If you're asking employees to log into your business network from their homes or other locations, a network firewall can help keep out uninvited guests.
Don't make the mistake of thinking your business isn't a target — hackers automatically scan the internet looking for hackable networks.
Many businesses find that offering employees remote access is important for productivity, allowing people to get things done when they're out on the road or working from home. Remote access is the cornerstone of a mobility strategy, plus it can be a key part of your business continuity strategy to ensure that you can keep the lights on — even if people can't make it into the office.
The COVID-19 pandemic is the perfect example of how remote access can underpin business continuity, letting your people keep working even when they're forced to stay at home.
Related: Data security — why hackers target small business websites
How to secure your network firewall
A network firewall separates your business network from the internet, keeping hackers breaking into business-critical systems where they can do all sorts of mischief. Once you have a firewall (free or paid), here are a few ways to make sure it does its job:
- Map out firewall zones and IP addresses.
- Configure access control lists.
- Set up other firewall services and logging.
- Test your firewall configuration.
- Manage your firewall.
Let’s start by explaining what’s at stake and the various types of firewalls available to you.
The perils of remote access
The benefits of allowing employees to work wherever they like are obvious. But opening up your network to outside access over the internet brings with it security challenges.
Sometimes people who aren’t legitimate employees try to sneak in.
Attackers attempting to break into your network are sometimes in search of your private business data, whether it be part of an industrial espionage attempt or a ransomware attack.
Other times, infiltrating your network can be the first step in a long con, with scammers doing reconnaissance before launching a social engineering attack to trick your staff into handing over private data or transferring money to an offshore account. Hackers took full advantage of the COVID-19 pandemic to ramp up their attacks.
These clever crooks are hoping to catch businesses off guard as they come to terms with the security challenges of working remotely.
You need a security guard on the virtual door, keeping a close eye on everyone and everything that goes in and out.
On closer inspection
A network firewall is basically that security guard protecting the door, keeping uninvited guests out of your internal intranet and other business IT systems. The firewall is your first line of defence as it:
- Examines all traffic entering and exiting your network
- Follows set rules for distinguishing between legitimate and suspicious activity
- Blocks any unauthorised traffic
In the process, it can also guard against security threats such as viruses and malware.
Types of firewalls
When planning your network defences, it's important to appreciate that not all network firewalls are created equal. Firstly, there are two main kinds of firewalls: hardware and software.
Hardware firewalls
Hardware firewalls are a physical device that plug into your office network to act as a gateway to the outside world. It might be a stand-alone firewall appliance or the firewall might be built into other networking gear such as a router. This is generally how a network firewall works.
Software firewalls
Meanwhile, software firewalls run on an end device such as a notebook or desktop PC. Windows has built-in firewalls, or you can install a third-party firewall.
Software firewalls monitor traffic coming in and out of a single machine, but can’t combat more sophisticated network attacks.
Firewalls can also perform a range of different tasks, sometimes offering several different forms of protection at once. For example:
- Application-layer firewall: Applies rules to each application, to help identify and block attacks.
- Packet filtering firewall: Examines every packet of data that passes through the network, regardless of its associated application. This can be more effective than just using an application-layer firewall, but can also be more challenging to set up correctly.
- Circuit-level firewall: Applies security when a UDP or TCP connection is established, hiding some information about your network to make it harder for intruders to gain access. Once the connection is established, traffic across that connection is not monitored.
- Proxy server firewall: Checks all messages that enter or leave a network, and hides the real network addresses from outsiders.
- Next generation firewall (NGFW): Filters traffic moving through a network, according to applications or traffic types and the ports they are assigned to. This approach blends a standard firewall with additional functionality to offer deeper traffic inspection.
- Stateful firewall: Sometimes referred to as third-generation firewall technology, stateful filtering classifies traffic based on the destination port, while also tracking every interaction between internal connections to better detect threats within the network. This makes it easier to apply sophisticated rules by expanding access control granularity.
As you can see, different types of firewalls provide different kinds of protection. Some require the services of a professional to set up.
Taking extra precautions
Another useful way to protect your network is to insist that remote workers connect via a VPN (Virtual Private Network) gateway rather than over the open internet.
A VPN gateway keeps uninvited guests out of your network and provides end-to-end encryption to authorised users.
This ensures that no one can snoop on their data as it travels across the internet between your network and their computers. Some VPN gateways can also apply in-house firewall rules to external computers to help maintain robust security practices.
Other remote access options include:
- Portal access. Allows employees access to company data and applications through a browser-based webpage or virtual desktop.
- Remote computer access. Allows employees to remotely control a computer in the office, which has access to internal resources such as the intranet and IT systems.
- Direct application access. Allows employees to remotely access a single application located with the network.
For most businesses that allow remote access, guarding against a security breach requires a combination of tactics.
How to button up your firewall
The first step in setting up your network firewall is to limit administrative access only those you trust, advises networking giant Cisco. After this you need to secure your firewall by implementing at least one of the following in order to keep out would-be attackers:
1. Map out firewall zones and IP addresses
Identity your network’s assets and plan out a structure where assets are grouped based on similar sensitivity level and function, and combined into networks or zones. These typically range from least sensitive information/widest access to most valuable/highly restricted access.
2. Configure access control lists
Create firewall rules called access control lists, or ACLs, to determine which traffic needs permission to flow into and out of each zone.
3. Set up other firewall services and logging
If desired, enable your firewall to act as a dynamic host configuration protocol (DHCP) server, network time protocol (NTP) server, intrusion prevention system (IPS) and any other required services. Disable any services you don’t intend to use.
4. Test your firewall configuration
Verify your firewall is blocking traffic that should be blocked according to your ACL rules.
5. Manage your firewall
Once your firewall is configured and running, you will need to maintain it. Be sure to update firmware, monitor logs, perform vulnerability scans and review your configuration rules every six months.
Conclusion
COVID-19 has sent employees around the world home to work, raising new security issues for small businesses.
With your network firewall set up correctly, you can keep private business records and information safe while opening up access for your people so they can remain productive wherever they are.
