{"id":9296,"date":"2021-06-16T22:16:09","date_gmt":"2021-06-16T12:46:09","guid":{"rendered":"https:\/\/agix.com.au\/?p=9296"},"modified":"2021-06-17T10:46:42","modified_gmt":"2021-06-17T01:16:42","slug":"what-you-need-in-a-firewall","status":"publish","type":"post","link":"https:\/\/agix.com.au\/what-you-need-in-a-firewall\/","title":{"rendered":"What you need in a Firewall"},"content":{"rendered":"
If you’re not filtering your internet traffic, you have a router, not a firewall. The good news is that most firewalls have features that can go a long way to protecting your IT and business resources.<\/p>\n
Let’s start with the different kinds of firewalls and their use-cases.<\/p>\n
Some networks have a single firewall that does all of those (the above) tasks. There’s nothing wrong with that provided that it meets the design and objectives requirements. You could imagine how this would look. You have a firewall with either many network ports that connect to your switches, or a trunk from your firewall to your switch(s). A good firewall has high-speed ports such as SFP+ ports (10G+) or 10G Ethernet or even fiber which us usually for connecting to internal switches rather than the WAN device (perhaps the ISPs router\/switch), unless you’re lucky enough to have a 10G Internet connection.<\/p>\n
Most firewalls these days can be used in hot\/cold HA. Ie, there are two firewalls of identical models that synchronize their settings\/config. If the primary goes off line, the secondary assumes the primary role.<\/p>\n
Features that really help prevent cyber incidents are IDPS (intrusion detection and prevention system), DNS filtering and GEO restrictions. They’re simple and low-cost or even free.<\/p>\n
Features that help with retrospective analysis are logs and SSL\/TLS termination (for detailed traffic analysis). They’re how one can form a theory.<\/p>\n
If you do nothing else, add the GEO restrictions and DNS filtering. Together they will do so much to prevent terrible things from happening. Here’s how. GEO restrictions can be used in blacklist or whitelist mode. Ie,<\/p>\n
If you only allow connections from your country, you block direct connections from hackers in other countries. You can still allow your computers (or your proxy server) to establish connections out. You can even block connections in both directions which prevents a virus on your computer (or ransomware) from connecting back to the hackers computer (in another country).<\/p>\n
DNS filtering helps prevent your computer(s) from connecting to untrusted computers on the Internet. DNS names with bad reputations or in categories such as drugs, porn, etc, can be blocked. It can also helps prevent viruses, bots and malware from connecting to command and control servers.<\/p>\n
I recommend the Netgate pfSense appliances because:<\/p>\n
If you’re not filtering your internet traffic, you have a router, not a firewall. The good news is that most firewalls have features that can go a long way to protecting your IT and business resources. Let’s start with the different kinds of firewalls and their use-cases. A “packet filter”<\/p>\n","protected":false},"author":1,"featured_media":8417,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[2,3,13,108],"tags":[],"acf":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/posts\/9296"}],"collection":[{"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/comments?post=9296"}],"version-history":[{"count":4,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/posts\/9296\/revisions"}],"predecessor-version":[{"id":9301,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/posts\/9296\/revisions\/9301"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/media\/8417"}],"wp:attachment":[{"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/media?parent=9296"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/categories?post=9296"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/agix.com.au\/wp-json\/wp\/v2\/tags?post=9296"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}