Although the use of firewalls in networks is a common practice, there are still risks. The latest versions of firewalls have features that are not exploited by network administrators to ensure efficient, and above all, safe operation. Today in this article we are going to talk about some functionalities of the firmwares that we should not leave aside when configuring them and implementing a complete security solution.
DNS server security
Insecure DNS servers have the possibility of being violated so that all requests end up accessing malicious websites to execute other attacks such as Phishing . The worrying thing is that this is one of the most popular attacks. This is so because the security of DNS services is not an aspect that is mostly taken care of by network administrators. The action of integrating the security of DNS services is possible with firewalls. Emerging technologies such as Machine Learning can analyze all the data generated, instead of relying on other analysis tools.
A secure DNS server has the ability to block domains for malicious purposes. That is the importance of integrating it with other technologies such as the aforementioned Machine Learning. Thanks to the amount of data related to malicious domains, web servers can be armed against them. Another malicious activity that can be prevented is DNS Tunneling , which consists of giving way to data flow through DNS requests so that firewalls allow access.
Credential Theft Prevention
Block employees from using corporate accounts for sites like Facebook or Twitter . This means that they will not be able to use their corporate email address to be able to create an account on those portals, or subscribe to newsletters or offers. There are organizations with specific rules and penalties in this regard. However, others do not, and the risk that employees put on their corporate accounts is enormous.
This prevention works by scanning username and password. The information obtained is crossed with the official list of corporate accounts that correspond to that organization. It is possible to block their use for sites outside the corporate scope taking into account the URL category of the website.
When the firewall detects access attempts, what it can do is to display a warning message and prevent activity. It is also possible to present a page that serves as a warning message about the dangers of using these credentials, but which can still be used. The possibilities of configuring the way in which the firewall prevents and mitigates credential theft are endless. It is a great bridge to move towards an effective Security Awareness.
Network segmentation and security policy optimization
One of the most important benefits of segmenting a network is that the traffic of each of the segments is not visible to each other. This greatly reduces the risk of some kind of attack or vulnerability. Emerging technologies such as IoT have a high number of connected devices and this seems not to stop their growth. The segmentation of the networks to which it connects is quite useful, even more so because many of them have old operating systems. Therefore, these systems are very insecure and susceptible to thousands of vulnerabilities that can be exploited.
One of the bad practices of network professionals, or anyone responsible for managing one, is to continually add security policies to the firewall. By itself it is a good action, so as to be able to enhance the protection of the network against threats and attacks. However, time passes and some security policies should already be modified or eliminated to avoid conflict with others.
On the other hand, a firewall with a high number of security policies is very difficult to manage. In addition, it makes it difficult to provide support in case of inconvenience. The optimization of these policies makes it possible to implement rules based on types of applications and port numbers to allow or deny traffic. The improvement in terms of security levels is high and provides visibility to securely enable access to applications. However, rules based on port numbers must be migrated to application-based rules, to facilitate the granting of permission or denying such concession in applications. In this way, any type of malicious traffic that you want to enter the network is prevented.
Dynamic User Groups
Dynamic user groups are much more effective in relation to the protection received from any type of threat. For example, users who are accounting collaborators will receive the same security policies thanks to the firewall. This, without the need to update the policy of each of the users manually.
This is one of the evidences that process automation plays a very important role in guaranteeing network security. Also, to users who connect to these networks and generate traffic on them. It is almost impossible to prevent people from falling into some kind of suspicious site wanting to extract sensitive data or install malicious software, but good firewall management leaves everyone alone. In addition, the dissemination of good Security Awareness practices aimed at users, becomes a great complement to the safe use of networks.
It is very difficult, if not impossible, to manage network security without firewalls. They are the first line of defense to prevent various attacks before they have the possibility of entering the network. All these tips given above will guarantee the effective management and action of the firewall. Several of these mentioned functions already existed. However, there was a caveat that these features have been ignored by security professionals for many years.
