OK, let’s face it. The Internet is game to all sorts of intruders. I told a friend I found a Trojan Horse on her laptop and her response was, “What’s that?”
Clearly, protecting your data from being compromised can be a daunting task. What firewall should you incorporate? Are software or hardware firewalls better? What exactly is packet filtering and why is it important? And how do I analyze my firewall logs? Is this something better left to professionals?
Your primary consideration is the worth of your data. If you lost it or it was compromised this minute, could you survive as a business entity?
Let’s say you’ve done due diligence and installed a high end firewall appliance. Is anyone on your staff certified to analyze that firewall’s logs? If not, do you outsource those logs? Are you provided analysis and recommendations? Are security risks shored up? Are you compliant?
Is your network secure?
I’m constantly reading threads in forums of compromised data, and OPs (original posters) pleading for assistance after-the-fact. I was at a physician’s office years ago checking the security of her WiFi network, and while she was protected, at least a dozen other unprotected networks popped up. She had no clue she could compromise their networks as that was never her intention, but certainly it is the intention of (apparently) thousands of unscrupulous hacks on the Internet.
Fortunately, there are firms that you can turn to that make it their business to protect your business.
For any organization that conducts business over the Internet, it’s a vital first-line of defense that:
- protects your information and systems from compromise
- helps ensure secure, ongoing communications between your Web site and customers
- reduces the costs and disruption of intrusion-initiated downtime
- extends your in-house capabilities
CLI versus GUI interfaces
What are some types of command line interfaces (CLI) for managing firewalls? PIX and Linux IPTables are popular examples. GUI based interfaces are more intuitive to the end user, so are presumably easier to use. They’re both designed to keep the malicious stuff out, while providing an enhanced more secure online experience.
Custom operating versus open source systems
Systems like the Cisco PIX run on a custom operating system where the source code is not available, and is updated via patches or new releases. Then there are open source systems which include Linux and Solaris 10. Open source systems typically require more effort to maintain and secure your data, but patches to shore up vulnerabilities may get released faster. Closed source systems, properly configured and maintained by the user, eliminate many of the variables inherent in general operating systems, making it easier for the less experienced user to maintain.
Are you up to managing your own firewall with a CLI? (Command Line Interface)
Most firewalls require you to perform an initial configuration – things like your IP address, net mask, default gateway and possibly an administrative password, first in CLI even when using a GUI. CLIs require knowledge of the command set in your firewall appliance. For example, to configure Linux’s NetFilter, you’ve have to use the IPTables CLI to set up configurations for Secure Shell (SSH), email and web traffic. What ports do you allow and which do you deny?
A vulnerability is a defect that might result in the potential exploitation of the firewall by an attacker to cause either a distributed denial-of-service (DDoS) attack or to gain access to your firewall. Vulnerabilities are routinely caused by a misconfiguration of the firewall itself.
A vulnerability due to a misconfiguration of the firewall can range from allowing access to Remote Procedure Call (RPC) ports on systems behind the firewall to not setting an access password on the device itself.
Special care must be taken when managing a firewall because it protects your data from the world. In many cases, it represents the only security device on your network.
Disaster Recovery and Business Continuity
I cannot overemphasize the importance of remote backup even with a properly configured and maintained firewall, regardless of what backup plan you’ve procured via your web hosting provider.
Having said that, firewalls are an essential element in the defense and retention of your data. Your data is your business. If you are even remotely at loss how to configure, maintain and analyze your firewall logs, I wholly recommend outsourcing this service.
Brought to you by ProlimeHost
We’ve been in the web hosting industry for over a decade, helping hundreds of clients succeed in what they do best and that’s running their business. We specialize in Virtual Private Servers (VPS) and dedicated servers, with data centers in Los Angeles, Denver & Singapore.
VPS Services: Lightning Fast SSD Virtual Servers
Our Virtual Private Servers all feature high performance Xeon processors and SSD storage in a RAID10 configuration to optimize your server’s performance, which dramatically enhances visitor experiences on your site.
That speed is backed by unparalleled 24/7 support, featuring both outstanding response AND resolution times to maximize your uptime.
Now is the time to join the ProlimeHost virtual private server revolution.
Dedicated Servers: Backed by a 99.9% SLA network uptime guarantee
We only use enterprise-class hardware in our dedicated servers and offer a four (4) hour hardware replacement. Throw in IPMI for remote management, support for public and private networks, free operating system (OS) re-installs, and SATA, SAS & SSD (including NVMe) storage. Call +1 877 477 9454 or email us at Sales@ProlimeHost.com. We’re here to help.