Why Your Firewall is Swiss Cheese

William Abrams Security 0 Comments

FBI director James Comey once stated that there are two types of companies: those who have been hacked by the Chinese, and those who don’t know they’ve been hacked by the Chinese. And according to The Daily Dot, the Chinese only account for half a percent of attacks on US companies. This is why firms like Target, Sony, and Home Depot end up in the news for all the wrong reasons – and why you need to think harder about your own business’ data security. But here is something you don’t know about hacking: it isn’t a problem of firewall technology. It is one of macroeconomics.

Security expert Bruce Schneier draws a parallel between data security and used cars. Specifically, in the 1970’s, Nobel Prize-winning research showed that price pressures drive good cars out of the market until only cheaper and poor quality cars remain. With many products, consumer herd behaviors punish the best manufacturers and turn markets into a race to the bottom.

This is essentially what happened in the late 1990s among firewall vendors. Some of the best firewalls became unpopular because of their high prices, and price pressures and Moore’s Law combined to push many quality firewalls and vendors out of the market. As a result, many of today’s vendors offer less capable products as their flagship offering.

Worse, modern corporate firewalls are often a Gordian knot of configurations. Even the smallest companies now have VPN tunnels, terminal server connections, remote desktop access with tools like LogMeIn or Citrix, and much more. It is a veritable smorgasbord of potential exploits while punching holes into that precious firewall. Throw in a lack of real-time analysis of all these connections, limited alert mechanisms, and your typical overworked network administrator, and most businesses have a looming potential mess on their hands.

So, what can you do to help your firewall besides tripling your IT staff?

Here are some practical steps you can take right now to be more secure:

» Don’t be a soft target. Whether it is corporate espionage or bored teenagers, hackers look for the easiest placed to “hit” – just like a burglar casing houses on the block. This means that a few simple tools can often harden your network and take you out of their cross-hairs. Things like brier patches (which slow down outside inquiries about your network), honeypots (fake targets that attract and then block hackers), and two-factor authentication (where authorized users use their smartphones or dedicated devices to obtain unique, single-use login codes) are easy to implement and give you an immediate margin of safety.
» Raise end-user awareness. People fret about terrorism but are much more likely to be attacked by a neighbor or an acquaintance. The same thing is true with data security. You might worry about Russian hackers, but people who use social engineering techniques like posing as repair technicians are much more likely to access your systems and breach your firewall. Limit points of approval and authentication, put strong policies and procedures in play, and continually educate people to use good situational awareness.
» Talk to the experts. Far and away, the best way to be safe is to get an outsider’s perspective – someone who can access your business and then put a realistic and cost-effective game plan in place. When CEOs and CIOs leave the critical questions of data security to their IT departments and vendors, they often end up with insufficient or biased answers that cost more and don’t address their real concerns.

The right resource should be able to create a strategic road map for data security, addressing everything from IT architecture to network resiliency, security analytics, and data infometrics. They should also be well-versed in soft issues such as risk reduction and client capture. Above all, they should ultimately save you money in both the short and long term.

So yes, your firewall probably is like Swiss cheese. And you are probably more vulnerable to hacking than you think. The good news is that you can raise your own awareness and manage these risks.

by Bill Abrams

Leave a Reply

Your email address will not be published. Required fields are marked *