Ten things your firewall should do

Firewalls have evolved over time from blocking simple threats and intrusions

to providing a range of additional services and functionality.

The needs of organisations today are dynamic, and in addition to filtering

out the plethora of threats that your network is potentially exposed to,

your firewall should provide bandwidth management and control functionality,

application level access controls, data leakage control functionality,

restrictions on the transfer of specific files and documents, and much more, writes Martin Tassev, (Read more …)

One should opt for a firewall that provides the following services:

1. Block Forbidden Files

Your firewall should be able to block a range of forbidden firewalls,

including:

- An EXE file downloaded from a web page

- An EXE file as an email attachment

- An EXE file transferred via FTP

Your firewall should simplify this process by allowing you to create a

Forbidden File Extensions list, which notifies the user that the file they

are attempting to download is forbidden as per corporate policy.

2. Block Malicious Content

As much as blocking forbidden files is a necessary firewall feature, often

malicious programs arrive (or leave) the organisation "disguised" as

standard documents (e.g. JPG files, PDF documents etc.) Your firewall should

be able to identify such malicious code, irrespective of the file's

extension.

3. Application Use Enforcement

If an organisation decides that everybody in the company should use a

certain browser, for example Internet Explorer (IE) 7.0 there are several

possibilities to enforce the decision.  One could physically check every

computer every day for 'foreign' browsers, or one could do this by

implementing a script to automatically check everybody's computer on a daily

basis. The easiest option though, is to simply set up a policy in the

firewall that only allows IE 7.0 traffics and blocks other browsers.

4. Manage Streaming Video

Streaming video sites such as YouTube are often abused and result in

decreased employee productivity. However, they are also often useful, so

blocking them is not always the best option. A good solution is to limit the

amount of bandwidth made available for streaming video sites. Your firewall

should allow you to limit bandwidth for various applications deemed a threat

to productivity.

5. Per group bandwidth management

It often becomes problematic when certain groups in an organisation need to

be restricted from sites, while others need to have access. For example, top

level executives who enjoy watching business news videos may get annoyed

that video streaming has become slow, thanks to the bandwidth restrictions

implemented. Your firewall should offer group-based bandwidth management

that allows administrators to apply a policy that does not limit streaming

video for certain groups of people.

6. Block Confidential Documents

While anti-spam protection may be able to detect and block outbound email

containing company confidential information, employees are still able to

send the information via web-mail services such as Gmail or Yahoo. A

firewall can prevent this by creating a policy that blocks all outbound

email that contains the 'Company Confidential' watermark, no matter which

email service is used.

7. Deny FTP upload

FTP sites are useful when large files need to exchanged on a regular basis

between organisations. It may be necessary to allow FTP uploads - but only

for some individuals. Your firewall should allow you to create a policy that

only authenticates certain user names, as well as disallow any FTP commands

that may be unnecessary for business.

8. Control P2P Applications

Peer-To-Peer (P2P) applications can not only take up a lot of bandwidth, but

they also allow for the download of files that may not be work-related.

Additionally, the creation of new P2P applications, as well as changes to

existing P2P applications occur regularly. By creating a policy to detect

P2P applications, you can not only manage and control them, but you also

don't have to spend time updating IPS signature rules. P2P applications can

be blocked with a  firewall or limited by bandwidth and time-based

restrictions.

9. Manage streaming music

Streaming audio and streaming radio sites can waste both bandwidth and

affect employee's productivity. Yet there are sometimes legitimate reasons

to access these sites. Application firewalls allow for the control of

streaming music in two ways: by controlling a list of streaming audio

websites, or by controlling audio file extensions. Once either of the two is

detected, it is possible to block them, or limit them via bandwidth

restrictions with the firewall.

10. Prioritise application bandwidth

Today many businesses rely on applications such as SAP, SharePoint, and many

others for their daily operations. Many of them are cloud-based or run

across geographically dispersed networks. It should be ensured that they are

prioritised in terms of bandwidth so that business productivity is not

affected.  Your firewall should allow you to assign bandwidth priority in

terms of the importance of each specific application. This can also be

date-based, so certain applications, for example sales applications, may be

given end-of-quarter priority.

(By Martin Tassev is MD, Loophold Security Distribution; Aricle supplied by Loophold Security Distribution)