Our Blog

10 Commandments for your next firewall!

Next-generation firewalls allow the identifying of applications regardless of port, protocol, or evasive tactic.

It is already a trend that hackers hide threats within the users’ favorite applications. This fact should not be underestimated, particularly by the business sector that supports part of its work on a computer network.

It is natural to wonder then if your firewall effectively controls all applications for the benefit of your company.

The selection of a next-generation firewall should not be done arbitrarily, first the desired security functions and performance should be taken into account. This way we will be able to determine your ability to manage risks.

We explain the 10 key requirements that your next firewall must meet for the sake of corporate security.

1. To identify and control applications in any port: The network applications are able to run on non-standard ports or skip ports.  That is why the firewall you choose should classify the application traffic on all ports at all times, by default.

2. To identify and control the security circumvention tools: A small number of applications, such as external proxies or non-encrypted tunnels unrelated to the VPN, can intentionally evade the security policies of your company. Therefore your firewall must identify these evasion applications.

3. To decrypt the outgoing SSL traffic and to control the SSH: Nowadays most applications use SSL, so it is necessary to decipher, classify, control and explore all traffic on the network with this security protocol by means of a firewall that can also set control policies over decryption in thousands of simultaneous connections, with predictable performance. It should also monitor the use of the SSH protocol (for remote access and secure data backup) and determine whether it is being used for port forwarding.

4. To provide functional control of applications: A wide variety of platforms like Google, Facebook or Microsoft offer users a set of applications that can carry serious threats. Your next firewall must continually classify each application and perform systematic supervision of the state, in order to understand their different roles and risks.

5. To systematically administer the unknown traffic: The firewall that you require must classify traffic on all ports and manage it systematically through customized signatures by sending a PCAP of the commercial applications for further analysis.

6. To look for threats in all applications and all ports: This requires a firewall that tracks an application, regardless of the port or encryption, which allows or denies as appropriate, and to analyze the components tested for potential attacks.

7. To perform regular inspections of all users, regardless of location or device: Your company’s firewall should allow visibility of applications and the control of the remote traffic in any connection environment.

8. To simplify network security with application control: The addition of more security management devices will not reduce the administrative effort of your company, or decrease the response time to incidents.  The important thing is to have a firewall that allows the construction of policies to directly support all your business initiatives.

9. To offer the same capacity and performance with full control of applications: Your firewall should have a hardware designed to perform processing tasks, meaning to say, a specific system dedicated to networking, security and content analysis.

10. To support the same firewall functions, in the form of hardware or virtual: Today we face a growing development of virtualization and the cloud, which introduces new security challenges.  For that reason, a next generation firewall is necessary, capable of protecting traffic flowing in and out of the data center and in virtualized environments.

In our next articles we will offer you some firewalls that combine requirements like these.  Globenet International, with nearly 20 years of experience, supports the recommendation and can be your best ally in the purchase of this important technology!

Globenet price promotion!! Do not miss this unique opportunity. This might be what you need in your company and at the cost you could not imagine!!!

Remember, you can contact us 24 hours a day, seven days a week!

Comments