Categories
Apps & Packages

Does a Firewall protect against being hacked? (part 2)

In the second of a 2-part article we look at host-based and network-based firewall solutions. These can help form part of a security infrastructure to protect computers, devices and networks against being hacked.

In part 1 of this article we examined what is a firewall? We also explained the different types of firewalls, then looked at the sorts of hacking attempts and cyber security attacks which a firewall can help protect against. Now we will check out some firewall solutions.

Host-based firewalls

These solutions typically come pre-loaded as part of an operating system or are installed as a separate package:

Linux

The Linux Kernel comes with a built-in IP Packet Filter that uses a set of rules. There is a command line administration tool shipped with most Linux distributions called ‘iptables’ which can be used to setup, maintain and inspect the tables that contain the firewall rules.

A firewall rule specifies criteria for a packet, and a target. If the packet does not match, the next rule in the chain is the examined; if it does match, then the next rule is specified by the value of the target, which can be the name of a user-defined chain or one of the special values ACCEPT, DROP, QUEUE, or RETURN.

Linux man page for ‘iptables’

Some sample output from iptables is as follows:

Chain INPUT (policy ACCEPT 0 packets, 0 bytes)
 pkts bytes target     prot opt in     out     source               destination         
    0     0 ACCEPT     all  --  lo     any     anywhere             anywhere
    0     0 ACCEPT     all  --  any    any     anywhere             anywhere            state RELATED,ESTABLISHED
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:ssh
    0     0 ACCEPT     tcp  --  any    any     anywhere             anywhere            tcp dpt:www
    0     0 DROP       all  --  any    any     anywhere             anywhere

Whilst iptables is a CLI (Command Line Interface) tool, there are graphical tools available too e.g. UFW (Uncomplicated Firewall).

UFW – Uncomplicated Firewall.

With Linux being an open-source operating system there are other firewall solutions available for this platform. These are available as specific purpose Linux distributions or as packages that can be installed e.g. ClearOS, IPCop, OPNsense, Smoothwall Express.

macOS

OS X includes an application firewall you can use to control connections made to your computer from other computers on your network.

apple.com

From OS X v10.5.1 onwards an application firewall has been included within the macOS operating system. This controls connections on a per-application, rather than per-port, basis.

By default the firewall is not enabled so instructions for configuring it can be found here.

Configuring the Application Firewall on macOS v10.5.1 or later.

Below are some of the key features:

  • Block all incoming connections – prevents all sharing services, such as File Sharing and Screen Sharing, from receiving incoming connections.
  • Allowing specific applications – allow a specific app to receive incoming connections.
  • Automatically allow signed software to receive incoming connections – apps that are signed by a valid certificate authority are automatically added to the list of allowed apps. Unsigned apps can be manually allowed or denied.
  • Enabling stealth mode – prevents the computer from responding to probing requests.

The functionality offered by the built-in macOS Application Firewall is very limited and only suitable for individual computers.

Windows

Microsoft Defender for Endpoint delivers preventative protection, post-breach detection, automated investigation, and response.

microsoft.com

Windows 10 comes with Microsoft Defender Antivirus pre-installed as standard. Also referred to as Microsoft Defender for Endpoint, this is considered a next-generation solution with:

  • Endpoint behavioral sensors – these are built into the operating system to collect and process behavioral signals and send this data to a user’s private & isolated instance in the cloud.
  • Cloud security analytics – data from different sources is collected and translated into insights, detections & recommended responses to advanced threats.
  • Threat intelligence – helps identify attacker tools, techniques & procedures then generates alerts when observed.
Microsoft Depender comes as standard on Windows 10.

Features & Benefits

Microsoft Defender for Endpoint provides users and organizations the following features and benefits:

  • Threat & Vulnerability Management – a risk-based approach to the discovery, prioritization, and remediation of endpoint vulnerabilities and misconfigurations.
  • Attack surface reduction – includes network & web protection, which regulate access to malicious IP addresses, domains, and URLs.
  • Next-generation protection – reinforces the security perimeter of a network using next-generation protection which is designed to catch all types of emerging threats.
  • Endpoint detection & response – uses advanced hunting to provide a query-based threat-hunting tool for proactively finding breaches and creating custom detections.
  • Microsoft Secure Score for Devices – dynamically assess the security state of an enterprise network, identify unprotected systems, and take recommended actions to improve the overall security of an organization.
  • Automated investigation & remediation – to help reduce the volume of alerts in minutes at scale.
  • Microsoft threat experts – this service provides proactive hunting, prioritization, and additional context and insights that further empower Security Operation Centers (SOCs) to identify and respond to threats quickly and accurately.

