Does a firewall protect against application attacks?

I have a stateful inspection firewall protecting our network. There are some "one-to-one" NAT settings, so we can...

Step 2 of 2:

You forgot to provide an Email Address.

This email address doesn’t appear to be valid.

This email address is already registered. Please login.

You have exceeded the maximum character limit.

Please provide a Corporate E-mail Address.
- I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.
Please check the box if you want to proceed.
- I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.
Please check the box if you want to proceed.

send and receive e-mail. Are we still vulnerable to application attacks (like the Windows OS vulnerabilities) if we have a firewall? Is there something else we can do to protect ourselves?

Firewalls do not stop everything. There are some Windows vulnerabilities that can be exploited by malicious Web sites. If a user visits that site, they are "had." Since your firewall probably allows users to surf the Internet and allows Internet responses to come back through, those attacks sail right through the firewall. Other exploits come in via e-mail, typically in attachments that users open without thinking about where they came from.

Some things you can do are:

Ensure that your firewall settings are correct. The default settings are typically not what you need.

Consider disabling Active-X and Java in your browsers. While this can stop some malicious sites from attacking, it can also limit your functionality. Perhaps you can add sites that you need to use Active-X or Java to your Trusted Sites Zone (in Internet Explorer you can put sites into different zones) and allow the use of those tools in the Trusted Sites Zone, but not the generic Internet Zone.

Limit what types of attachments are allowed to pass through your firewall.

Have antivirus software both on the desktops and the e-mail server, and ensure that they are updated regularly.

Monitor the Web sites of all your software vendors and ensure that your patches are kept up to date.

Continue to read SearchSecurity.com and other security sites to be among the first to learn of new exploits and how to prevent them.

For more info on this topic, visit these SearchSecurity.com resources:

Best Web Links: Infrastructure and network security

Dig Deeper on Application firewall security

SearchCloudSecurity

Security Think Tank: How to realise the benefits of security zoning

Security Think Tank: Three areas of web security challenges

Layered security approach can thwart VoIP attacks

A few ways to configure Linux firewalld

Please create a username to comment.

Use these CCSK practice questions to prep for the exam

CCSK cert guide author's insights into cloud security credential

Comparing single cloud vs. multi-cloud security challenges

Small vendors that stand out in network automation

Top 5 VPN myths and misconceptions for IT organizations

How to build a network monitoring business case

How CIOs can combat the IT talent shortage

How companies can ensure success working from home

What is the future of hybrid cloud for businesses?

How to optimize the digital workspace experience

How to safely stop unnecessary Windows 10 services

5 macOS management software options for the enterprise

Compare the 3 types of private cloud

How to deploy Terraform code in an Azure DevOps pipeline

VMware Cloud Foundation to run on new Google Cloud service

MoD cuts through competition barriers to sign direct private cloud deal with Microsoft

Ericsson enables commercial 5G network for Telia in Stockholm

Lack of clarity around 5G fuels misconceptions about next-generation networks

Dig Deeper on Application firewall security

Security Think Tank: How to realise the benefits of security zoning

Security Think Tank: Three areas of web security challenges

Layered security approach can thwart VoIP attacks

A few ways to configure Linux firewalld

Start the conversation

0 comments

Register

Login

Forgot your password?

Your password has been sent to:

Please create a username to comment.