Benefits of Firewall in The Organisation | Antivirus

The importance of information for the achievement of objectives in organizations, has meant that it is considered in many cases as the most important asset. Due to the value attributed to it, it is subject to various threats such as theft, counterfeiting, fraud, disclosure and destruction, among many others.

 

The risks to which such information is exposed lead to the need to develop trustworthily environments, but achieving this is a complex and multifactorial problem. For this reason, we have developed security approaches such as defence in depth (defence in depth), which aims to protect the information through the application of controls in different layers.

One of these layers are the perimeter, the logical boundary that divides the corporate network from other networks, including the Internet. In the so-called perimeter security, the firewall continues to be in force as a protection mechanism for networks and has been an essential element since its appearance 25 years ago.

Why Do Companies Need a Firewall?

Let's review first, what does this term refer to? It is a software or hardware tool whose purpose is to filter the connections that enter the internal network of the organization, as well as the network connections that go to the outside of the organization. It is implemented as a logical access control mechanism.

In this way, it prevents Internet users who have not been authorized to enter the company network from having access to it or from members of the organization accessing external services for which they have not been authorized.

So where does the importance of this lie? The firewall operates as a filter that examines all packets going to the corporate network and compares the information in the header with previously established rules. If the IP address and port are valid according to the rules, the packet is delivered, otherwise, it is discarded. The same operation is performed with the packages that are sent from the interior to the Internet.

Therefore, by discarding packets that are not allowed and consequently avoiding connections that are not valid according to the rules, the firewall can prevent the spread of malicious code through the network, unauthorized access or possible intrusions of third parties to the corporate network.

However, it will not be able to protect against threats such as phishing or scam, since for the vast majority of organizations email is essential in their operations, so it is not blocked. Nor can it protect against malware infection, whether it arrives as an attachment or through removable media.

Now, how are the filtering rules defined? Basically, connections are allowed or denied based on criteria and rules that are defined. If a restrictive approach is applied, all connections are blocked except those that are explicitly allowed. On the other hand, if you use a permissive approach, all connections are accepted except those that are explicitly restricted.

The firewall configuration depends largely on the approach used, as well as the services that are offered, the services required by the members of the organization to carry out their tasks, and the assets that are intended to be protected.

Understanding the Importance of The Firewall

The firewall continues to be a highly used security mechanism in companies. According to the study, 76.6% of the executives surveyed in 14 countries in the region affirmed having a solution of this type, which places it in second place if we talk about the most used security controls, after antivirus.

The above, due to the benefits, it provides in terms of protection, mainly by filtering external connections that some types of malicious software such as worms, viruses or botnets usually make. Also, avoid the connections of possible intruders in the network or as a security measure to control connections to the outside.

Its Evolution in These 25 Years

Since its appearance, the firewall has evolved offering different protection features:

The first type developed was called for packet filtering (packet filter) and operates basically as described above: all packets arriving at the network and inspected according to the filtering rules, packets are accepted or discarded. To make the decision, it is verified if the basic information of the packet such as the source and destination address, the protocol or the port, complies with the established rules or policies.

The second feature developed firewalls are known as stateful inspection (stateful inspection). Unlike the first type, the packets and the status of the connections that pass through them are tracked. In this case, only packets that match an active connection that has been recognized as legitimate are allowed to pass; all other packets are rejected.

The third type is known as filtering application (application filtering) and its main feature is that it detects whether the desired connection is not trying to avoid through an IP address and a valid port, according to the set rules. In other words, it is capable of controlling specific applications, since in addition to checking the packet header, it also checks its content.

In recent years, people began to talk about new generation firewalls (NGFW), which must have additional functionalities to those described above. Although the new features should have not yet been fully defined, it is expected to combine the capabilities of Intrusion Prevention Systems (IPS), as well as their integration with other technologies, as well as broad and deep packet inspection. In the different layers of the OSI model.

A Single Control Is Not Enough

Despite the benefits that we have reviewed, firewalls are a solution applied only to one of the layers described in the in-depth security approach, so it must currently, be complemented with other security controls regarding perimeter security, including Intrusion Detection Systems (IDS) or IPS.

In the same way, the other levels considered in layered security must be included, which can lead to the application of other controls necessary for companies such as antivirus, antispam, practices such as data backup and encryption, double authentication solutions, even security solutions for mobile devices when they are used to access the corporate network.

We continue to see the evolution of this security mechanism, which remains in force as one of the fundamental elements for security management, and which currently should not be lacking when the purpose is to protect assets and mainly information in organizations.