Ten things your firewall should do
Martin Tassev, MD Loophold Security Distribution
Firewalls have evolved over time from blocking simple threats and intrusions to providing a range of additional services and functionality.
The needs of organizations today are dynamic, and in addition to filtering out the plethora of threats that your network is potentially exposed to, your firewall should provide bandwidth management and control functionality, application level access controls, data leakage control functionality, restrictions on the transfer of specific files and documents, and much more.
One should opt for a firewall that provides the following services:
1. Block Forbidden Files. Your firewall should be able to block a range of forbidden firewalls, including: an EXE file downloaded from a web page, an EXE file as an email attachment and
an EXE file transferred via FTP. Your firewall should simplify this process by allowing you to create a Forbidden File Extensions list, which notifies the user that the file they are attempting to download is forbidden as per corporate policy.
2. Block Malicious Content. As much as blocking forbidden files is a necessary firewall feature, often malicious programs arrive (or leave) the organization “disguised” as
standard documents (e.g. JPG files, PDF documents etc.) Your firewall should be able to identify such malicious code, irrespective of the file’s extension.
3. Application Use Enforcement. If an organization decides that everybody in the company should use a certain browser, for example Internet Explorer (IE) 7.0 there are several possibilities to enforce the decision. One could physically check every computer every day for ‘foreign’ browsers, or one could do this by implementing a script to automatically check everybody’s computer on a daily basis. The easiest option though, is to simply set up a policy in the firewall that only allows IE 7.0 traffics and blocks other browsers.
4. Manage Streaming Video. Streaming video sites such as YouTube are often abused and result in decreased employee productivity. However, they are also often useful, so blocking them is not always the best option. A good solution is to limit the amount of bandwidth made available for streaming video sites. Your firewall should allow you to limit bandwidth for various applications deemed a threat to productivity.
5. Per group bandwidth management. It often becomes problematic when certain groups in an organization need to be restricted from sites, while others need to have access. For example, top level executives who enjoy watching business news videos may get annoyed that video streaming has become slow, thanks to the bandwidth restrictions implemented. Your firewall should offer group-based bandwidth management that allows administrators to apply a policy that does not limit streaming video for certain groups of people.
6. Block Confidential Documents. While anti-spam protection may be able to detect and block outbound email containing company confidential information, employees are still able to send the information via web-mail services such as Gmail or Yahoo. A firewall can prevent this by creating a policy that blocks all outbound email that contains the ‘Company Confidential’ watermark, no matter which email service is used.
7. Deny FTP upload. FTP sites are useful when large files need to exchanged on a regular basis between organizations. It may be necessary to allow FTP uploads – but only
for some individuals. Your firewall should allow you to create a policy that only authenticates certain user names, as well as disallow any FTP commands that may be unnecessary for business.
8. Control P2P Applications. Peer-To-Peer (P2P) applications can not only take up a lot of bandwidth, but they also allow for the download of files that may not be work-related.
Additionally, the creation of new P2P applications, as well as changes to existing P2P applications occur regularly. By creating a policy to detect P2P applications, you can not only manage and control them, but you also don’t have to spend time updating IPS signature rules. P2P applications can be blocked with a firewall or limited by bandwidth and time-based restrictions.
9. Manage streaming music. Streaming audio and streaming radio sites can waste both bandwidth and affect employee’s productivity. Yet there are sometimes legitimate reasons
to access these sites. Application firewalls allow for the control of streaming music in two ways: by controlling a list of streaming audio websites, or by controlling audio file extensions. Once either of the two is detected, it is possible to block them, or limit them via bandwidth restrictions with the firewall.
10. Prioritize application bandwidth. Today many businesses rely on applications such as SAP, SharePoint, and many others for their daily operations. Many of them are cloud-based or run across geographically dispersed networks. It should be ensured that they are prioritized in terms of bandwidth so that business productivity is not affected. Your firewall should allow you to assign bandwidth priority in terms of the importance of each specific application. This can also be date-based, so certain applications, for example sales applications, may be given end-of-quarter priority.
