Firewalls have been around for about 20 years now. They emerged more prominently as the Internet became commercialized and more networks and people connected — which meant more targets. Having a firewall is pretty much a mainstay today. You will find dedicated firewall appliances or Internet routers with so-called firewall capabilities. These devices can help protect you from outside threats, however, that’s pretty much where it ends. Some small businesses believe that this is the only answer to their security problems and this thinking will not serve them well.
Here’s some things firewalls do not protect you from:
Allowed traffic
Most firewalls allow basic services in and out, like email. A firewall can’t prevent emails with links to malware from being clicked and launching all sorts of pain on your systems. Firewalls can’t prevent man in the middle attacks where someone manages to impersonate something you’re trying to access and will make it seem like you’re browsing a legitimate website, but you’re actually working on a server that bad actors control all the while gathering your keystrokes and your passwords and account numbers and anything else you are doing.
A Denial of Service Attack
This is when a single source or multiple sources try to overwhelm your firewall with traffic so that it saturates your bandwidth and makes it impossible for anyone to get in or out of your network. This is a very difficult attack to block and most firewalls can’t really do much with it and poorly configured firewalls can also be a problem. They generally allow too much in or out. They’re not restrictive enough and as we discuss in our post, Manufacturer & Software Companies Aren’t Taking Care of Security For You, manufacturers will try to make the hardware setup process simple, often resulting in lower default security policies for the sake of convenience.
Social Engineering
Bad actors will use someone’s propensity to trust, against them. They might call impersonating the IT department to get vital information that will allow the bad actor to defeat weak security measures. No firewall is going to prevent someone from giving out their password.
Internal Threats
Disgruntled employees, angry customers or vendors, anyone with “trusted” status that takes advantage to do harm with the access they were granted cannot be curtailed by a firewall. If someone in the organization legitimately has access to a resource, there is always a risk they will exploit that access if they plan on “turning” against you — no firewall will prevent this.
* * *
Most firewalls, by default, block all incoming traffic and allow all outgoing traffic, with the idea being that everybody on the inside is trusted and knows what they’re doing. Unfortunately, that is a false assumption these days. Considering that the majority of breaches happen from inside the network, it’s necessary to control outbound traffic as well and not treat it as trusted anymore.
Even a well configured firewall is a problem as most employees of an organization are allowed to email and browse the web. Why don’t you guess where most of the attacks and vulnerabilities come from? Email and the web. Too many times some form of drive-by download, or malware which is propagated by a poisoned website happens because of an email with a poisoned attachment. More so today, Internet advertising can be laced with hidden code to do nefarious things to your computers and you won’t even know it’s happening.
Firewalls serve the basic purpose of hiding your network from the Internet and providing some basic in and out blocking, but they’re not the silver bullet that you might think, or that the manufacturers might try and sell you. You have to be very careful and know what you’re getting and know what you’re trying to achieve. Educate and inform your employees on avoiding downloading attachments and not clicking on every link, even from people they think they know. Putting the time and resources into teaching and training them is far more cost efficient than the repercussions of an attack from malware, ransomware or anything else the bad actors manage to get inside your network. The key here is putting measures in place that extend beyond the firewall.
This post was originally published on Medium.