What do firewalls protect against?
Firewalls prevent internet-based threats from reaching your web servers and network. Although they can keep unwanted visitors out, they won’t actually disarm threats – that’s what software such as antivirus, anti-ransomware and filtering are for. Firewalls can protect against the following from accessing your web server:
- Malware, such as viruses, ransomware and trojans
- Bots and other automated software
- Hacks and intrusions
- Encrypted threats
- Malicious apps and websites
- Users operating on untrusted or blacklisted networks. This can even include your colleagues who may be using public WiFi, for example.
An effective firewall will identify, and block attempted attacks in real-time and continually scan for new threats, filtering the traffic of everybody – and everything – on an external network from your own.
How does a firewall recognise dangerous web traffic?
Firewalls operate at network level and recognise all incoming requests to your server by IP address. To decide which of these requests reach your web server (and subsequently your network), a firewall references what’s known as an “access control list”. Learn more about access control lists here. You – or ideally, your IT managed service provider – have complete control over how the access control list is set up. You either:
- Leave the firewall open, allowing all external IP addresses to send traffic to your server’s network, with the exception of IPs that are specifically blocked.
- Or, the firewall is completely closed, only allowing traffic from IP addresses that you’ve granted permission.
Basically, these are two methods of getting the same result. However, due to the amount of business that’s generated via websites and web apps, we recommend leaving the firewall open and managing by exception, unless your operational risks demand a more radical approach. Proceed with caution when using the open method though. The back-end servers managing your website and related apps should have stricter controls, so ensure that restricted access is granted to these first as an essential security measure.
What steps does a firewall take when filtering external traffic?
A good firewall, such as those provided by our firewall partner SonicWall, will undertake the following steps as a minimum when filtering traffic attempting to access your web servers or website, even if you’re just using a web app firewall. Specific firewalls are recommended for small, medium and enterprise businesses.
- External network traffic makes an incoming request to your server
- HHTP/SSL deep packet inspection analyses incoming data in real time. This is done in tandem with custom rules and patterns set on your access control list and new threats identified by the firewall’s continual scans
- An application delivery controller, placed within a data centre between the firewall and servers, balances or removes load to effectively segment traffic
- Signature-based exploit prevention adds an extra layer of security
All the while, a good firewall will continually scan for new threats and deploy Unified Threat Management (UTM) to simultaneously target threats across different networks. This can help protect data, systems and business applications safe from external threat, all with quick loading speeds. Reports should also be available for full visibility and insights.
How are firewalls changing?
Firewalls are evolving to match the cyberattacks that try to bypass them. As mentioned, access control lists are the gold-standard of firewall management at present – but that’s changing, and fast. Centralised policy-based management with custom rules and access control lists – executed either by yourself or a managed service provider – are being replaced by advanced threat detection technology.
This adds a different, more intelligent and more proactive vector to your firewall, separating network traffic based on patterns and behaviours identified by continual scanning and artificial machine learning. Whether you choose a firewall with built-in advanced threat detection or not, it always helps to be precisely aware of the cyberthreats fending off with a firewall in the first place.
Having an up-to-date and firm understanding of the state of play will inform your policy and configuration choices – why not start by watching our Ask the Expert: Cyberthreat Readiness video?
What should you expect from a firewall managed service?
A firewall managed service is your best bet for ongoing resilience and performance, no matter what your size of business. You can benefit from the precision and proactivity that comes with specialist knowledge and have peace of mind that nothing will slip the net. Your in-house IT team can also be freed up to focus on business needs, while outsourcing takes care of installation, updates and management. Your managed service should offer:
- 24/7, 365 monitoring with alerts
- Rapid response to never-before-seen vulnerabilities
- A fully configured security appliance
- Site-to-site VPNs for server remote access
- A central management console
- Insightful reporting