firewall-cant-stop-blur

What firewalls can't fix – and what to do about it

Back in the early days of the Internet, firewalls were invented to keep out the bad guys — similar to an electric fence around a building compound. But times have changed.

Evolution of network threats

Firewalls have evolved and become much more sophisticated. So, too, have hackers and malware. Organizations have more complex networks, ubiquitous Wi-Fi, mobile workers, cloud apps and bring-your-own-device policies. Enter the Internet of Things — where almost any inanimate object can have an IP address — and cyber-security is getting awfully difficult to manage these days.

A next-gen firewall should be part of every organization’s cyber-security arsenal, providing a basic line of defence by allowing or blocking access to the corporate network. NG firewalls are not the be-all-end-all, since hackers have found ‘back doors’ into even highly secure networks.

Using IT vulnerabilities or social engineering attacks, the bad guys are able to slip past the firewall and hover around, gathering data, and in some cases exit and enter at will. Most breaches aren’t noticed for weeks or months at a time — and that’s a lot of data gathering.

“Forget the gate and drawbridge idea, there are now hundreds of potential entrances to the castle because businesses are connected to customers, suppliers, and employees over the internet. Not only that, but it’s as if everyone who comes in and out of the castle has a key to unlock all the doors as well.”

Matthew Wall, BBC News

Social Engineering attacks

Social engineering attacks — which manipulate users into handing over sensitive data or clicking on malicious links — are becoming more commonplace, in part because they’re so effective. They’re also becoming increasingly sophisticated.

“One new employee, one new contractor, one new business associate. That’s all it takes to own a target. Keystroke loggers and botnet malware will do the rest.”Saryu Nayyar, InformationWeek

User training is helpful (and necessary), but it’s not 100 percent effective. “When a threat actor launches an attack that is planned to take months or years to carry out, all they have to do is spam and wait,” writes Saryu Nayyar in an article for InformationWeek’s Dark Reading.

She argues that security awareness alone won’t stop hackers. As all it takes is one individual falling victim.

Outdated Applications

Hackers can exploit vulnerabilities in software or applications (particularly older versions that haven’t been patched). Or, they can target BYOD devices that aren’t properly managed. They can even target air-gapped computers — ones that are physically isolated from unsecured networks — that are often used in military, financial and critical infrastructure networks.

Indeed, a recent Wired article points out that researchers in Israel were able to steal data from air-gapped computers. “To steal data from them an attacker generally needs physical access to the system — using either removable media like a USB flash drive or a firewire cable connecting the air-gapped system to another computer,” writes reporter Kim Zetter in Wired. “But attackers can also use near-physical access using one of the covert methods the Ben-Gurion researchers and others have devised in the past.”

Detect and resolve intrusions

It’s not all doom and gloom, though. Many industry pundits say the focus shouldn’t be on keeping hackers out. Instead, it makes more sense to stay informed of new threats, analyze vulnerabilities, recognize when a breach has occurred and stop it before any real damage is done.

In addition to a firewall and anti-malware, organizations should consider anti-exploit tools that can recognize when an attack is launched — so they can stop it before malware is installed. When it comes to backdoor attacks, network monitoring is key; network admins are flagged when something is ‘off.’

For many organizations, especially smaller ones, this is a tall order. It requires skilled expertise — hence, time and money — which they probably don’t have in-house.


Secure your network today!

Are you interested in a Security Event Management (SEM) solution that actively monitors and actions live threats on your network? See how you can achieve enterprise-grade security at a fraction of the price. Check out our Secure I.T.™ page for more details!


It can be difficult for companies to find talent to secure each of their vulnerable areas, writes Sharon Florentine in an article for CIO.com. That’s where a managed security solution provider comes in. “An MSSP can cover all the security bases for a company: firewalls, intrusion detection and intrusion prevention solutions, security event and incident management, managed vulnerability and identity management solutions — even first-level incident response.”

A next-gen firewall is a must. But relying on that firewall will leave you with gaps — er, back doors. Click To Tweet At some point, an intruder is going to find a back door into your network; the key is knowing when it happens, so you can take action before it’s too late.


About Jolera

Jolera is a Toronto-based technology hybrid aggregate service provider focused on network architecture and IT solution service and delivery. Jolera is dedicated to innovating the cloud and managed service market space with disruptive solutions for customers, the channel, and the tech and telecom industries around the world.
About Jolera Inc.

Comments 1

  1. Thank you for your time in writing this article, sir. As informative as it is, I find it important to add to the conversation by highlighting a specific form of trickery that has become, as of late, a very common method of compromise. The one in particular I would like to highlight for any one passing this reply, is DNS tunneling. DNS has 4 metadata fields, 2 of which are easily customized.

    It’s important for a network administrator to automate detection of this particular exploitation, by limiting host to domain requests. It’s not very often that any node on your network will require making 50 plus requests to a domain to navigate anything on the internet. Nor is it common for a domain to have non-human readable(seemingly random host names) host names. As this is just a reply to an article, I am not going to go into details, just merely highlighting a subject that is worth noting.

    Good luck, and have fun out there

Leave a Reply