ver the last few years, security threats to companies have grown and changed dramatically and so have the defenses. Traditional firewalls installed before 2005 are often not the best suited for current threats and cannot protect against a number of newer threats.

What firewalls do
A firewall is a system designed to prevent unauthorized access to or from a private computer network. Firewalls are frequently used to prevent unauthorized Internet users from accessing private networks—often described as intranets—connected to the Internet. All messages entering or leaving an intranet pass through a firewall, which examines each message and blocks those that do not meet specific security criteria.

A firewall is necessary to protect an organization’s confidential information from those not authorized to access it and to protect against malicious users and incidents that originate outside its network. One of the most important elements of a firewall is its access control features, which distinguish between good and bad traffic. The various types of firewalls, in ascending order, are defined by whether they primarily function at the:

• Packet layer, analyzing network traffic at the transport protocol
• Circuit level, validating that packets are either connection or data packets
• Application layer, ensuring application data is valid before connecting
• Proxy server, intercepting all messages entering or leaving a network

In the real world, threats have evolved over the years, and firewalls have evolved to deal with them. While it is still possible to buy packet-only firewalls, they are not adequate for business use. Protection against blended threats is best provided by firewalls that combine all of the prior elements.

What else firewalls do
Other specific functions performed by firewalls include: gateway defense; carrying out defined security policies; hiding and protecting internal network addresses; reporting on threats and activity; and segregating activity between a trusted network, the Internet, and a DMZ—a protected zone in between a network and the Internet, where Web and/or email servers may be placed.

What firewalls do not do
Even with a firewall, there are still many areas of network risk. The most obvious is malware—short for “malicious software.” This category includes Trojan horses, viruses, worms, spyware/adware, and phishing- and pharming-infected emails and Web pages. Most commonly, malware is acquired by clicking on email attachments or email links.

Trojans, viruses, and worms can cause a range of symptoms from the annoying and/or embarrassing to those much more serious, which can affect business functions. Spyware and adware gather user information. They can record keystrokes and so can potentially be

very dangerous, revealing everything entered onto a computer keyboard.

Another well-known threat, not covered by traditional firewalls, is unsolicited commercial email, better known as spam. Dealing with spam can seriously affect productivity, and because spam often contains viruses and phishing attempts, it is a direct security threat.

Phishing, botnets, and DDoS
Phishing spam try to extract sensitive information, such as bank passwords or credit card details, using authentic-looking but completely fraudulent emails that purport to be from trusted sources like financial institutions where legitimate accounts have been set up. Pharming, a variation on this same scheme, occurs when criminals have set up false Web sites that look like ones that are used regularly—typically banking sites. Once account user names and passwords have been entered, the criminals plunder the accounts.

Also, many users are unaware that they can actually acquire malware by simply browsing Web sites. This is a rapidly growing threat, and some of that malware is used to create botnets. Some security applications, like those from Finjan, have a facility that protects against Web sites containing malware, by checking sites before users click on them.

Another network danger is from a distributed denial of service (DDoS) attack. This type of exploit attempts to prevent an organization from using its Internet-based systems by flooding them with emails until its servers are overwhelmed. These attacks are often carried out by botnet networks of compromised PCs, which are also used in spam campaigns. Specific DDoS software or DDoS appliances can help guard against this threat.

Proper authentication procedures
Other network dangers include unauthorized access. In many cases, both local LAN and wireless remote access passwords are not enough. The way to deal with this is to have proper authentication procedures in place. And the use of strong authentication with tokens will provide even better security.

More potential problems result from data theft or leakage, such as when a laptop is stolen or lost. The answer here is to encrypt all sensitive data. Finally, all wireless use is risky and requires a specific wireless VPN/firewall for remote access. A traditional firewall is no longer enough to protect a company network. Other security solutions to combat the threats outlined above are also necessary, as well as proper staff training.

Protect against main threats with UTM
One of the best ways to protect against the main threats not covered by traditional firewalls is to use unified threat management (UTM). These are multipurpose security solutions/devices that at a minimum have a firewall, VPN, antivirus, and intrusion detection/prevention system (IDS/IPS). Some UTMs—sometimes known as super UTMs—also incorporate capabilities such as Web filtering (blocking of problematic Web sites), spam blocking, and spyware protection.

UTMs are usually lower cost than buying and installing several security components separately. They are also typically greener, as one solution uses much less power than multiple solutions. When buying a UTM or a super UTM, it is important to ensure a reseller sizes it correctly, i.e., ensures that it has the performance capability to deal with current throughput and future business expansion.
UTMs are available from Check Point.

Based on: What Firewalls Do and What Firewalls Don’t Do, Ian Kilpatrick, Wick Hill Group, Woking, Surrey, United Kingdom, March 26, 2008.