As I highlighted in my first post, no company or government agency is immune to cyberattacks, and these attacks are a growing threat to every organization. To protect against these attacks, you need a layered security system, starting with perimeter security. Alone, perimeter security is insufficient to stop attacks, but that doesn’t mean that you shouldn’t have strong defenses at this layer.
In this context, your perimeter is the secured boundary between your organization’s private, locally managed networks and the public facing side of a network, typically the Internet. Perimeter security protects your private, local networks from the Internet, which they were not designed to be exposed to. To get started, you need to think about the goal of your perimeter security plan — basically, to set up technology and techniques at the perimeter of the network to secure your data and resources. Build your security based on the assumption that there will be a cybersecurity attack. I’m going to give a brief overview of the basics of perimeter security, common mistakes that organizations make at this layer, and what best practices look like.
Basics of perimeter security
- Routers act as traffic control for networks, directing the traffic into, out of, and through networks. Your organization controls whether internal traffic appears on an untrusted network, such as the Internet or your local coffee shop’s network. Historically, routers didn’t have firewall software or hardware built in.
- Firewalls are important, because they prevent untrusted internet traffic for getting inside the trusted area. An essential first step is to change your default firewall device password to a strong password.
- Configuration of your firewall is essential to effective protection for your organization. You’ll need to monitor traffic and access to understand how to set it up in a way that works well for your business.
Business size definitions vary by country, industry, revenue, and market share. This chart indicates small business size as below 250 employees, while the Small Business Administration provides tools to look up business size for government contracting purposes.
Common mistakes at the perimeter
A lot of small organizations have both routers and firewalls, but either they set them up themselves, without a lot of information about how to do that properly, or a technologist sets it up for them and then leaves them to configure and maintain it. Below are a few mistakes that can really harm an organization if or when a cyberattack happens:
- Worst: an older router or one with a default password, or no firewall at all.
- Bad: a firewall that’s loosely configured, rarely updated, or both.
- Better: a well-configured firewall that’s kept up-to-date, but not monitored.
Even older firewalls serve some purpose, but they need to be properly configured and maintained or they can’t protect you. For example, firewalls need firmware updates, frequently because the firewall provider identified and addressed security issues that they resolve through the update. In addition to firmware, look for other updates, patches, and upgrades, and make sure that you get those from validated sources.
When threat actors are out there hunting for someone to attack, they’re searching for specific devices and the software version on those devices. Why? The devices give up this type of information when queried, so threat actors know where and how to attack based on the device and software version. This is why it’s so important to keep a close eye on your firewall configurations, keep it up-to-date, and monitor the traffic it’s allowing and blocking.
Small organizations can provide enhanced security for those inside their network, which takes care of some of the risks they might be exposed to through working remotely at home offices, in coffee shops, airports, or hotel lobbies. To protect your employees and clients, follow these best practices for perimeter security:
- Install a next generation firewall (NGFW) with monitoring, because they are much more secure and difficult for attackers to penetrate. Palo Alto Networks offers virtual and hardware firewall options. NGFWs will help you to provide web filtering, prevent your staff from clicking malicious links or opening phishing emails, and protect your end users from ransomware. NGFWs also provide insight into traffic passing through your network and can differentiate between malicious and legitimate traffic. Further, these firewalls can reduce some of your challenging daily tasks, because they can evaluate whether traffic matches characteristics of new threats and analyze the behavior of traffic, inspecting it for viruses or malware.
- Monitor and respondto what is happening at the firewall. This will help you decide what to block and what to allow. For example, certified public accountants frequently access the Internal Revenue’s websites, so you’d want to whitelist them to make sure they remain accessible. Similarly, you can ensure that documentation websites remain accessible, and that your firewall is tuned to seasonal traffic spikes, such as quarterly and annual tax return filings.
- Manage the policies for your firewall rules and maintain the hygiene of your environment. Enable regular updates of your firewall and anti-virus software. This is an ongoing process, not something you can set up once and never revisit.
- Maintain close collaboration between your security and operations staff. If these two teams aren’t communicating, you’re probably missing configuration changes, hardware updates, or user access control changes.
- Prevent the use of information technology systems, devices, software, applications, and services without IT department approval. Typically called Shadow IT or gray IT, the adoption of cloud-based applications and services led to increased use of unapproved apps and services, which can introduce serious security risks to your organization through data leaks, potential compliance violations, and more.
- Create a demilitarized zone (DMZ) for public facing web applications, such as patient portals and cloud-based accounting software. Most of our clients don’t have public web applications, but for those that do, it’s important to take that edge application and segregate it, so if it is compromised, only those systems are impacted. And in that case, a web application firewall can also protect your organization in case of an attack, as does enabling SSL and HTTPS for those applications.
Netgain employs edge firewalls in our Data Centers and Azure, which protect the environments. We also use secure gateways to provide access into our hosted environments and geo-blocking in Azure to help block access from unauthorized international locations. We are working to deploy Next-Generation Firewalls from Palo Alto Networks in both our Data Centers and in Azure to offer enhanced security services, including, but not limited to, application-level protection, in-line malware protection, SSL inspection, Sentinel One, Duo, Cisco Umbrella, network segregation, web filtering, and more.
The industries we serve have complex technology challenges, and while healthcare and accounting have different regulatory requirements, both hold very sensitive data. This may have led some companies to focus less on security — but next generation firewalls at the perimeter and our enhanced level of protection plans increase security protection for our clients to meet the needs of today.