider the users to be remote to the servers and allow access to specific ports and programs only as needed.
Even the internal wireless or Wi-Fi networks should be on their own subnet and tightly controlled.
Firewalls can be application based and/or server and role based. For example, hardware (virtual and physical) firewall (FW) as well as the Operating Systems’ own FW between application and data servers secures the data servers extremely well.
Another option is to separate the networks based on roles – production, training, business users (BU), finance, HR etc.



HOME USERS


Home users have variety of equipment that is connected to the same router / firewall. The devices range from smartphones, laptops to cameras, door locks, garage door openers etc. While higher end devices like smartphone and computers are usually more secure, the other devices may be more vulnerable to attacks. An entry point from a WiFi wireless connected camera can get to the network and easily access the computer data.
Most individuals do not know that they can split their main network into multiple subnets for different purposes or family members. The primary router/firewall can be used for the main/adult computers and additional router/firewalls can be connected off of the primary network to be exclusively and separately used for kids, TVs, other devices like cameras, door openers etc. This will isolate each type of usage whereby a breach in one place will still keep the primary core data on the main computers safe.



Upcoming


Encryption


- V



When you get tired of all this data security and work, you may want to shop. Why not get paid to shop? EBates is the way to go. Click here or this button, to sign up at Ebates.

Ebates Coupons and Cash Back

Check out what United Vacations has to offer you. Lowest airfares on United Airlines + great hotel deals.

BLOGS

  • Go To Home Page For Other Blogs
  • MY BLOGGERS BLOG

    There was no easy way to manage our own blogs and publish them. Every publishing site has their own process which they randomly change.

    Every portal has their own algorithm to control users' articles and blogs their own way. This here, allows us to have more control on our own material.

    WHAT WAS THAT?

    CONNECT WITH US @....