Do organizations need hardware firewalls when the network already has host-based software firewalls? Wouldn’t it add cost and complexity to networks? Wouldnt system protected by host-based software firewalls just as secure as having a hardware firewall if they are implemented appropriately?
“Firewalls actually come in two distinct flavors: software applications that run in the background and hardware devices that plug in between your modem and one or more PCs. Both types hide your PC’s presence from other systems, prevent unauthorized access from external sources, and keep tabs on network traffic across the firewall.” (Desmond, 2004)
The host-based software firewalls are good for the host; but not for the network that the host is connected to. A hardware-based firewall is required for:
Network address translation (NAT) to prevent exposure of internal IP addresses,
Port management to close unsolicited access to your host,
Stateful packet inspection (SPI) to inspect for unsolicited incoming traffic,
Virtual private network to support connection remote connection and the host,
Activity logging and alerts
Content and URL filtering
The hardware-based firewall is easy to implement and saves computing resources on the host. Malware on the host can bring down the firewall on the host, but not the hardware firewall.
While the hardware-based firewall can protect threats from outside the network, the software-based firewall helps to protect from attacks within the system. Software-based firewalls help to detect unauthorized outbound traffic from the host. A user can pick and choose which application can talk to peer hosts as well as external systems and may not be able to do this with hardware-based firewalls. Continue reading “Hardware or Host Based Firewalls”
Identity card issued by the employer is the typical mechanism to identify an employee. However, verifying each and every card presented by personnel requires a dedicated person or an automated system. Credentials, such as an identity card, are more effectively verified using an automated system. However, most of the verification systems are incapable of verifying if the person who presented the credential is actually its owner. Similar is the case where passwords or PINs are used as credentials.
Buddy punching, otherwise known as ghost punching or proxy punching, is an activity where tardy and absent employees will have their co-workers “punch” the time clock for them. This activity alone will significantly impact the profitability of a company that ends up paying wages of employees who never showed up for work. The company not only get ripped off, but the entire operation may be degraded by a shortage of personnel.
There is always a chance of sharing any type of information or material, which the employee is required to know or carry, granting unauthorized access to employer facilities. Use of biometrics will avoid such chances as the verification of the credential is what the employee is – not on what they know or have. Fingerprint, hand print, face, and eye are some of the popular biometrics used for personnel identification.
Ever found your bank statements on Facebook? How about your health records and business plans? That’s what happened to a friend-of-friend of mine. My friend found her friend’s family pictures, health records, business plans and bank statements on Facebook.
The friend-of-friend engaged me to help her out from this as she had no clue how all these information ended up on a Facebook wall. Apparently the friend-of-friend is a business woman and a millionaire who travels a lot to Asian countries such as Malaysia, Singapore and India.
She recently had to undergo a brain surgery in India for which a lot of information was exchanged to her doctors and friends via Gmail. Information includes her health records and bank statements from Canada. She also used this account to exchange business plans with her partners as well as family pictures with her friends.