My firewall will protect my network...right?

Image © 2023 Gavin George

Before the mainstream adoption of the Internet, a ‘firewall’ was an architectural feature found prominently in mid-19th century townhouses, built to stop the spread of fire down the row. In information technology, the name was adopted to refer to an analogous feature of cybersecurity architecture that was meant to stop the spread of threats into a network.

Firewalls are an indispensable component of a strong network security infrastructure, but their effectiveness cannot be expected to extend beyond the function they’re designed for. Just like a firewall in a house can’t be expected to extinguish fires, or prevent fires from being set inside of a house; a firewall can only protect a network from a specific type of threat. In short, a firewall is absolutely necessary for network security, but it is not sufficient by itself.

What a firewall is

If you didn’t already know what a firewall referred to outside of the technology world, you may have been imagining a wall made of fire: something that is impervious to anything getting through, and something that will incinerate anything that is not supposed to get in or out. From a network user’s point of view, trying to get through a firewall may make it seem that way.

However, a firewall does not incinerate anything, and it is not impervious either. It is simply a network policy that blocks Internet traffic coming from particular points of origin from entering the network. Just like physical firewalls, they stop a particular agent of harm (fire or network traffic) from entering the protected area from a particular direction (such as the house nextdoor or a particular IP address).

When it is enough

A firewall is great at blocking predefined unwanted traffic from gaining entry into your network. If it has been programmed and configured to block traffic from known suspect points of origin, it can do so flawlessly. The important word here is if.

According to research from Gartner, at least 95% of firewall failures are due to misconfiguration. Usually, the consequence of misconfiguration is opening up a network to the risk of human error by allowing most if not all network users the ability to override the firewall policy if they decide to. Essentially, most firewall failures result from network users creating a potential vulnerability in it. In addition to misconfiguration, firewalls can also be insufficiently programmed, and thus incapable of stopping any potential threat coming from an address that it is not designed to account for.

That said, if a firewall is properly configured and sufficiently programmed, it is sufficient for blocking most incoming threats originating from a number of sources that would be harmful to your network.

When it is not enough

Though firewalls are enough in this regard, that is not the question that we began with. The question as to whether it is sufficient to protect the network means more than the question as to whether its sufficient to block certain types of threats. Like a firewall in a building, a firewall implemented in a network cannot stop the threats it wasn’t designed to mitigate.

Nobody would expect a building’s firewall to prevent a candle from being knocked over, or to stop an arsonist or to extinguish a fire that has gotten through it. Similarly, a network’s firewall cannot be expected to stop threats from within (such as accidental or malicious deletion of data by a network user), or to detect and arrest a breach that might originate from an infected thumb drive or an employee’s personal device.

Reinforcing a network’s cybersecurity architecture

A firewall is undeniably an important component of a network’s cybersecurity architecture, but if it is not properly programmed and configured, and isn’t combined with other safeguards, it can only do so much to mitigate the risk of a cybersecurity breach. Thankfully, there are a number of ways to reduce this risk without bogging down business operations with overzealous measures.

Ensuring that a firewall is sufficiently programmed and correctly configured can be done by patching weaknesses uncovered through penetration and vulnerability testing. This can go a long way in reducing risk. Adoption of a zero-trust network access (ZTNA) solution can prevent most misconfiguration errors from causing problems by ensuring that authorization to override the network policy is not granted to anyone except those who can absolutely be trusted with that level of permission.

Next-generation firewall (NGFW) systems can also go further than traditional firewalls in helping to mitigate risk by including features such as IPS (intrusion prevention systems) and IDS (intrusion detection systems) that utilize DPI (deep packet inspection) methods. This complements the function of a traditional firewall that examines the origin of inbound network traffic with an examination of the traffic’s content as well.

Still, all of the aforementioned solutions are only within the realm of securing a network’s perimeter. When it comes to breaches that get through said perimeter, a detection and response system is critical to containing and stopping it. And of course, a recovery plan (such as cyber insurance and back up plans) is essential to protect the continuity of your business in the event of a cybersecurity breach.

 

If you need to test your network’s security, or want to have your overall cybersecurity architecture assessed to uncover vulnerabilities and to find actionable remedies to improve it; text “SECURE” to 33339, or contact us through our website, and one of our solutions providers will coordinate a complementary vulnerability assessment and/or a cybersecurity solutions assessment with your business.