MS Defender is also available on Android, iOS, Linux & Mac.

Network-based firewalls

These solutions typically come pre-installed on a hardware device or are installed as a separate package or service on a server:

Home & SMB’s

Solutions for the home or SMB (Small-Medium Business) tend to come in the form of a firewall as part of a router, software installed on a dedicated computer, or a purpose-build device.

Below is an example of each:

NetGear Nighthawk X6S Tri-Band WiFi Router (R8000P)

Game, browse, and stream with blazing fast WiFi speeds up to 4.0Gbps, tri-band WiFi technology, MU-MIMO, and 1.8GHz dual-core processor. With NETGEAR Armor providing advanced cyber threat protection for your home and your connected devices and Circle Smart Parental Controls to easily manage content.

netgear.com

The NetGear R8000P is a modern WiFi router that can be used at home or within an office to provide Internet access plus a wireless and/or wired network. In addition to this there is the NetGear Armor facility which provides “advanced cyber threat protection for your devices”. This is a subscription-based service provided by Bitdefender.

NetGear R8000P WiFi Router with Bitdefender cyber security defense.

Bitdefender includes the following features:

  • URL Blacklist – outbound connections are checked against the Bitdefender cloud where the URL blacklist of unsafe or non-secure websites are kept. This protects users from phishing and online fraud.
  • Vulnerability Assessment – scans are performed to identify network security flaws such as backdoors, weak or default passwords, and unsecured or poorly encrypted communications. When NETGEAR Armor finds something, it correlates information from the devices with online vulnerability databases. A report is then provided that includes tips on how to address specific issues and secure the network.
  • Device Security Management – hackers are blocked from accessing smart home devices, such as Internet-enabled thermostats, refrigerators, baby monitors, and security cameras. Instant alerts are received when new devices join the network, so WiFi access for unrecognized devices can be blocked immediately.
  • VPN – connections are secured and encrypted, with online activity being kept private, even whilst using an unsecured public network.

To find out more information click here.

IPFire

IPFire is a hardened, versatile, state-of-the-art Open Source firewall based on Linux. Its ease of use, high performance in any scenario and extensibility make it usable for everyone.

ipfire.org

Here are the core features of IPFire:

  • Security – has an easy to configure firewall engine and Intrusion Detection System (IDS) to prevent attackers from breaking into a network. Frequent updates keep IPFire strong against security vulnerabilities and new attack vectors.
  • Firewall – employs a Stateful Packet Inspection (SPI) firewall, which is built on top of Netfilter, the Linux packet filtering framework. It filters packets fast and achieves throughputs of up to multiple tens of Gbps.
  • VPN support – allows staff to work remotely as if they would be sitting in the office and allowing them to access all resources that they need – fast and securely. IPFire supports industry standards like IPsec and OpenVPN and interoperates with equipment from various vendors like Cisco & Juniper.
IPFire web interface.

The firewall includes a web-based user interface for managing groups of hosts and networks plus sets of rules for strict access control. Logging and graphical reports are also provided.

The Intrusion Detection System (IDS) analyzes network traffic to try detect exploits, leaking data and any other suspicious activity. Once detected alerts are raised and the attacker is blocked.

This Linux distribution comes with a range of add-ons to extend the system and provide additional functionality e.g. making a Wireless Access Point (WAP), backup/file/print services, proxy & relay protocol support, and more.

To find out more information click here.

