Firepower

Security vendors are touting holistic solutions as they attempt to exploit every market opportunity. However, if local businesses are to ensure that their operations remain secure, each component of their security strategy must be best-of-breed. One of the key elements is the firewall, which plays an important role in creating a secure network and protecting corporate data.

  • E-Mail
By  Alicia Buller Published  September 25, 2004

|~|joe200.jpg|~|Joe Tesfai, group IT director, Jumeirah International|~|As much as businesses would like to have a 100% secure network, it’s simply not possible unless they cut themselves off from the outside world completely. In today’s increasingly networked business environment though, this is highly unlikely as a growing number of third parties, such as partners, customers and suppliers, often need access to an organisation’s network. To adequately protect business assets from intruders, while also allowing select parties in, local companies need to carefully consider their perimeter defences and make use of firewalls. Firewalls can help prevent unwanted intrusions and leakages into a company’s IT network. They are essentially a gateway that restricts and controls the flow of traffic between networks, typically between an internal corporate network and the internet. The demand for this layer of defence has increased globally. Firewall shipment increased by 27% in 2003, according to research firm In-Stat. Furthermore, local distributors have noted a surge in demand. “Users in the Middle East are becoming much more aware of security, especially lately. Two years back, we all knew that there were hackers out there, but it wasn’t overwhelming. Locally, only about 40% of companies had security measures, but now it’s more like 90%. There’s so many new worms and strands out there,” says Michael Cruz, a technical expert for D-Link, which has just released a desktop firewall exclusively for small businesses. Although security threats to networks remain high, IT has become critical to businesses. Almost every organisation relies on its technology infrastructure to create, transport and store its data and transactions. “Years ago, the IT function was not related to the core business, it was simply a complementary function. People relied on their physical documents, not IT. So if there was an IT security breach it wasn’t really a problem,” says Mohamed Halawa, territory manager at Stonesoft. Now companies can’t live without IT — their core business is dependent on it. For example, take a bank, which runs all its transactions on a core app. If the system goes down, everything will stop — the bank will be paralysed,” he says. The upsurge in firewall demand is directly linked to increased corporate dependence on IT, and to the growing list of malignant threats an IT network faces: hackers, spam, disgruntled colleagues and data thieves, to name but a few. The rise in mobile computing in the Middle East also means that corporate networks are more exposed to home users, who may unwittingly let intruders in via unsecured access points. In addition, companies are growing and networking more with outside office locations and third parties, so they are more vulnerable. “The moment you start to connect business islands with a wide area network (WAN), you’re opening up your corporate network to the world. That’s the moment you need a firewall,” says Joe Tesfai, group IT director at Jumeirah International. “Wherever you have lines going to the outside world, you need a firewall. Those are your weak points,” he advises. Firewalls act as guards at port entry points on an IT network — where the computer exchanges data with other devices on the network. They ensure the data packets that request permission to enter the computer meet certain criteria that are established by the business. Firewalls operate in two ways, by either denying or accepting all messages based on a list of designated acceptable or unacceptable sources, or by allowing or denying all messages based on a list of designated acceptable or unacceptable destination ports. From a business point of view, this translates to ‘who do I want to allow to access to my network and how?’ It’s important to note that, though the firewall is undoubtedly an integral part of any company’s security policy, it is not usually effective as a standalone component. In light of the complexity of today’s IT network intruders, most companies are investing in integrated security solutions that incorporate a firewall, an antivirus solution and an intrusion detection system (IDS) to intelligently detect intruders. ||**|||~|Mirza200.jpg|~|Mirza Asrara Baig, CEO of IT Matrix|~|“The threat to application security is therefore no longer something that organisations can afford to overlook, and in order to provide the necessary level of protection enterprises will have to go beyond the firewall for an effective solution,” says Nick Garlick, managing director at Nebulas Security. “So nowadays a [complete] dedicated security solution is vital,” he advises. However, like most integrated solutions, they may provide convenience but not necessarily the optimum quality that a user would get from standalone product. Whether a company needs to invest in a standalone solution depends on its traffic levels. “The way to put together a security solution is to mix and match. This gives the optimum security and flexibility, perhaps necessary for large [organisations] that are dealing with realtime transactions, such as banks, airlines and telecoms,” says David Michaux, CEO of ScanIT. “However, the integrated boxes will suffice for smaller companies.” When selecting a firewall, an end user organisation must find one that offers the appropriate level of defence. This will, primarily, depend on its business and what kind of traffic it exchanges with the rest of the world. Security decisions should always be driven by a business need. “The IT manager has to look at the processes the business is running and understand the business first, to see what type of customisation it requires,” says Mirza Asrara Baig, CEO of IT Matrix. All firewalls basically perform the same function, but to different levels. Hardware-based firewalls such as Cisco PIX are often more advanced and robust. But, as a result, they command a high price tag. Though less expensive, software versions are more open to corruption, although they usually suffice for low volume traffic. It’s not the size of the company that should dictate the choice of the firewall — it’s the amount of users connecting to the outside world. Fred van der Vyer, who heads the managed security services department for Al-Suwaidi Group’s Information Management Technology (IMT) arm, has recently rolled out an integrated Symantec security solution across nine of the Saudi conglomerate’s departments. van der Vyer is well versed in the business of firewall implementation. “The basic difference [in firewall capability] is the level of throughput it can process. The more traffic there is, the more memory it will be needed. Larger firewalls also include a hard disk for caching,” he says. “If a company has 100 users who are all online doing constant research, it will definitely need a device that’s got its own integrated memory, storage and boot up configurations, so that it doesn’t