Having a strong firewall should still be the first line of defense for any organization looking to ensure its digital assets are secure. Yet while this solution is an indispensable part of any IT security landscape, it should not be relied on as the only option.
There are many threats businesses face where a firewall alone won't be enough to protect them. Indeed, with cybercrime now such a huge business, and hackers becoming ever-more organized, criminals are constantly coming up with new ways to get around firewall defenses and gain access to valuable resources within networks.
So what should you be looking at if you want a comprehensive security solution? Here are a few types of attack that your firewall alone won't be able to stop.
Malicious use of authorized devices
While today's firewalls offer a wide range of features, at heart, they are still a blunt object with the primary purpose of preventing unauthorized connections from accessing your network. But what if you're attached via a connection that you have given permission to? In this case, it can be easy for an attacker to simply breeze straight past the perimeter defenses.
For example, an attacker may be able to gain access by piggybacking on authorized connections such as a VPN. Or, they can use a man-in-the-middle attack to take control of an authorized communications stream and insert their own commands. To counter this, it's important to encrypt any communication that can potentially be hijacked, and restrict VPN access to critical systems.
No matter how secure a firewall is, if the operating system or applications it's protecting has vulnerabilities, it may be easy for a hacker to bypass it. For instance, there are many exploits in Windows that can be utilized by attackers. All they have to do is convince a user to visit an infected web page and they can get in.
Therefore, it's essential that organizations ensure all their operating systems and applications are always patched to the latest versions, while you should also keep antivirus tools up to date and consider disabling applications with known weaknesses where this will not impact functionality.
One particular type of vulnerability to be aware of is those where an application connects with a database, which can leave firms exposed to SQL injection attacks. One of the most serious hacking threats any business can face, these can cause huge damage by enabling criminals to effectively take over critical databases, gaining access to sensitive information and running their own commands to take over other critical systems.
Firewalls are often no defense to this type of attacks, as they operate at the application layer. To defend against these issues, businesses must take steps to validate user-supplied data, in the form of whitelisting or blacklisting, as well as construct SQL statements in such a way that user-supplied data cannot alter commands.
A increasingly common tactic, social engineering attacks look to take advantage of what is often the weakest link in any network's defenses: the people that use it. Whether it's a phishing email looking to trick a user into handing over their login credentials or a criminal contacting someone by phone pretending to be a system admin requesting access, hackers can easily get around a firewall with minimal effort. Therefore, consider putting in place requirements such as two-factor authentication, which can prevent compromised passwords from being used. User education on the risks posed by social engineering is also vital.
Bypassing the perimeter
While firewalls aim to block access to a network at its perimeter, there may be many loopholes and exploits in complex networks that allow hackers to gain access by bypassing it completely. The more sprawl a network had, the more likely there will be hidden, unprotected paths that connect business and industrial networks. Or, an employee may inadvertently set up an unsecured wireless access point for convenience that could act as an open invitation.
To counter this, it's important for admins to keep a close eye on their networks and look to ensure they are as simple as possible, which makes for easier monitoring and identification of any holes.
Finally, while it’s not a 'hack' as such, businesses should also not overlook the physical security of their organizations. If a criminal finds a company has invested large resources into the most up-to-date, secure cyber defenses available, they could spend time and money looking for new ways to get around them - or they could ignore all that and walk through the front door into an unsecured server room, where they'll have free rein. Network security needs to be backed up by strong physical defenses, otherwise all the good work the firewall does will be for nothing.