What Hacker’s Don’t Want You to Know About Firewalls

Firewall Series: Part 1

A Beginner's Guide to Firewalls Graphic

Introduction to My Firewall Series

This post begins a new series of articles in which I discuss pretty much every aspect of Firewalls there is to discuss. What firewalls are, who should use them (spoiler alert: the answer is EVERYONE,) and how one should go about finding a good one. In the final analysis there will be a lot of information and advice conveyed in this series. Including information about protecting your home (or your small business) computer network, your data, your family members or employees, your communications…pretty much all information pertaining to you and your life.

Please feel free to republish or share this content with others…as long as you make sure to include where you got it from :-) because it’s such an important topic. I embarked upon writing it when I discovered that not very many people really understand firewalls at all…much less understand how they should go about utilizing them to protect themselves.

My word clouds using firewall terms didn't prove to be my primary procrastinational deterrent...but they really didn't help much either :-/

My word clouds using firewall terms didn’t prove to be my primary procrastinational deterrent…but they really didn’t help much either :-/

Why I Decided to Write This Beginner’s Guide to Firewalls

I originally began vsatips for one reason…to keep friends and family up-to-date and knowledgeable about threats to their computers and their networks. Since the inception of vsatips, and it’s predecessor, my HubPages blog, the cyber world has changed drastically. I rarely touch a computer these days because my own has been unbootable for over a year (don’t ask, it’s a long story…but the short answer is that I just need to spend some time working on it.)

What I mean by my statement above is that the cyber world has changed so much that now, in 2017, pretty much everyone from teenagers on up age-wise carries a tiny computer around with them in either their pocket or their purse. I really love the fact that anyone can Google almost anything…anyplace or anytime. I believe this is making us smarter and more capable as a society, because I know that’s what the effect of this has been on me personally.

But, along with this ‘instant access to knowledge’ comes greater risks too. Never before in our world’s history have individuals been so exposed and to such a high degree because the sheer number of risks has increased so dramatically. Although the risks I’m talking about haven’t been of the fatal variety more common in historic times, that fact is rapidly changing as the Internet of Things is gaining a foothold on our lives…making these risks undeniably significant.

To date, they’ve primarily taken their toll in 2 ways: monetary risks or emotional risks…frequently both occur simultaneously. I’ve become a passionate advocate for internet safety because I learned the hard way what happens when networks aren’t well protected. You can read more about that in a post I wrote as an addendum to the ‘about me’ page on my site. This story recounts my family’s experiences when our home network was taken over by a botnet.

For about a year and a half's timeframe the botnet that took over my family's network wreaked utter havoc and dischord.

For about a year and a half’s timeframe the botnet that took-over
my family’s network wreaked utter havoc and dischord.

 I think it bears repeating that since the time when our botnet invasion occurred the sheer volume of risks our society faces has grown and continues to grow exponentially. This is a frightening thought all on its own. Yet despite those sky-rocketing risks, our own dependence upon all of the interconnected benefits that the World Wide Web brings us continues to grow at an equal if not faster rate.

One Example of How the Internet has Become So Completely Intertwined in Our Daily Lives in a Way That’s Not So Obvious

I’ve been writing a primer for ‘cutting the cord‘ to expensive television programming services during the last several months. It’s the 2nd part in a series of what will probably be 3 articles. If you’re interested you can read Part I which discusses the financial reasons we decided to ‘cut the cord.’ Part II frankly has grown so long that I considered publishing it as an ebook. It describes the nuts and bolts of the whole cord cutting process. As Part II neared completion I continued to tweak certain sections…especially those related to home networks.

Ultimately I wrote a shorter…very brief overview of the exact same content because several people I know asked me to finish it…and I didn’t feel it was ready for prime time yet. Here’s a link to that if you’re interested…it basically describes our setup and the hardware we decided upon. But really, successful ‘cord cutting’ relies very heavily upon the internet. Which means that having a network that functions well and is fortified against threats is of the utmost importance. But…ours wasn’t (and sadly, still isn’t) really functioning all that well…despite my having spent significant time and money addressing it’s needs…although frankly, our ‘Cord Cutting’ experience hasn’t suffered as much as I feared it may.

