The ‘Analogy’ of Firewalls…part one
26th November 2019
If you are technical then this isn’t the blog for you, but if your role covers IT and / or Telecoms and you are not technical this is a light hearted look at firewall analogies to demonstrate just why a solution like those provided by WatchGuard (we are a WatchGuard partner) provides much more layers of security than a basic firewall and are therefore a good fit for your business.
This the first of two blogs. In this one we look at a basic firewall, and one with the basic security features offered with a WatchGuard subscription. In the second blog we will look at WatchGuard’s Total Security features.
What is a firewall?
The earliest firewalls were just packet filters. They work by checking the IP Address in the packet header against control rules to decide whether to accept or reject the packet.
These basic stateless (unaware) firewalls were superseded more sophisticated stateful (aware) firewalls which can inspect packet contents and determine whether they are safe or not.
For example, for a basic firewall: At an airport ticket desk, if you have a ticket you are allowed to board. The limitations of these firewalls were soon exposed when criminals disguised threats within the packets, which led to stateful firewalls that inspected content. Continuing with the airport analogy, this led to x-ray machines being introduced so that content could be scanned for threats.
What is a packet?
When information is sent across the internet it is broken down into packets before being reassembled at its destination
Next Generation Firewalls (NGFW)
NGFW Firewalls added application inspection capabilities and WatchGuard have further developed these features within a Basic Security Licence.
Basic Security Features
- Intrusion prevention.
Early firewalls detected threats, which was really only half a job.Detection is akin to your home alarm which alerts neighbours, alarm company and potentially you by app if connected to the internet when an authorised attempt to enter occurs.Sadly, a criminal may still get inside.If you have dogs as well, that can prevent the criminal from making the attempt.
Like all analogies this isn’t perfect but hopefully brings to life the function of intrusion prevention.According to WatchGuard themselves Intrusion Prevention “uses continually updated signatures to scan traffic on all major protocols providing real -time protection against network threats…”
Also known as a Content Filter, WebBlocker can be thought of as security guard at an office block who checks all mail for the businesses within the building. He thinks nobody should get political deliveries so filters them out and doesn’t deliver them.A business can petition him to change his policy as an employee might petition their network administrator.
WebBlocker itself blocks known malicious sites and allows you to block inappropriate content, manage network bandwidth usage, and increase employee productivity.
- Gateway Antivirus
Think of the best night club you’ve been to. On the door there is a person (think of them as Gateway Antivirus…a leap, I know…) who checks everyone coming into the club. He listens to a live feed that updates him on the latest threats allowing him to react quickly to deny people (new threats) from coming into the club. If nothing is known about the threat, they are likely to gain entry.
On a WatchGuard Firewall, Gateway Antivirus continuously updates signatures to detect and block known threats and new variants, including spyware, trojans, worms, viruses and rogue ware. Heuristic analysis tracks suspicious data constructions and actions to prevent unknown viruses.
- Reputation based Threat Prevention
Taking the nightclub analogy further, the person on the door listens to multiple feeds and his list of denied people (threats) is continually updated based on their reputations.
In technical language, Reputation based threat prevention is a cloud-based service that aggregates data from feeds to provide you with real-time protection from malicious sites.
Imagine a high-tech postal service.Every single letter that’s posted is evaluated for potential threats.The service is typically able to identify new threats introduced into the system within minutes and can determine which letters are unique and which are bulk, regardless of language.
Spam accounts for more than 63% of all e-mail today and represents a major problem for most companies. WatchGuard spamBlocker provides you with real-time, continuous amdhighly reliable protection from spam and phishing attempts.
- Application Control
Your child needs to homework daily between 4pm and 5pm but is distracted by everything and anything. You put in controls to ensure the child can’t access anything but homework.
This is exactly what Application Control is. Within the workspace you want people to work, and to enable that, with Application Control you can block, restrict or allow applications based on a user’s role, department, and on the time of day.
- Network Discovery
If we go back to the house alarm system analogy, here the alarm company has an overall view of every house it monitors, so can easily see where there is risk, and can spot any alarm connected that hasn’t paid up to date.
In a similar manner Network Discovery generates a visual map of all the nodes on your network so you can easily see where you might be at risk. It helps you ensure only authorised devices are connected to your network.
Connexis is a WatchGuard partner based in Telford and can talk to you about the benefits in technical or in lay speak. Give us a call on 01952 52800. Part 2 takes a look at WatchGuard Total SecurityBack To News & Blog