A firewall can stop a hacker completely or deter them to choose an easier target. For example, a network attacker can use a firewall to restrict access to certain ports or hosts. We could classify those areas as “high” or “low”.
A firewall can also intercept and discard data packets, but these don’t matter much on normal usage, because we’re not interested in information about the device, the users, or the network.
A firewall can also control network traffic, except for traffic that is authorized by the device owner.
It should be noted that in any case, firewall security is only as strong as the least privileged attacker’s configuration. If a firewall manager can intercept or spoof network traffic, the security of the firewall itself can be compromised. We’ve shown how to test this problem.
I have to clarify here. I don’t just mean just monitoring incoming and outgoing network traffic. Any form of activity that impacts traffic flow should be banned. Many firewall applications only allow the sending of connection requests, while blocking the sending of connection responses. This may not be a huge issue on your data center firewall, where traffic flow is low and monitored by even the weakest user or the smallest device. However, in your corporate environment, more packets are being sent over the network and security should be even higher than in the company-wide setup.
We’re assuming we’re doing this before creating our device’s policy, which is where the big problems will begin. Don’t forget to write up your firewall rules and your device’s policy before you connect it to a network.
We don’t need any sort of complex firewalling solutions. As we’ve discussed before, only simple rules and no user-land configuration should be necessary.
We should limit our security to the domain where our device lives.
It should be possible to limit access to the device to specific users. What’s even better is to allow the device’s own administrator or users to access it. This should be your default, because it gives the least total exposure and costs as little as possible. The main benefit of the latter is that every firewall administrator can have multiple IP addresses on his/her network, which is handy when different users from different domains need access to the same devices.
If we’re working on our own network, we’re using local, internal network interfaces (there may be more for high-density deployments, but at the very least, assume that we have local network interfaces). This would not be a problem in most cases, but it is good to realize that we’re putting ourselves at risk if we can’t protect our devices with additional security devices.
Some traffic can only be passed through a firewall in a specific method. Therefore, we should be aware of it.
Any route through a firewall must be authorized by the firewall administrator.
Access to a firewall should be restricted to specific users. There may be other reasons for the restriction, but they should not make the restriction meaningless.
Certain network protocols are only authorized over the local subnet, for example, IP packets cannot be sent over a VPN, unless there’s a VPN client on the same subnet.
Regardless of whether you have a firewall, be aware that other, possibly more important, network protocols such as DNS, HTTP, or SSH do not require direct access to the firewall, as they are usually routed through a gateway. You can go to website to know more about cybersecurity.