The Decision I Made Today to Publish This Topic Broken Down into Smaller Parts

This Firewall post was originally titled ‘The Complete Beginner’s Guide to Firewall Hardware & Cyber Threats in 2017.’ While that’s a fairly ambitious title…the article’s content does rise to the challenge. But getting such a long post into it’s grammatically correct and ‘perfect’ final form has proven to be a major stumbling block for me. One problem I had was simply proofreading it enough times. It took several hours for one reading straight through…and longer if I was making corrections…which I was making a ton of! I tried 2 or 3 times, spending 12-14 hours each time…but didn’t finish. And when I went to sleep it seemed I had to do a lot of back pedaling the next day because my brains RAM just isn’t as functional as it used to be. It was beginning to look like I might not get this published at all.

Another complicating factor was that I felt the length of this post would be problematic for reader’s. I thought that I really should have something making it easier to navigate through the material. At a minimum I thought that a Table of Contents would be necessary.  A TOC would help readers’ both to navigate and to find just the information that they were most interested in. Sadly, WordPress.com, while quite amazing overall, just isn’t up to that task.

This is one of the few areas in fact that WordPress.com isn’t up to par with most of the other website services out there. When it comes to creating something like a Table of Contents here…there are simply no tools at my disposal. If you know much about WordPress and or web building you’re probably thinking to yourself…hey, what about jumplinks?

Flickr & Visual Hunt Photo: Botnet by Tom B from Sau Paulo Brazil

Flickr & Visual Hunt Photo: Botnet by Tom B from Sau Paulo Brazil

Jumplinks, for nonweb-builders…are a way of creating links right within posts to somewhere else right within that same post.

The concept of jumplinks was new to me. I did learn everything there was to learn about them…I think. But, that would have ended up being a slow, manual and very cumbersome process…especially to create them all at the outset whilst I was trying to proofread and prettify everything for final publication. So, while jumplinks theoretically might have worked, in the bigger picture, they just weren’t the answer for me in my present dilemma. They would actually have acted as even more of a deterrent to me for finally getting this long article (and 2 others that I’m in the same boat with) published rather than aiding me in that process. Just getting this information published in a usable form…is really my end goal. Especially getting it published before it loses all relevance or accuracy!

So, this one relatively minor deficiency of WordPress.com has had a major impact on my blog in recent months…because it’s not just my Firewall guide that really needs this kind of navigational tool. As I mentioned above, my Part II for the Cord Cutting Guide also would benefit a lot from the inclusion of a Table of Contents. A 3rd extremely long post I wrote about Apple’s newest ‘standard’ iPad…what I call the iPad 5, as opposed to the even newer iPad Pros…also really needs something like this too! I put in a request for this and my request even garnered quite a bit of support…but as of August, 2017…there’s no positive indication that a Table of Contents feature will be forthcoming. So, I decided to take matters into my own hands and figure out a solution.

I could publish this information as ebooks…but since I’ve never written an eBook before, there would be a definite learning curve. I’m not ruling out that possibility however. I’m thinking that maybe once I’ve published all of the sections for all of these topics…then maybe that will be the right time to combine it all into a few eBooks.

The advantage of my decision to publish this in a smaller sections actually helps me much more than you might appreciate. Because the final editing phase won’t be so daunting now. Also, my approach will sort-of solve the ’Table of Contents‘ problem too. Because once everything is published…I can then create a Table of Contents quickly and easily using the links for each section!

The Typical Kinds of Protection That Are Primarily Used in Small Networks Today

In 2017 the rapidly increasing number of malicious threats truly makes it mandatory for people to actively employ as many measures as they can to stay safe. In the computer realm, this means that Window’s users cannot stray from using antivirus software and firewall applications (which are often combined in good anti-virus solutions.) But these shouldn’t be their only protective mechanisms. Even Mac users should consider protecting their machine’s with these basic measures now, because in recent years we’ve seen that Apple computers aren’t immune from these threats anymore either. But it is still true that Window’s users’ continue to need greater and more protection. This added protection should be in the form of anti-malware and anti-exploits applications which are run on individual computers.

