Dec 31 2021

What is a Personal Firewall?

Category: Firewall,next generation firewallDISC @ 7:55 am

What is a Firewall?

A Firewall is the controller of incoming and outgoing traffic between your computer and internet network.

Who should use a Firewall, and for what?

  1. Those wanting to prevent unauthorized remote access.
  2. Those looking to block immoral content (such as adult sites).
  3. Online gamers – at a high risk for getting hacked in online games.
  4. Business owners and those working from home – at a high risk for getting hacked.
  5. Anyone not wanting to risk their data and privacy.

Why is a Firewall important?

A Firewall is important for several reasons:

  1. Promotes privacy
    A Firewall blocks or alerts the user about all unauthorized inbound or outbound connection attempts. It allows the user to control which programs can access the local network and internet.
  2. Stops viruses and spyware
  3. Prevents hacking
    A Firewall blocks and prevents hacking attempts and attacks.
  4. Monitors network traffic and applications
    It regulates all incoming and outgoing internet users as well as applications that are listening for incoming connections. Moreover, it tracks recent events and intrusion attempts to see who has tried to access your computer.

What’s the difference between a personal and business-grade Firewall?

• A personal Firewall usually only protects the computer on which it is installed, whereas a business-grade Firewall is normally installed on a designated interface between two or more networks (allowing for a greater number of computers to be protected).
• Personal Firewalls allows a security policy to be defined for individual computers, while a business-grade Firewall controls the policy between the networks that it connects.
• Personal Firewalls are useful in protecting computers that are moved through different networks (as the protection is per computer vs. the network). It can be used at public hotspots, allowing the user to decide the level of trust and the option to reconfigure the settings to limit traffic to and from the computer.
• Unlike business-grade Firewalls, many personal firewalls have the ability to control network traffic for programs on the secured computer. For instance, when an application needs to establish outbound connection, the personal Firewall will scan it for safety, block it if it’s blacklisted, or ask for permission to blacklist it if not known.
• Personal Firewalls may also help block intruders by allowing the software to block connectivity where it suspects an intrusion is being attempted.

Risks of not having a Firewall

  • Loss of data
  • Open access
  • Network crashes

Personal computer firewall

Tags: data privacy, data protection, Firewall, Network Security, Online Privacy, Online Safety

Feb 16 2010

Security risk assessment process and countermeasures

Category: Security Risk AssessmentDISC @ 4:01 pm

The Security Risk Assessment Handbook: A Complete Guide for Performing Security Risk Assessments

The following are the common steps that should be taken to perform a security risk assessment. These are just basic common steps which should not be followed as is but modified based on organization assessment scope and business requirements.

• Identify the business needs of the assessment and align your requirements with business needs.
• Assess the existing security policies, standards, guidelines and procedures for adequacy and completeness.
• Review and analyze the existing assets threats and vulnerabilities
• Analyze the impacts and likelihood of threats and vulnerabilities on assets
• Assess physical controls to network and security infrastructure
• Assess the procedural configuration review of network and security infrastructure based on existing policies and procedures
• Review logical access and physical access and other authentication mechanism
• Review the level of security awareness based on current policies and procedures
• Review the security controls in service level agreement from vendors and contractors
• At the end of review develop a practical recommendations to address the identified gaps in security controls

To address the existing gaps in infrastructure we have to select the appropriate countermeasures to address the vulnerability or thwart a threat of attack. Four types of techniques are used by countermeasures:

Deterrent controls reduce the likelihood of an attack. Blocking phishing sites at ISP is an example of deterrent control
Preventive controls reduce exposure. Firewall is an example of preventive control
Corrective controls reduce the impact of successful attacks. Antivirus is an example of corrective control
Detective controls discover attacks and trigger preventive or corrective controls. IDSs and SIEM systems are example of detective control.

Tags: authentication, countermeasure, Firewall, phishing, Risk Assessment, security controls, Security policy, security review, Security Risk Assessment, security risk assessment process

Feb 10 2009

Defense in depth and network segmentation

Category: Information Security,Network securityDISC @ 2:17 am

Traditional security schemes are incapable of meeting new security challenges of today’s business requirements. Most security architectures are perimeter centric and lack comprehensive internal controls. Organizations which are dependent on firewall security might be overtaxing (asking security mechanism to do more than it can handle). Some of the old firewalls rule set stay intact for years, which might be a liability when the firewall rule set neither represent current business requirements and nor are protecting critical assets appropriately.

“Firewalls are typically managed by a succession of administrators who create their own rules, which then accumulate over a period of years. This creates rule duplication, which can impinge on performance, but also brings risks such as the use default or open passwords.”

The first step in defense in depth is designing a corporate network segmentation policy which describes which departments, application, services and assets should reside on a separate network. Network segmentation will assure that threats are localized with minimal impact on the organization. NIST, ISO27002, and PCI emphasis the importance of network segmentation but does not mandate the requirement. At the same time PCI Standard committee emphasize in new standards that the compliance scope can be significantly minimized by placing all the related assets in the same segment. Network segmentation is not only a common sense in today’s market but also one of the most effective and economical control to implement, simply a great return on investment.

Network segmentation benefits:
o Improve network performance and reduce network congestion
o Contain attacks (viruses, worms, trojans, spam, adware) from overflowing into other networks.
o Improve security by ensuring that nodes are not visible to unauthorized networks. Reduce the size of broadcast domain

Basic idea behind defense in depth is to protect your crown jewel in multiple layers of defense, should one fail, another will provide crucial protection. Another important thing to remember is that we cannot defend everything, so our defense in depth approach should be asset centric rather than perimeter or technology centric. Perform a thorough risk assessment to find out your most important assets and apply the defense in depth approach to protect the confidentiality, integrity and availability of those critical assets. Examples of network segmentation include wireless network, where you place the wireless network users in their own segment behind a firewall with their own rule set. This rule set will help to contain the users on wireless network as well as any potential attacks on the organization. To get to the content of another segment in the network, the wireless users has to pass through all the layers of protection.

Defense in depth diagram
Different attacks will be handled by different layers. In the outer layer 1 will handle most of the network related attacks while the layer 2 will handle most of the script based attacks which target the operating system. Layer 3 will handle most of the application attacks which are complex and only utilized by skilled attackers. Layer 4 is your final frontier where you protect your crown jewel by moving many of the tools and techniques used at the perimeter closer to critical assets.

Related article
Network segmentation is a common sense

Defense in depth

Tags: Consultants, Firewall, ISO/IEC 27002, National Institute of Standards and Technology, Products, Rate of return, Security, Wireless network