My organization's security budget is strapped, but we still need to improve our firewall performance. I've read...
that free blacklists can be used along with firewall data to spot otherwise unnoticed attacks. Is this true? What should organizations look for in a free website blacklist?
Ask the Expert
Have questions about enterprise security? Send them via email today! (All questions are anonymous.)
In short, yes, this is true. If your organization's firewall is behind the times, or if you simply don't have the manpower to devote to the proper maintenance of the firewall, a temporary work-around is to utilize your firewall in conjunction with an open source website blacklist.
A good example of this is the OpenBL project. The way this works is that a firewall must maintain some sort of updated connectivity with the open source blacklist infrastructure and allow for the downloading of known nefarious URLs and IPs. This amounts to a very cheap way of keeping your firewall updated. What should be stressed here is the fact that this should never be viewed as a permanent solution to professional firewall maintenance. This technique should be considered temporary or an add-on to an already robust firewall infrastructure.
In terms of what to look for, that's a very difficult question to answer, as there are many ways that this can backfire on your organization. For example, it wouldn't be that hard for an attacker to configure a "free blacklist" website that begins to feed your firewall a long list of valid websites that are frequented by your organization's end users -- effectively using your own firewall as a mini denial-of-service tool. Therefore, when choosing a free blacklist website, go by overall reputation. As mentioned above, the OpenBL project has a fairly honest reputation, and you can rest assured that the list of nefarious sites that it feeds your firewall infrastructure are legitimately bad sites.
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Brad Casey
Allowing users to tunnel through a firewall to access any site creates a security risk. How big of a risk is it? It depends on how much you trust ... Continue Reading
Our IT organization needs to secure customer names, but also needs to conduct searches on the entire customer database to match and merge records. Continue Reading
Don't treat physical and virtual machines' security differently. Since VM security issues threaten the whole infrastructure, here's how to stop ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.