Mobile devices too need additional measures in today’s world. While iPhones and iPads are still safer overall from malicious threats than Android devices are, the are far from immune. With ios 10, Apple recently gave users the ability to add their own ad blocking plugins to Safari. This makes good sense and it does add a protective layer to web surfing activities. But Apple also gave users the ability to finally install apps from somewhere else that isn’t their ios App Store too. This move, while greatly needed and widely applauded by most people, significantly increases a user’s chances of contracting a virus or malware. Android users too need stronger and better options for protection, because the open nature of the Android operating system goes hand in hand with those devices acting as more of a magnet to attract hackers as well.

There’s one last category of devices that few people tend to recognize which also act to increase vulnerability significantly. I’m grouping these devices collectively under the moniker of smart-home or Internet of Things (IoT) devices. For reasons that I’ll delve into much more a little later on, the vulnerabilities that these devices create are much harder to address than those more readily recognized ones I mentioned above.

Not many people outside of those working in the tech industry are aware of one newer safety measure that works to protect all of the aforementioned devices collectively. I’m referring to the use of a separate piece of hardware called a firewall appliance. Hardware firewalls are the primary focus of this guide.

Sonicwall’s 2017 Cyber Threat Report

This periodic newsletter from Sonicwall is one of my favorites. It contains really great information about the worst threats that we should all know about today. They can be loosely categorized into threats against our identities and financial resources, our computers, our mobile devices (such as cell phones and tablets,) and our smart home or IoT devices. I’ve included a link to Sonicwall’s 2017 Threat Assessment Report.  If you’re asked to fill out a form and submit your email address to get the report and don’t want to do that you can download it in the form of a PDF that I created just to make sure everyone could actually read it…using this link.

Sonicwall 2017 Threat Assessment Report

Sonicwall 2017 Threat Assessment Report

You may be wondering who or what Sonicwall is and what makes them an expert when it comes to data security threats. Sonicwall is the company we use and rely upon daily to protect our home and office networks. Sonicwall was, up until very recently, a division of Dell computers. They were one of the first companies to develop hardware firewall appliances…which (in case you forgot) is the main focus of this article. I’ve wanted to write about firewalls for several years, because every time that I happen to mention them in a conversation, I’m met with either a blank or a questioning stare..and then usually silence.

I’ve finally decided that now is the right time to introduce this topic because, in addition to the reasons mentioned above in the introduction, when I began this, we were conducting our own research into upgrading our home firewall hardware following a long-awaited and sorely needed huge upgrade to our network bandwidth speed. We recently increased our internet service from 50 Mbps down & 5 up to a whopping 300 down & 20 up…but we couldn’t utilize the upgrade in capacity until we upgraded our firewall. As I began this dreaded research project (dreaded because firewalls are so complexly confusing!) I realized that there are finally firewalls that are really designed for small networks like homes and small businesses…thus there are much better solutions than the last 2 times I had to undertake this research task.

I was also pleasantly surprised to discover that there are several small niches which have been identified as prone to higher risks.Several new classes of security devices are appearing on the market which are aimed at those focused needs.

Introduction to Hardware Firewalls

I’ll close this introduction to Firewalls with a better description of what the phrase ‘hardware firewall’ really means.

Hardware firewalls are somewhat similar to software ones in that they are designed to protect users from malware, viruses, ransomware and botnets. The way that they differ is that rather than affording protection to just one machine…they are designed to protect a complete network of devices.

I’ll delve a little deeper into the way that they differ from the software-based firewalls most people are familiar with…those like Window’s firewall for example. Or firewalls that come bundled with anti-virus software that are also made to protect a single device…most often a Window’s computer. Almost every Window’s user out there has heard of software firewalls because of Window’s firewall. Fewer people may know that Apple also includes firewall software in each and every computing machine they sell (machines that aren’t mobile devices that is.) Software firewalls aim to accomplish pretty much the same things as their hardware firewall counterparts do…the only real difference is in their scope.

What I’ll call traditional hardware firewalls have a much broader scope than software ones do. They are designed to protect complete networks. This segment of the market is really big, consequently there is a huge variance in both size and the degree of protection afforded between the different ones available.

