By Augusto Melo – Information Security Analyst– Intrinium
Regardless of your company size, Information Security is indispensable, and firewalls are one of the first lines of defense against cyber threats. Fortunately, there are many firewall offerings available in the market, each one fits different needs and budgets. However, even if a company possesses a high-end firewall solution, it is hard to claim your network is safe if you lack essential InfoSec monitoring. If you do not have monitoring yet, don’t panic. Cybersecurity follows the pareto principle, which states that roughly 80% of the effects come from 20% of the causes. You can decrease the risk of a network compromise by paying attention to a few suspicious events that most firewall solutions are able to detect. If your firewall is not able to handle and detect those events, we recommend investing in a better option.
At Intrinium, we recommend addressing the following events, if and when they are identified on your firewall:
Port scanning often precedes an actual attack. By scanning the firewall’s ports, an assailant can have a reasonable idea of the vulnerabilities in services open to the public.
Denial of Service
Firewalls, just as any other network device, can only handle a limited traffic volume. In a denial of service (DoS) attack, your services will be flooded with requests until the device processing the traffic will crash and cause downtime.
Computers belonging to your network have considerably more access than outbound systems. An attacker can leverage this fact to forge an IP packet that looks like it came from a computer in your network, and therefore successfully bypassing your security controls.
Just as text processors will point out and automatically fix typos, network services will often try to fix malformed IP packets. An attacker can leverage that feature and force the target service to correct a malformed packet that will come out as a piece of malware.
Sometimes an attacker can break an IP packet into smaller pieces and control how they will be assembled in the target system. The complete packet will be a piece of malware that successfully bypassed your security controls.
Unfortunately, attackers are always trying to find new ways to break security controls and monitoring common events will only delay the inevitable. If you don’t have an Infosec team watching your network 24/7/365, you are susceptible to potential infiltration. A competent Infosec team, will be able to identify and act upon threats promptly, communicate threats, assess risk and patch updates in a timely manner to ensure business continuity. Without a team in place, a potential network compromise will inevitably cause damage to your business and may result in large fines. Investing in a network security division, however, can be very expensive, as emerging threats require regular end-user training programs, network maintenance, and disaster recovery plans that only a highly specialized workforce can provide. If your company cannot afford an in-house Infosec team, a Managed Security Services Provider (MSSP) with experience and flexible service plans can save your business from the next WannaCry.