Firewall network security: Thwarting sophisticated attacks

Firewall network security is still a critical part of securing an enterprise. Learn what sophisticated attacks a firewall can effectively prevent.

What are the most sophisticated attacks a firewall can repel by preventing or blocking traffic?

It’s important to understand the role firewall network security plays with respect to information security controls.  I would encourage enterprise security pros to think of a firewall as one layer in a set of defenses that comprise a defense-in-depth strategy, rather than as a standalone defense that protects against a specific set of attacks.  The reality is many potential attacks are thwarted because of the interaction of a series of defenses rather than a single control.

The basic function of firewall network security is to control the traffic passing between two networks and block any undesired traffic.  This is often expressed in the philosophy, “block anything that is not explicitly allowed.”  A firewall is like a gatekeeper, watching the network and inspecting each packet to ensure it meets network security policy before it is allowed to pass.

In serving this basic role, firewalls prevent many simple attacks from succeeding.  They can easily block reconnaissance attacks, such as port sweeps or IP scanning.  They also restrict remote access to workstations and servers in enterprise environments, in addition to providing a degree of isolation between a network and the Internet at large. This set up can be thought of as a fence that separates a network from the outside world.

Modern firewalls also incorporate and integrate with other security controls to provide an added level of defense.  These include intrusion detection and prevention systems, application-layer scanning, and other advanced defenses that monitor for and block sophisticated attack attempts.

However, firewalls will never protect a network against an insider attack. For example, a firewall placed at the perimeter of a network is not capable of protecting against an attack waged on an internal server by an employee.  Similarly, if a firewall is used to segment the data center network from the corporate intranet, that firewall will be unable to prevent more sophisticated attacks like a server-to-server attack. This underscores the importance of a layered defense; an in-depth approach that includes both host-based controls, such as host firewalls and access control systems, in addition to network-based controls.

This was last published in December 2011

Dig Deeper on Real-time network monitoring and forensics