Firewall

Firewalls make you a harder target, and they are important as part of any cyber security program, but they won’t necessarily protect you.

For starters, both your home and corporate networks are equally vulnerable to someone walking into your network with a compromised device and connecting directly to your machine (e.g charging their phone). This will bypass the firewall.

If it looks like a duck, quacks like a duck and waddles up to the right access point (port) for ducks, the firewall will likely assume it’s a duck. So, a bad egg can come through with the good ones.

In a home, micro or small business networks, there will likely be a basic firewall that really just acts as a warehouse at one of those hubs your postcard is going through. All the warehouse does is close some of its 65,000 odd roller doors and, of those left open, says what type of postcard can get through which roller door.

In a DMZ, the firewall will likely also include Deep Packet Inspection. This is like having a team member at each open roller door to have a closer look at the duck. However, if that duck’s wing isn’t showing any noticeable abnormalities, it won’t pick up the bomb under it. That is, if the firewall expects a duck, it’s still waddling through the right roller door for ducks quacking like a duck, and the firewall’s never seen or been told about a duck with a bomb under its wing, it may still call it a duck and let it through.

The same applies for any firewall software you may have installed on your machine or device.

The firewall has to know what it is looking for.

In internet terms, a word document may look legitimate, however enclosed is a virus (Trojan) that will run when it is opened. It may still pass through the firewall because it looked like a word document, had legitimate looking metadata, and went to the right port for file transfer of word documents. Adapted from Ernst (2013)

Some advertised providers of firewalls and guides to products that include firewalls:

Fortinet I BT Firewall I Mac Firewall

 

Leave a Reply

Your email address will not be published. Required fields are marked *