There are a lot of different companies making traditional, enterprise level hardware firewalls today, including Sonicwall, Cisco, Juniper and Fortinet to name a few of the most popular brands. Originally these were developed solely for business use, which is also called the Enterprise market. As their use has become mandatory for most businesses, many people who’ve seen the benefits of that kind of protection at work have begun seeking out similar solutions for their own personal needs. This has led to the development of several smaller, less expensive and sometimes more focused device types…many which are just entering the marketplace now.

Some of the Key Security Threats in 2016

Some of the Key Security Threats in 2016

Even within this new market there are several subcategories of device types.

One popular new breed of hardware firewall is firewalls which are bundled together with other network gear like routers. A couple great examples of these are Ubiquiti’s EdgeRouter Lite product line and Cisco’s RV product line. Another bundled alternative are devices which provide WiFi networks which include firewall features too. Then there’s a 3rd category of standalone firewalls which operate somewhat like their enterprise big brothers do but which also include some unique features like cloud threat intelligence and crowd sourced threat updates.

Regardless of the type…standalone, full-featured firewalls for enterprises which I’ll refer to as traditional firewalls, firewalls which are bundled together with routers or WiFi network gear, or firewalls which focus on one specific purpose…all of these device’s primary purpose is the same…protecting a family or a business network from cyber threats and malicious attacks. This includes protecting all of the devices within that network and it also includes protection for both the wired LAN network and the wireless WLAN network.

With the addition of a hardware firewall, all the devices within a network are protected at a significantly higher level than would be the case if they only relied upon each individual device’s security measures, which we’ve seen can vary greatly.

Computers can and hopefully do reside at the most secure end of the spectrum by incorporating a protection trifecta which should include antivirus, anti-malware and anti-exploit applications. Mobile devices tend to fall into the middle range with some built-in and some add-on protection. IoT and smart-home technology usually falls into the lowest range with minimal to no protection. Yet because this is probably the market that’s growing the fastest, it’s also the one which has been most overlooked to date. That fact hasn’t escaped security conscious manufacturers, and new breeds of devices are rapidly stepping up to address this need.

Future Segments in the Firewall Series

Future parts in this Firewall series of posts will discuss small network architecture and where Firewalls fit into these existing structures. I’ll also examine in much greater detail the various types of firewalls that are beginning to enter the market as well as cover what you need to know to discuss the pros and cons of a firewall with someone like a sales person knowledgeably. I’ll also spend some time on a more detailed examination of the differences between enterprise firewalls and these newer standalone versions which are meant to replicate many of the larger versions tasks. Last I’ll hopefully leave Readers in a position to fully understand the line of hardware and to determine if it’s something they should consider using personally. If that answer ends up being yes, Readers should know where to go too find more information about what they are looking for.

Since most of these sections are already written and just need final proofing as well as a few checks into hardware  availability, expect the next parts to appear here within a few days.

Additional Resources

Recent Malware & Virus News

Sonicwall’s August 28th alert about ransomware that hides behind an image file.

Sonicwall’s recent report about attackers targeting websites with ransomware by uploading PHP files to websites which are then locked to their owners until a ransom is paid.

Mac, Android devices increasingly at risk for malware

Malwarebytes Introduces Malwarebytes for Mac to Protect Against Rising Levels of Mac Malware

Previous Posts with More Detailed Information

The Danger’s of Torrent & P2P or Media Sharing Websites Were Responsible for Allowing a Botnet to Take Over Our Home Network

Why You Should Never Use Public WiFi’s & My Tiny Hardware Firewall Review

How to Secure Your Home Network

Comments

If there are any aspects of Firewalls that you know for sure you’d like to make sure I include in my coverage please let me know in the comments and I’ll try to include it in future parts to this series.

If you’d like to read other reader’s comments (assuming there are any,) or if you’d like to leave your own comment, please scroll way down past the ‘WordPress ads‘, the ‘About me‘ and ‘Related Posts‘ sections, and look for the little ‘Comment Box.’