Cisco Firepower 1000 Series

With 1000 Series firewalls and Cisco Defense Orchestrator, you get class-leading security while spending less time on firewall administration.

cisco.com

This purpose-built series of firewall devices comes with the following features and benefits:

  • Simpler management – faster configuration and less costly management. Management options include:
    • cloud-based Defense Orchestrator.
    • centralized on-premise.
    • on-box management.
  • Open security platform – time-saving policy harmonization and threat correlation across network, cloud, endpoints, email, web, and more.
  • High-performance threat defense – protects against malware with automatic daily security updates from Cisco Talos.
  • Quiet operation, with switchports and PoE – provides switchports and Power-of-Ethernet (PoE) in a fanless desktop form factor. Perfect for connecting an IP phone or printer.

Data throughput within the range is from 650 Mbps to 3 Gbps.

Cisco Firepower 1000 Series firewall solution for small to medium businesses.

Firewall management functionality includes:

  • Secure Firewall Management Center – provides unified management of firewalls, application control, intrusion prevention, URL filtering, and malware defense.
  • Defense Orchestrator – manage security policies simply and consistently from the cloud.
  • Security Analytics & Logging – scalable log management with advanced analytics means faster time to detection.

For more information click here.

Enterprise & Data Centers

Large organizations and Data Centers require firewall solutions that may be distributed in order to cover multiple endpoints, locations and even countries plus be capable of handling large amounts of data traffic. One of the market leading solutions is Data Center Firewall (DCFW) by Fortinet.

The FortiGate data center firewalls are available as high-performance network security appliances and chassis-based systems that add intrusion prevention, application control, and anti-malware to the traditional firewall-VPN combination.

fortinet.com
Data Center Firewall (DCFW) architecture by Fortinet.

FortiGate DCFW’s provide the following features and benefits:

  • Performance – provides unmatched performance with flexible, high-speed 10, 40 & 100 GE interfaces plus throughput ranging from 50 Gbps to 1 Tbps and higher.
  • Security – enforces security policies with granular control and visibility of users & devices for 3000+ discrete applications.
  • Threat detection – identifies and stops threats with powerful intrusion prevention beyond port and protocol that examines the actual content of network traffic.
  • Management – simplifies administration and saves time with single-pane-of-glass management across all firewalls, both physical and virtual, for an entire network.
  • Protection – delivers up-to-date protection against known and unknown attacks via FortiGuard threat intelligence.
Configuring IPv4 Policy within FortiGate.

To find out more information click here.

Cloud-based

Cloud-based firewalls are built to protect platforms, network infrastructure and systems that utilize Cloud technologies and usually host web-based applications. Web Application Firewall (WAF) by Cloudflare is one such solution.

An intelligent, integrated and scalable solution to protect your business-critical web applications from malicious attacks, with no changes to your existing infrastructure.

cloudflare.com

WAF receives requests that are inspected against its rule engine for potential threats. If a request is suspicious then it can be blocked, challenged or logged. Legitimate requests are routed to the intended destination.

Features and benefits of the Cloudflare WAF include:

  • Ease of Use and Management – onboarding and management is simple and intuitive, requiring just a few clicks. Alternatively API’s can be used for the deployment of rules.
  • Scalable Threat Intelligence – use of Cloudflare’s global distributed network allows the creation of a proprietary threat score by evaluating IP addresses and analyzing digital signatures.
  • API Integrations – integration with popular tool sets allows easy configuration, customizable analytics and direct plug-ins for existing Security Information & Event Management (SIEM) infrastructure.
  • Flexible Control – customers can create custom rules for their specific needs directly from the dashboard. The rules engine supports a number of functions, operators and transformations.
  • Integrated Security & Performance – seamlessly integration with DDoS protection, Bot Management, Content Delivery Network, Load Balancer, Argo Smart Routing, and more.
  • High Accuracy – proprietary threat intelligence is used to update Managed Rulesets regularly. This continuously improves accuracy, lowers false positives, and provides comprehensive coverage to protect against zero-day vulnerabilities.
Web Application Firewall by Cloudflare.

In order to protect data presented to users via web browsers, Cloudflare has facility called Page Shield. This protects website visitors from script-based attacks and subsequent theft of data. Potential attack vectors from 3rd-party scripts are monitored by a featured called ‘Script Monitor’. This records JavaScript dependencies within a site over time and alerts app owners to any changes.

To find out more information click here.


Which firewall solution provides the best defense against computer systems and networks being hacked? Please comment below to share your preferences.

Leave a Reply