Stop and think about how much you DEPEND on your internet connection. How much of your businesses is DEPENDENT on your internet connection? Now, what if I told you your network was vulnerable? I can say with certainty that any business that accesses the internet is vulnerable, no matter how big or small. These vulnerabilities include data loss, ransomware, malware and the list goes on. The challenge with any network is evaluating your vulnerabilities, understanding the risks and being proactive with the solution.
That is where we turn to the topic of ‘The Firewall’.
“Over the years there have been many changes, and advancements, in networking equipment and technology. But I feel the network device that has changed the most is the network security device, the firewall,” said our sales engineer, Joey Hamm. “What was once a simple access control device gateway for your network has now become a multi-layered threat management system.”
Before we discuss the abilities of a multi-layered threat management system, let’s analyze the three categories of firewalls, packet-filtering, stateful-inspection and application-proxy.
- Packet-filtering fire walls use simple rules to evaluate each packet they encounter on its own merits. They maintain no history from packet to packet, and they perform basic packet header inspection. The simplicity of this inspection makes them speed demons. They’re the most inexpensive option, but they are also the least flexible and vulnerable. There’s a good chance you already own equipment capable of performing packet-filtering – your routers!
- Stateful-inspection firewalls go a step further. They track the three-way transmission control protocol, TCP handshake, to ensure that packets claiming to belong to an established session (i.e., the SYN flag is not set) correspond to previous activity seen by the firewall. Requests to open the initial connection are subject to the stateful-inspection firewall rule base.
- Application-proxy firewalls contain the highest level of intelligence. In addition to stateful-inspection, they broker the connection between client and server. The client connects to the firewall, which analyzes the request (including application-layer inspection of packet contents). If the firewall rules indicate that the communication should be allowed, the firewall then establishes a connection with the server and continues to act as an intermediary in the communication. When combined with Network Address Translation, both hosts may not even be aware that the other exists – they both believe they are communicating directly with the firewall.
With the proliferation of modern applications and mixed-use networks, host and port based security is no longer sufficient. When Peoples deploys a firewall it looks to a next generation solution such as the Cisco Meraki. Its seven layer, “next generation” firewall, that is included in MX security appliances and every wireless access point, gives administrators complete control over the users, content, and applications on their network.
“Taking control of your network security is very important, no matter how big or small your business is,” says Joey Hamm.
As a telecommunications company that offers commercial grade services and support, Peoples would be happy to help investigate your network for vulnerabilities and offer solutions. To speak with our team click here.