Technology / Programming

3 Threat-Reducing Firewall Features

by Josh Adams
3 Threat-Reducing Firewall Features picture: A
Follow us
Published on January 11, 2017

By now, you already know that installing a firewall is very important. Firewalls protect your network, and the data being sent on it, from outside and inside threats. They inspect traffic, prevent access to internal networks, and protect against external threats.

Not having the right firewall is going to cost your business both financially and in reputation.

Because you know the importance of having a firewall up and running, we're going to go over the notable strides that firewalls are currently making, and how they are going to save you in 2017 more than ever.

DoS/DDoS Protection

In recent years, many major websites have been knocked offline by Denial of Service (DoS) and Distributed Denial of Service (DDoS) attacks. These attacks bring on a sudden reduction in bandwidth and performance usually with no warning. According to research from Kaspersky Lab, one in five working IT professionals do not have protection against DDoS attacks, with many not knowing what steps to take if their system is attacked.

Attackers are increasing the potentness of malware attached to the botnets, making their attacks more significant. Hackers can and will continue to exploit device vulnerabilities to launch more DDoS attacks. Modern firewalls, like Palo Alto and Cisco ASA, are now learning to help identify and stop these DDoS attacks at their most basic levels.

It's important to confirm that you have monitoring systems in place before replacing or investing in new systems. Log monitoring, intrusion detection systems, and intrusion prevention systems can detect DDoS threats before they become actual breaches.

If you combine these resources, you're giving yourself a more intensive solution for protection against potentially dangerous traffic.

Port Forwarding

Hackers have been using ports for access as long as ports have existed. Most ISPs have standard ports they use, so it's really easy for hackers to figure out the configuration and deploy attacks. If there are specific services that you want to protect from an attack, you should use alternative ports, also known as masquerade ports.

For instance, Remote Desktop Protocol (Port 3389) is a commonly used port that cyber criminals frequently target during attacks. To prevent them from using this port, you can manually change the RDP port to another port, and configure the firewall to translate that port to the standard RDP port. This process is known as filter-based forwarding, and if you don't already know how to do it, we can show you.

Knowing how to forward ports can help you out whether you're studying for Juniper security or CompTIA Security+ certs, or if you just want to learn a bit more about port security.

IoT Devices

It would be surprising if you hadn't heard about devices that becoming embedded with electronics, software, sensors, actuators, and network connectivity that enable them to collect and exchange data.

The internetworking of these devices is being called the Internet of Things (IoT). The concept of the IoT is growing every day. IoT devices are also increasing the potential attack surface for hackers. DDoS bots have the ability to target devices and use them to commence a DDoS attack.

Installing a firewall to protect your new devices could be key to protecting them from threats that hackers are creating daily. You also might want to encrypt data on the IoT device and in route to and from other IoT devices.

You might consider segmenting IoT devices from other segments as part of a Zero Trust architecture. Additionally, you can add proper hooks in the software so that operators can perform identity and access management (IAM).

Additional Considerations

In choosing a firewall protection system, you should definitely consider selecting options with additional features. Certain types of firewalls send alerts to admins the moment that attacks happen. There also are options that integrate VPNs within their architecture for remote workers. You should always consider firewall vendor with strong customer support that provides the necessary help and resources to ensure the security of your network. For instance, you might want to consider Palo Alto versus Cisco ASA. (Or vice versa.)

Firewalls exist to help you evaluate your company's security risks. They are evolving rapidly as a cloud technology as software-defined networks take hold. This is going to open the door to drastic changes in the current firewall model, or it might even create a completely new category of network protection.

Regardless, we're going to get you the most current training on whichever direction firewall security goes and make sure that you are a firewall expert.

Set yourself up in 2017 for security and safety by bringing in a firewall. You can thank us later.

Want to learn more about firewalls? Not a CBT Nuggets subscriber? Start your free week now.


By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Don't miss out!Get great content
delivered to your inbox.

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2024 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522