strain the server. But if there are 100 users who don’t use the net much then they can still get away with using a software device.” A lot of major security vendors tend to focus their solutions on the enterprise market — hence small companies should be careful in selecting their security solution. “The type and volume of information throughput should dictate [a company’s] choice of firewall. Some firewall technologies are quicker than others but whether the company requires such a level of performance is another matter,” says Dean Bell, regional director of Borderware. “As a true perimeter security device, anything with performance quicker than the internet would be like using a Ferrari to drive around the streets of London — a bit of an overkill,” he advises. However, there was no danger of overkill with IMT’s huge security rollout for 600 end users at the Al-Suwaidi Group. van der Vyer and his technology team decided to implement a complete security solution for the conglomerate, which included IDSs, an industry-strength Symantec firewall, an automated security manager and an antivirus solution. “It has become so important to protect our information. We believe a lot of people have no awareness of how much their data and information is worth to them, and how much they can jeopardise their future by not protecting it,” says Jassim Al-Suwaidi, vice chairman of the board and president of the Al-Suwaidi Group. “In such a competitive environment we want to make our customers feel safe. We want to assure them of our commitment to securing our information,” he adds. In lieu of such a competitive environment, firewalls have come a long way since they first arrived on the scene over a decade ago. Firewalls are basically split between three types of information handling: packet filtering, stateful inspection and application proxy. Packet filtering is fairly effective and transparent to users, but it is difficult to configure. These types of firewalls have relatively good performance and examine traffic by examining the data packets to ensure they are accepted only from a known source and delivered only to their intended destination, based on user-defined rules. However this type of technology is not aware of the direction of the traffic, be it incoming or outgoing. This factor, combined with its relatively basic inspection of traffic, leaves it open to criticism regarding its effectiveness at protecting a network from attack, particularly when it comes to IP spoofing. Stateful inspection generally combines the speed and broad protocol support of packet filtering firewalls with the added security and support of complex protocols of proxies to handle specific traffic. By inspecting all the traffic, looking for security-related information, and using this data the firewall makes smart decisions regarding which traffic should be accepted or rejected. A proxy firewall has specific rules to handle traffic from specific applications or protocols, which allows deeper interrogation of network traffic. By interrogating all incoming and outgoing traffic the proxy server effectively hides the true network addresses, adding to the level of security offered. It creates a number of client/server and server/client sessions for each protocol, which means the security level is generally high but sometimes performance can suffer because of the depth of the monitoring. Companies such as Dubai-based Borderware offer firewall solutions that combine the best of all three technologies. “[It’s] primarily an application proxy firewall which offers the security of examining traffic based on the application it is from, or intended for. In addition, it includes packet filtering and stateful inspection to protect the application proxies and servers,” says Bell. “These combined technologies can provide a secure and highly certified firewall.” Once a company has selected the right firewall or integrated security solution for its needs, then comes the most important phase: the implementation. As with any technology, even if it’s best-of breed, incorrect configuration renders it redundant. “You can get the best firewall in the world, but with the wrong implementation, it’s going to be worse than the worst firewall in the world with the right implementation. The more you plan, the better,” says Stonesoft’s Halawa. Jumeirah International’s Tesfai, who manages the IT infrastructure for a network of 2500 users, couldn’t agree more. “We’ve recently revamped our whole security infrastructure, including updating our Cisco PIX firewall, and brought on board a dedicated security team that is knowledgeable in implementation and security processes,” he says. “A lot of firewalls [in the region] are implemented by the vendor with the manufacturer’s default configurations. Unfortunately, the knowledge is not there yet, and all they care about is moving boxes. The hackers already know how these are set up and if you don’t go in and close those loopholes, you’re totally done,” Tesfai warns. If a company doesn’t have its own inhouse certified security team to check the firewall configurations, it’s important that it doesn’t immediately put all its trust in a security vendor. It is advisable to hire an independent security consultant when implementing a solution for the first time. It is within most security consulting firms’ remit to guarantee their client so that they are safe from hackers and they can be held liable for any security breach. This isn’t the case with vendors, who are simply pushing security boxes. ScanIT’s Michaux is optimistic about businesses in the Middle East using the services of security consultants when implementing security solutions. “[Before] the [regional security] market was product-based and, basically, people weren’t really using the products properly. But in the last couple of years we’ve seen a huge change in demand from product-based to services-based,” he says. “About two years ago companies started to develop their own inhouse security teams to implement their own products and then they’d ask us [ScanIT] to come along and audit it and make sure everything is in place,” he adds. As the hackers get smarter and attacks get more complex, firewalls and other security layers will have to be creatively combined to ward off potential attacks. The more layers that are in place the harder a company will make a hacker’s job. However, at the moment, that’s all that security solutions can do — simply make the hacker’s project more tedious — as there’s no solution in the world, yet, that is totally 100% secure. This is why any security implementation also has to be tightly intertwined with an effective company policy that ensures each layer is carefully mapped to the needs of the business and is backed up by procedures for regular monitoring of loopholes. “It is imperative that companies protect their networks against attack. They [attacks] are no longer only launched against governments, prominent organisations and financial institutions, attacks can happen to anyone, large or small,” advises Bell. “Anyone with a connection to the internet requires a firewall or some form of access control, whether this be a large corporate, SMB or even individuals who are connected by broadband or dial up at home,” he warns. ||**||

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code