6 Vulnerabilities Even Your Firewall May Be Missing – and a Free Solution
Firewalls have become a standard tool for stopping malicious network activity. We have become increasingly complacent with our firewalls to the extent that we often fail to see what they might be missing. As technology – and malicious activities – advance, it’s natural for older firewall technology to fall short in their ability to uncover the latest vulnerabilities. For that reason, it’s critical to reevaluate firewall activity periodically and ensure the equipment in place is keeping up with current threats.
Unfortunately, not all firewalls are created equal, and their size and capabilities tend to be misunderstood. Even the most vigilant IT departments can miss things if the firewall is not quite right. This article will flag several gaps in protection you may not know you have and spotlight a method of getting your wall of protection as tight as possible.
For small-to-medium businesses, closing up firewall gaps is critical; they are more susceptible due to their smaller size and limited resources making them an ideal candidate for attacks. The average cost of a malware attack is $2.4 million. For small businesses this can be a challenge to recuperate from, understanding these vulnerabilities upfront can save your business from an unnecessary and potentially devasting attack.
Vulnerability #1: Malware, Phishing & Ransomware
The truth is, if your firewall isn’t catching specific malicious software, you won’t know it’s on your network. No firewall is perfect, but you need a way to verify that the appliance you have is catching as much as possible. When you do identify malicious software, it’s not always clear how to react. Even the most accomplished IT professionals needs occasional assistance from specialists who know exactly what to do.
Vulnerability #2: Network Overload
Your firewall may not have a way to inform you when you have high traffic that could be jeopardizing your business. Do you know how many people at any given time are using Twitter, LinkedIn or Skype?
They may or may not have authorization. If they don’t, excessive social media use can be taking away from productive time. Unauthorized high traffic also uses network bandwidth and may be slowing down critical business processes. The next question is, what are people actually doing when they are using the network? Which brings us to…
Vulnerability #3: High-Risk Applications
Some of the websites your company’s employees are visiting may be inadvertently allowing network compromises. For example, employees may go through a proxy website to get around a web filter to visit an unsecure site, watch Netflix at work or download a movie illegally. You don’t want to think this may be happening, but if it is wouldn’t you want to know? It also can happen unintentionally. Read the story on this page about an artist who inadvertently opened a doorway to hackers at his town’s city hall. The IT director thought he had everything secured — he just didn’t know what he didn’t know!
True Firewall Vulnerability Story: A Midwestern city hired a local artist to paint a mural at the entrance of town. This process took some time and the city trusted him, so he was allowed to connect his laptop to the network when he went to City Hall for meetings. The IT department scanned his machine of course and found nothing amiss. Recently, however, a network expert put a next generation firewall in the customer’s data center to mirror traffic from the current firewall and let it run for a week. When the week was up, the report showed suspicious activity the current firewall had been missing. Among other things, the report showed that the artist’s computer had been infected with malware. A third party was attempting to access city records every time he connected to the network. He had no idea the client had been installed on his computer. In fact, on the day the technical expert showed the IT director the report, they logged in and saw he was currently on the network. They contacted the artist to disconnect immediately.
Vulnerability #4: SaaS Applications
When users on your network have open access to the Internet, they can potentially engage SaaS applications without your approval. This takes away IT management control and opens your network to unknown vulnerabilities. To solve this problem, you need to know the number and type of applications your users are accessing. Ultimately, you may want to put controls in place to restrict the types of online applications or specific applications your users can access.
Vulnerability #5: Zero-Day Exploits
Manufacturers put products through their paces with thorough testing to try to make sure there are no vulnerabilities. However, even with their best efforts some products make it to market that have exposures that can be breached, the bad guys don’t take days off. A zero-day exploit happens on the same day a software or hardware vulnerability is found by hackers, and it takes some time for developers to program patches. In the meantime, if your network is using this software or hardware, you are vulnerable. You can’t always depend on the providers to solve the problem in a timely manner. You need to have a plan for finding vulnerabilities sooner rather than later.
Vulnerability #6: Files Leaving the Network
In your business, it may be perfectly normal for hundreds of Excel files to be transferred outside of your organization. But do you know how many files are leaving your network? If you were to find excessive amounts of transferred data, would you know if it was the result of a compromised computer? Could someone in your organization be sharing trade secrets or illegally accessing healthcare information? You can see the potential problems. Many firewalls will not identify massive data losses.
Solution: Security Lifecycle Review (SLR)
If all you had to do was examine your network at all hours of the day and night, you could analyze all network data and determine what is really going on. However, if you’re like most IT professionals, you have better things to do. The solution to mitigating these types of vulnerabilities is to include a periodic fully automated network analysis in your maintenance schedule.
A formal Security Lifecycle Review allows you to add a network evaluation device behind your current firewall to collect data for a defined period of time in TAP (test access point) mode, mirroring the network’s data without slowing down day-to-day processing. After the analysis is run, you can extract a report that shows top filesharing apps, detailed social networking activity, and numbers of files transferred, as well as identifying high-risk and SaaS applications and file types.
The good news is that a knowledgeable, reputable networking provider will run the latest firewalls in monitoring mode at no cost. They will do it for free to expose you to new technology you may decide to purchase from them. Prime Communications Inc. is one such provider. For more information about SLR programs to help you find out what’s really going on with your firewall, contact the PCI Business Development team at (402) 289-4126.