Hackers and criminals are constantly developing new techniques to gain access to your sensitive data and business networks. Increasingly, they have become much more sophisticated and attacks are happening constantly. There have also been some recent and high-profile examples of criminals in Russia and China breaking into government networks and stealing millions of records concerning civilian and military personnel.
You cannot take for granted your own IT security, and with the emerging threats there is a security response from major security vendors.
The four main threat protection features you must have on your firewall are:
- Web URL Filtering
- Web Application Control
- Intrusion Protection System
- HTTPS Data Filtering
Firewalls or Unified Threat Management (UTM) devices with these features are typically referred to as Next Generation Firewalls (NGFW).
Web URL Filtering
Web URL Filtering stops staff from visiting websites you don’t want them to, but at the same time it also stops staff from inadvertently allowing malicious code or viruses to be downloaded onto their client machines when they visit websites you are allowing access to.
In addition to preventing malicious downloads, WEB URL Filtering also prevents your staff from wasting time on non-productive websites which have no benefit to your business, such as gambling, personal finance or Social Media sites.
Web Application Control
Web Access Control delivered the ability to ban a class of websites from being browsed from your network. So, for instance, you could block all Social Media websites, all porn sites or whatever you wished to deny access to. The problem is this was not very specific, and there may be genuine instances where you need to provide access to a website but it was not possible unless you lifted the ban on the entire class of sites it belonged to.
More than this, even where there are sites you allow access to, it is still possible to inadvertently be targeted with a malicious download. For instance, most websites use cookies to track behavior and increase site load speeds, however malicious code can also be downloaded too. More than this, a website you have provided access to may also contain downloads you nevertheless do not want to be introduced onto your network, for instance an Instant Messenger program.
Intrusion Protection System
An Intrusion Protection System, also known as an Intrusion Detection System, provides continuous over watch of your network and actively scans for suspicious activity. If detected, the System will identify and quarantine the threat, and at the same time notify your network manager of the issue and generate a reporting log of the incident.
HTTPS Data Filtering
SSL (Secure Sockets Layer) is a protocol which encrypts data before it is transmitted across or between networks. This encryption prevents third-party snoopers and hackers from being able to steal your data, even if they are able to intercept the data stream. Without the encryption keys, the traffic is useless to them and your data is secured.
The problem with this is that encrypted traffic passing through a firewall means it is not being inspected. So, while the encrypted data may be benign, the reality is that the traffic could also contain malicious code which cannot be identified by the firewall as it is encrypted.
HTTPS Data Filtering tackles this issue by sniffing data packets and inspection, but this requires an extensive threat detection network by the vendors, as they need to update the signatures of malicious code to allow the filtering to operate effectively.
Jensen Carlyle is a technology writer and blogger; he is currently working on network security issues for Swift Systems.