Your first line of defense against hackers is usually your firewall. A user’s firewall protects them against unwanted access into your systems. A traditional firewall works by allowing or denying certain IP addresses, ports or a combination of the two into internal systems.
So, why is allowing certain IP addresses and ports important? Unfortunately, many well-known systems have vulnerabilities in them that allow hackers to bypass built-in security and gain access to the device. Many of these vulnerabilities can be reduced by installing a firewall in front of publically facing devices.
Here are some things to keep in mind as you set up your network defenses:
- What are the necessary ports that I need opened for my applications to work? In my opinion, this is the hardest step. Most of the time programmers and developers don’t know what ports the applications are using and what systems are using them. To get this information, you can start with a “permit any” rule and log what systems and ports are going through the firewall. Once you have your information, lock down the firewall.
- Do I want everyone to access these servers or just certain people? If only certain customers need access to the device, then limit as close as you can to those certain IP addresses.
- Who will update and support my firewall? Generally, your IT/networking staff will update your firewall or you can outsource it to other companies. Keep in mind that most firewall vendors require a support contract for updated software. So remember to get software support.
- How much will it cost? Cost can be anywhere from a few hundred dollars to several thousand dollars.
- Will a firewall make me 100% safe against hackers and attacks? No, traditional firewalls only limit by port and IP address. Let’s say, for example, we need port 80 open for our web server. If the application that you are using to host the web server has a vulnerability, then that server can be hacked or compromised. Hackers can then use that server as a gateway into other internal systems. Remember to always update and patch your systems.
Remember, firewalls cannot stop every type of attack or unwanted access. Firewalls are only one of many steps that you must take in securing your devices. Don’t get a false sense of security just because you have a firewall. Always keep your firewalls and devices up-to-date and be aware of security vulnerabilities in the devices you own.