Author: Michael Thomas
Published: August 24th, 2020
Technology professionals are generally well rounded within the field of IT, not always developed from a need to understand their environment, but as a need of their consumer. They must understand, at some level, all aspects of technology to provide the best service. For this article, we’re going to focus in on the mysterious firewall and how it contributes to your network. Firewalls are perhaps the number one line of defense within your network, protecting from malicious activities both internally and externally. A firewall can be either hardware device or a software application. A hardware firewall often sits in your server closet, while the software firewall is installed on your desktop or server. I’m sure you’ve encountered the Windows Firewall at some point or another in your technology career. While there are various types of firewalls on the market, they generally function in one way. Inspect the traffic, match against a rule and make a decision to permit or deny the traffic.
The technology professional uses the firewall to ultimately protect your network and your investments from malicious intent, such as hackers and viruses. It can also be used to specifically permit external resources or rather remote resources access to internal services while they are traveling, this is often accomplished through a VPN or virtual private network. For the small business with a wireless router or equivalent, you’re probably already leveraging a firewall and may not even be aware. While these devices perform a firewall service, they are not nearly as good as their commercial peers. The term “you get what you pay for” comes to mind. A firewall also performs its functions inspecting traffic that is destined outside your business. This is beneficial if, by chance, one of your computers are infected and sending information to external resources, a firewall can inspect that traffic and block it before it ever reaches its destination.
I remember the first time I worked with a firewall. I had no idea what I was doing, but I had just been hired by this organization and my first response to a given task should not be to decline the role, even though I was not hired for my firewall skills. I suppose my leader had seen an opportunity for growth and seized it. The first thing I did was research to understand the basics of a firewall. A firewall operates from two perspectives; inbound and outbound traffic with relation to the firewall. It then matches the traffic to predefined rules of source and destination, working from the top of the list to the bottom. Once it fines a rule that matches the source and destination of the traffic, it reviews other functions such as, what ports are being used, the time of day, the application generating the traffic and much more, then executes based upon the action which is either permit or deny. A permit will send the traffic on its way, whereas a deny will simply drop the traffic.
Understanding this, the first step I performed was exporting a list of all existing rules within the firewall and reviewed them. I believe the initial list was somewhere around 200 rules, which the more rules you have, the more time it takes to process traffic, meaning slower traffic. Think about the interstate at rush hour. Next, I begun exporting live traffic logs and reviewing their criteria, focusing on internet traffic and their ports. I then made a rule that outlined any traffic from the business network to the internet, using those ports were permitted and placed it at the top of the list, with logging disabled. This would mean that if traffic matched the rule, it would be permitted and not logged. The purpose of the no logging is that as more rules are created with no logging enabled, your live traffic logs should decrease over a given time. From there, I then started focusing on other forms of traffic and their used ports. For that traffic, I would research the traffic and ports to determine if it was legitimate and create a new rule, if by chance the traffic could not be grouped with another similar legitimate rule. In most cases organizations reserve specific ports and are legitimate to permit. In other cases, malicious applications may use the port and require blocking. Regarding rules and their placement, the more specific the rule, the closer to the top of the list it must be. Finally, the last rule is always deny any, because if the traffic does not match a rule, it will be automatically dropped.
Firewalls can be a great asset to the security of any network, if leveraged correctly. A well configured firewall could mean the difference between the safety of your consumers and their identity theft. Continue to grow you skill-set by learning the basics of firewalls, playing with their configurations and becoming a strong technology professional. There is a wealth information available around firewalls and as mentioned before, you’ve probably interacted with one in your career at one point or another. This article is in no way a tell-all of firewalls, but rather a starter document for those who may be interested in learning firewalls.