A lot of home networks use a simple wireless access point-slash-firewall-slash-router from their ISP or from their local Big Box store. Once it’s working, it’s “set it & forget it.” Maybe you hand out the simple wireless password to friends and guests? Undoubtedly you’ll never change it since it’s just too painful to change every laptop, every cellphone, the wireless printer, the Alexa devices, the Chromecasts and Rokus, the Ring door devices, … yeah. The entire home network is one accidental visit to hackme.com away from disaster.
Not surprisingly, a lot of businesses operate precisely the same way.
At simple level, a firewall prevents inbound traffic that you haven’t invited in. That sounds innocuous enough, but “It’s complicated…” If you visit your favorite news site on a web browser, undoubtedly that page directs the browser to pull ads as well that come from other sites. When you click a link in an unscrupulous email, you potentially invite a problem in. You can also allow a problem child or an infected device onto your network unwittingly. In general, a firewall doesn’t prevent any of the above, but it can help against the general frontal assault, and it can help in preventing the spread of damage between compromised systems inside your wall.
So, how do we ensure a firewall is up to snuff?
- Routinely check the rules and test their function. Annotate the rules if possible — who made the change when and why. Keep documentation, however simple, about changes you make. Periodically ask if the rules still reflect your current situation’s needs or if there’s a better way.
- Check that the configuration has not changed since your last checks. Keep a copy of current configurations offline and know how to use them to restore the device to a known good state if necessary.
- Check who has access to the physical device and who has access to administrative controls. Change passwords periodically. Use strong passwords or more sophisticated methods. Monitor for unauthorized access or attempts to access administrative controls.
- Check for vulnerabilities using up to date scanners. Keep the device up to date with firmware and system updates that repair discovered vulnerabilities. Mitigate unrepaired vulnerabilities where possible.
- Keep a record of your doing all of the above.
On the home network, the basics can be quite simple. For a business that has to pass security audits to handle client data, health data, financial transaction data, and more, it can require quite a dedicated effort. In the end, it’s your decision: Once you have a grounded idea about what data and devices you’re trying to protect, you can make a sound judgment about the effort required. For instance, I monitor one network in particular with around 200 firewall rules between around a dozen interfaces. I set aside some time each month to examine one or two sections at a time to make sure I cycle through everything in detail at least once a year. YMMV.
So, when was the last time you checked your firewall?
If you’re interested in help assessing your IT security posture or staying predictably on top of your security audit needs, feel free to contact us to start the conversation.