Hardware or Host Based Firewalls

Do organizations need hardware firewalls when the network already has host-based software firewalls? Wouldn’t it add cost and complexity to networks? Wouldnt system protected by host-based software firewalls just as secure as having a hardware firewall if they are implemented appropriately?

“Firewalls actually come in two distinct flavors: software applications that run in the background and hardware devices that plug in between your modem and one or more PCs. Both types hide your PC’s presence from other systems, prevent unauthorized access from external sources, and keep tabs on network traffic across the firewall.” (Desmond, 2004)

The host-based software firewalls are good for the host; but not for the network that the host is connected to. A hardware-based firewall is required for:

  1. Network address translation (NAT) to prevent exposure of internal IP addresses,
  2. Port management to close unsolicited access to your host,
  3. Stateful packet inspection (SPI) to inspect for unsolicited incoming traffic,
  4. Virtual private network to support connection remote connection and the host,
  5. Activity logging and alerts
  6. Content and URL filtering

The hardware-based firewall is easy to implement and saves computing resources on the host. Malware on the host can bring down the firewall on the host, but not the hardware firewall.

While the hardware-based firewall can protect threats from outside the network, the software-based firewall helps to protect from attacks within the system. Software-based firewalls help to detect unauthorized outbound traffic from the host. A user can pick and choose which application can talk to peer hosts as well as external systems and may not be able to do this with hardware-based firewalls. Continue reading “Hardware or Host Based Firewalls”

Acknowledging Non-Applicable Threats

Is it important to account for or acknowledge risks that may not apply to an organization or system? What if you identified a risk that you would typically consider for but would not use due because of the context. Say, for example, your organization is not in a floodplain however it is usual to consider for the flood risk for all locations of your organization. What if you have validated with FEMA 100 Year Flood Zones that the total risk facing the organization is very low since it is not in a location that requires flood insurance? Do you still need to acknowledge the possibility of the threat occurring?

I believe it is essential to acknowledge the risk. We need to document it as very low risk, and very minimum safeguards are required as part of risk assessment. The building code of the location would define minimum safeguard. However, there could be situations where the asset value of the site is very high that you cannot ignore the risk altogether. Say the location is the primary data center for the organization. In such situations, the organization must implement all appropriate controls required to protect from the flood. The assessment needs to be revisited periodically to determine if the risk is significant or not at that time. Each evaluation must be based on current facts and numbers at the time. Continue reading “Acknowledging Non-Applicable Threats”

Emerging Threats

To determine what are the emerging threats, we need to know what are emerging technologies. According to World Economic Forum, the following are emerging technologies:

  1. Nanosensors and the Internet of Nanothings
  2. Next Generation Batteries
  3. The Blockchain
  4. 2D Materials
  5. Autonomous Vehicles
  6. Organs-on-chips
  7. Perovskite Solar Cells
  8. Open AI Ecosystems
  9. Optogenetics
  10. Systems Metabolic Engineering.

Correlating this with 2016 Verizon Breach Report, I believe malware to command and control (C2) and then to compromise accounts and devices would be the top in coming years especially for the merging technologies like nanosensors with IoT, the blockchain, autonomous vehicles and open AI ecosystems. A compromise of these technologies would impact privacy. That doesn’t mean other technology would not have an impact. The same techniques would be used for cyber espionage and intellectual property theft. Most of the attack would happen over the Internet. Continue reading “Emerging Threats”