When you first start getting serious about data security for your business, many suggestions will be made to help you defend things like your websites and the data your company stores and transmits. One tool that will most likely be recommended, and if it isn’t it should be, is a firewall. What is a firewall, and what can a firewall protect against? We’re exploring everything you need to know about firewalls and their importance below.
Accurately measure risk & automate compliance with Rivial Security.
Before we can address the question of what a firewall can protect against, you first need to understand exactly what a firewall is. The National Institute of Standards and Technology (NIST) defines a firewall as, “An inter-network connection device that restricts data communication traffic between two connected networks.” These devices can be an application that is installed on a computer used for general purposes, or they can be installed on a dedicated appliance (platform), which rejects/drops or forwards packets (data/information) on a network.
In terms of internet applications, a firewall can prevent malware, viruses and bad traffic from getting through. Perhaps the most important reason you need a firewall is that it will prevent unauthorized access both to and from private networks.
Because firewalls are built to block bad traffic, they prevent bad bots from getting into your website and wreaking havoc. They act as a traffic controller for your website and your most important data. Unfortunately though, most firewalls have not been configured with the most up-to-date viruses/virus definitions.
Therefore, if a cybercriminal is using a new type of virus and bad bots that the firewall is not configured to block, it could still get through. This is why firewalls should not be your only line of defense against viruses, but they are a good start.
Accurately measure risk & automate compliance with Rivial Security.
The California Office of the Attorney General may have said it best when they explained that hackers are a lot like telemarketers that spend time automatically dialing “random phone numbers” trying to get a hit and reach someone via a real number. Every time a hacker sends out a ping which is like a random dial on a phone, firewall security can prevent a computer from “responding to these random calls” because it is blocking the communication “to and from sources you don't permit.”
Any firewalls your internet browser and computer may have built in may not be enough to prevent bad actors from slipping in. That is why purchasing one or multiple firewalls is often recommended.
A keylogger also referred to as spyware is a piece of software designed for tracking keystrokes to obtain sensitive information such as passwords, credit card data, and usernames. This data is then transmitted to a third party without your consent or knowledge. Many firewalls are built to defend against cybercrimes such as this.
Now that we have answered the question of “what can a firewall protect against,” let’s address the two types of firewalls. They are software and hardware.
Often referred to as a personal firewall, this type runs on your computer directly and is the most commonly used type. Software firewalls typically don’t require much in the way of technical knowledge and are designed to be easy to install and run. While default settings at the time of installation are usually fine for the average user, you may want to get assistance from a cybersecurity professional to configure the settings that are best for your business or financial institution. The more sensitive the data you store is, the more critical it is that you have the most secure settings in place.
Accurately measure risk & automate compliance with Rivial Security.
These firewalls are typically an external device that are usually “always on” with an internet connection. Hardware firewalls have more technical settings and therefore usually require IT or cybersecurity professionals to install, configure, and maintain them when compared with software firewalls.
We already alluded to this in our comment about viruses above, but the answer is no. In our PCI DSS Compliance Checklist post, we shared that installing a firewall is one of the requirements to be compliant. However, it was just one step. Other suggestions included things like encrypting stored and transmitted data, changing passwords, using antivirus software, and more.
While a firewall will go a long way in blocking bad traffic and restricting access, it’s certainly not the only thing your institution should be thinking about to protect itself from cyber threats. This is true not just for financial institutions that are storing and transmitting financial data, but for medical and government as well as transportation and manufacturing institutions as well.
If the data you store and transmit has any kind of value, cybercriminals will work night and day to attempt gaining access to it. Defend your business and your data.
Accurately measure risk & automate compliance with Rivial Security.
Contact Rivial Security today to determine your level of risk with a full Cybersecurity Risk Assessment: https://www.rivialsecurity.com/services/cybersecurity-assessments