Disabling a Firewall
Recap from the November 19th, 2019 CISO/Security Vendor Relationship Podcast
by Julie McLelland
“Casey from accounting is getting frustrated, waiting for client files being held up by the firewall. Jordan is trying to join a video conference that needs a plugin, but the firewall won’t let it through. So they call the IT manager who then disables it.”
In this week’s Cloud Security Tip, Steve Prentice explains a common scenario about the nuances of using a firewall.
What is a Firewall?
The term firewall is a metaphor that compares a type of barrier inside a building, designed to limit the spread of fire, with a technological barrier that's put in place to limit damage from a cyberattack.
In the technology industry, a firewall is a tool used to maintain the security of a private network. Firewalls block unauthorized access to or from private networks — and are often used to prevent unauthorized web users or illicit software from gaining access to private networks connected to the internet. A firewall may be implemented using hardware, software, or a combination of both. One of the very first products to provide cybersecurity, firewalls have been used for over 25 years.
Types of Firewalls
There are many types of firewalls used today, including packet-filtering firewalls, stateful inspection firewalls, proxy firewalls and next-generation firewalls (NGFWs).
A packet-filtering firewall controls network access by monitoring outgoing and incoming data packets and allowing them to pass or halt based on the source and destination Internet Protocol (IP) addresses, protocols and ports.
A stateful inspection firewall monitors the state of active connections and uses this information to determine which network packets to allow through the firewall
A proxy firewall protects network resources by filtering messages at the application layer
An NGFW is a deep-packet inspection firewall that moves beyond port/protocol inspection and blocking to add application-level inspection, intrusion prevention, and bringing intelligence from outside the firewall.
There are many pros and cons to each type of firewall, depending on what your specific organization needs.
The Dangers of Disabling a Firewall
Disabling a firewall can be tempting when an employee needs quick access to a document or application. However, by doing so, it allows all data packets to enter and exit the network unrestricted. This includes not just expected traffic, but also malicious data — putting the entire network at risk. If a software firewall is disabled, it's not just that computer that's in danger. Some types of malware can spread across an entire network connection, infecting all of the PCs attached to the LAN. Disabling a hardware firewall also puts all of the devices that connect to the network in danger.
Rather than turning off a firewall altogether, you can open the appropriate ports in the firewall to allow authorized applications or services through. Some firewalls use a pre-defined port or range of ports, while others allow users to manually configure which ports the software utilizes. Opening the firewall does potentially allow dangerous traffic to enter through the applicable port, but businesses can use nonstandard ports to reduce the risk of attack. If there is no other option but to disable the firewall, it is imperative that the computer or device disconnects from the internet before disabling to eliminate the risk of a malicious attack.
How A VPN Can Take It A Step Further
A firewall is designed to keep malicious traffic away from the network — and a VPN provides controlled connectivity over a public network such as the internet. The two can, and should, be used together to create a more well-rounded secure network.
Our enterprise VPN, Access Server, provides Layer 3 virtual private networking using OpenVPN protocol. OpenVPN protocol uses SSL/TLS with client and server certificates to perform key exchange and mutual authentication. OpenVPN is firewall and web proxy friendly as encrypted traffic is tunneled via UDP or TCP.