IT ARCHITECTS

What is Firewall Threats and Vulnerabilities ?

Firewalls are a basic part of any company’s cybersecurity architecture. However, firewalls alone should never be considered the be-all, end-all solution for your company’s cybersecurity needs.

Yes, they are useful, but there are a few issues with firewalls that can make it a bad idea to only rely on this one security tool to protect your business.

What are some of the firewall threats and vulnerabilities to look out for? Here’s a short list of issues.

1-Insider Attacks

A perimeter firewall is meant to keep away attacks that originate from outside of your network. So, what happens when the attack starts from the inside? Typically, the perimeter firewall becomes useless—after all, the attacker is already on your system.

However, even when an attack originates from within your network, firewalls can do some good—IF you have internal firewalls on top of your perimeter firewalls.

Internal firewalls help to partition individual assets on your network so attackers have to work harder to move from one system to another one. This helps increase the attacker’s breakout time so you have more time to respond to the attack.

2-Missed Security Patches

This is an issue that arises when network firewall software isn’t managed properly. For any software program, there are vulnerabilities that attackers may exploit—this is as true of firewall programs as it is of any other piece of software. When firewall vendors discover these vulnerabilities, they usually work to create a patch that fixes the problem as soon as possible.

However, the patch’s mere existence doesn’t mean that it will automatically be applied to your company’s firewall program. Until that patch is actually applied to your firewall software, the vulnerability is still there—just waiting to be exploited by a random attacker.

The best fix for this problem is to create and stick to a strict patch management schedule. Under such a schedule, you (or the person managing your cybersecurity) should check for any and all security updates for your firewall software and make sure to apply them as soon as possible.

3-Configuration Mistakes

Even when a firewall is in place on your network, and has all of the latest vulnerability patches, it can still cause problems if the firewall’s configuration settings create conflicts. This can lead to a loss of performance on your company’s network in some cases, and a firewall outright failing to provide protection in others.

For example, dynamic routing is a setting that was long ago deemed a bad idea to enable because it results in a loss of control that reduces security. Yet, some companies leave it on, creating a vulnerability in their firewall protection.

Having a poorly-configured firewall is kind of like filling a castle’s moat with sand and putting the key to the main gate in a hide-a-key right next to the entrance—you’re just making things easier for attackers while wasting time, money, and effort on your “security” measure.

4-A Lack of Deep Packet Inspection

Layer 7 (or “deep packet”) inspection is a rigorous inspection mode used by next-generation firewalls to examine the contents of an information packet prior to approving or denying that packet passage to or from a system.

Less advanced firewalls may simply check the data packet’s point of origin and destination before approving or denying a request—info that an attacker can easily spoof to trick your network’s firewall.

The best fix for this problem is to use a firewall that can perform deep packet inspection to check information packets for known malware so it can be rejected.

5-DDoS Attacks

Distributed Denial of Service (DDoS) attacks are a frequently-used attack strategy noted for being highly effective and relatively low-cost to execute. The basic goal is to overwhelm a defender’s resources and cause a shutdown or prolonged inability to deliver services. One category of attack—protocol attacks—are designed to drain firewall and load balancer resources to keep them from processing legitimate traffic.

While firewalls can mitigate some types of DDoS attacks, they can still be overloaded by protocol attacks.

There is no easy fix for DDoS attacks, as there are numerous attack strategies that can leverage different weaknesses in your company’s network architecture. Some cybersecurity service providers offer “scrubbing” services, wherein they divert incoming traffic away from your network and sort out the legitimate access attempts from the DDoS traffic. This legitimate traffic is then sent to your network so you can resume normal operations.

Alone, firewalls cannot protect your network from all of the threats that are out there. However, they can serve as an integral part of a larger cybersecurity strategy to safeguard your business.

Want to learn more about how you can craft a strong cybersecurity plan for your business? Check out our free guide to cybersecurity basics at the link below! Or, contact Compuquip Cybersecurity now to get expert advice from an experienced cybersecurity professional.

Why Firewalls Matter

When implemented correctly, a network firewall makes your PC invisible to hackers. If they can’t see your computer, they can’t target you.

Hackers use port scanning tools to scan for computers with open ports that might have associated vulnerabilities, providing hackers with backdoors into your computer.

For example, you may have installed an application on your computer that opens an FTP port. The FTP service running on that port might have a vulnerability that was recently discovered. If hackers can see that you have a port open with a vulnerable service running, they can exploit the vulnerability and access your computer.

One of the guidelines of network security is to allow only the ports and services that are necessary. The fewer ports open and services running on your network or PC, the fewer routes hackers have to attack your system. Your firewall should prevent inbound access from the internet unless you have specific applications that require it, such as a remote administration tool.

You most likely have a firewall that is part of your computer’s operating system. You may also have a firewall that is part of your wireless router.

Enabling stealth mode on the firewall on your router is the best security practice. It protects your network and computer from hackers. Check your router manufacturer’s website for details on how to enable the stealth mode feature.

How to Know Your Firewall Is Protecting You

You should periodically test your firewall. The best way to test your firewall is from outside your network via the internet. There are many free tools to help you accomplish this.

One of the easiest and most useful available is ShieldsUP from the Gibson Research website. ShieldsUP allows you to run several ports and services scans against your network IP address, which it determines when you visit the site.

Types of scans available from the ShieldsUP site include file sharing, common ports, and all ports and services scans. Other testing tools offer similar tests.

File Sharing Test

The file sharing test checks for common ports associated with vulnerable file sharing ports and services. If these ports and services are running, you could have a hidden file server running on your computer, possibly allowing hackers access to your file system.

Common Ports Test

The common ports test examines the ports used by popular (and possibly vulnerable) services, including FTP, Telnet, NetBIOS, and others. The test tells you whether your router or computer’s stealth mode is working as advertised.

All Ports and Services Test

An all ports and services test scans every port from 0 to 1056 to see if they are open, closed, or in stealth mode. If you see any open ports, investigate further to see what is running on those ports. Check your firewall setup to see if these ports have been added for some specific purpose.

If you don’t see anything in your firewall rules list regarding these ports, it could indicate that malware is running on your computer, and your PC may have become part of a botnet. If something seems fishy, use an anti-malware scanner to check your computer for hidden malware services.

Browser Disclosure Test

While not a firewall test, this shows the information your browser may be revealing about you and your system.

The best results you can hope for on these tests is to be told that your computer is in stealth mode and that the scan reveals there are no open ports on your system that are visible or accessible from the internet.

Read More About Patching

Buy From Amazon