About vsajewel

Hi...I'm the author of 2 main blogs on WordPress...vsatips...where I write tech tips for mobile devices...primarily ios...2nd is vsatrends...where I write less about tech things and more about everything else. I also host a YouThe channel. I use it to better illustrate some of the posts from vsatips and for other random 'How To' topics. I'm a huge fan of YouTube because I think you can learn pretty much anything in the world there. Sometimes I search for something I can't do and don't find anything. A lot of my videos come from that influence...if I do eventually figure out how to do something :-)
This entry was posted in Computer & network security, Security and tagged , , , , , , , , . Bookmark the permalink.

2 Responses to What Hacker’s Don’t Want You to Know About Firewalls

  1. James says:

    Really great start to a great series! I believe I agree with everything you stated. You have obviously done your research and have become very knowledgeable about firewalls. I look forward to reading more of what you post here, especially since firewalls are my thing in the enterprise (as well as the small office/home office scenario).

    One small correction… WAN isn’t short for wireless area network. That would be WLAN, short for wireless local area network. WAN is short for wide area network, which in small environments refers to the link to your Internet service provider and in enterprise environments refers to the links connecting branch sites within a company”s network.

    From what you’ve written so far, I assume you will be focusing mostly on the Sonic Wall appliance you have. I love SonicWall. They really cater well to the small office/home office environment. However, there are even less expensive options out there that have all of the same great features that are better solutions IF you already have a good base knowledge of how firewalls work. The one I set up (for a whopping $140) is called PFSense. If you are ambitious enough, I highly suggest taking a look at it for friends and family. My reasoning is because when I talk about firewalls for the home and mention a price tag of over $500, most of my acquaintances immediately tune me out thinking that a firewall is not something they want to invest in. But $150 or less is much easier to swallow.

    I certainly wouldn’t shy away from SonicWall though. If you have the means to purchase one, it is certainly well worth the investment in my opinion.

    Again, I look forward to reading more of what you have to write!

    Liked by 1 person

    • vsajewel says:

      Hey James! I hope work and life have been great for you :-) I really appreciate you’re correcting me on the WAN WLAN confusion! Your explanation is excellent! It’s something that’s eluded me up til now, so it’s nice to finally understand something I thought I did…but clearly didn’t.

      We ended up spending a small fortune and getting another Sonicwall…the TZ600…it’s pretty amazing though! We needed 300 Mbps throughput…which to us feels like gigabit speeds!

      But I did read quite a lot about PFSense…it’s Linux based right? It was really intriguing but I thought pretty far beyond my technical capabilities and not something I’d easily find someone else to manage for us. The firm we’ve used for years only works with Sonicwall. After an exhaustive search I think I better appreciate why…and also why they cost so much! But if I had your technical expertise PFSense would have probably been my choice too. One thing that still eludes me is how to compare ‘deep packet’ inspection features. It took me a while to really get that stateful packets were something different entirely!

      So, I really don’t plan on spending much time on Sonicwall because they are so complicated I don’t understand them much myself…I just know they work. But most people havn’t lived through the experiences we have and most would think that their cost in our environment wouldn’t be warranted.

      What I’m spending more time one is really introductory information…well below your level…but most people I’ve learned, know nothing about Firewall appliances…and I feel they should become mandatory for everyone. So, I’m spending more time on the various threats…and on why IoT is so important.

      What I discovered while researching types of firewalls for us was that there are all these new ones just entering the market now. They fall in the $100-300 price range. Many have been in the works for years…but they are just finally launching now. They seem to be perfectly suited to smaller installs like homes and small offices. No deep packet inspection…but a lot of other cool technology to make them interesting.

      A few off the top of my head are Cujo, Dojo and Luma Home. Then there’s the category I call router firewalls like Ubiquiti’s Edge Router Light and this device we just got that was only $100, also by Ubiquiti called a Unifi Security Gateway (USG). We got it for statistics for our Unifi AP’s but it’s a router with Firewall features too. There’s so many options now it’s mind boggling…so I’m not really doing a thorough analysis of each, but just introducing the various types. Hopefully, it will prove useful to people who’ve never considered them at all before.

      Thanks so much for taking the time to write me and I really appreciate your expert advice!

      Like

Please leave any comments or questions here and thanks for visiting!

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s