Unmanaged Firewalls can potentially be just as dangerous as not having one at all.
Before I explain, let’s discuss exactly what a Firewall is.
Firewalls are software or a hardware appliance running firmware that prevents unauthorised access to a network. This is done through sets of rules to identify and block threats.
Firewalls are typically used in both enterprise and personal environments, and some devices even come with built-in Firewall software – like Windows 10, for example.
But what makes them so important? At least, since they first appeared in the early days of Internet. Networks needed protection from unwanted access through the interconnected networks, which became the modern Internet. Nowadays, Firewalls have become the foundation of network security.
Firewalls are complicated to maintain, so it’s important to understand how they work.
A Firewall establishes a border between an external network and the network it guards by inspecting all data entering and leaving that network. This process requires the setup and configuration of pre-configured rules to determine good or bad pieces of data, referred to as packets.
Packets contain important information, including the data being transferred and information about the data, like where it came from.
Firewalls use this information to determine if a packet stream is in line with its rule set. If it fails, the Firewall stops the stream from entering the network.
Rule sets are setup according to several things, including:
- The source
- The destination
- The content
If one had to consider a more real-world analogy, Firewalls can be compared to the fence and security gates around your home. Yes, we have burglar bars on the windows and security gates at the doors, but without a fence, when a burglar walks down the street, they have free access onto the property.
Firewalls are therefore installed at an organisation’s network perimeter to guard against external threats, or within the network to create segmentation and guard against insider threats.
In addition to immediate threat defence, Firewalls perform important logging and audit functions. They keep a record of events, which can be used by administrators to identify patterns and improve rule sets. These rules should be updated regularly to keep up with ever-changing cyber threats.
Again, taking the burglar analogy into consideration, a fence might keep burglars off our property, but when we live in a complex, access needs to be controlled, and some form of register needs to be kept to ensure we know who enters, exits and what their reason for visiting is.
A Managed Firewall can be compared to the security company who controls all of that on behalf of the residents of a complex.
Managing a Firewall is therefore extremely important to protect information assets inside of the network, and not managing it properly is almost as bad as not having a Firewall at all.