One of the Simplest and Most Effective Front-Line Defenses Against Hackers is the Firewall.

Unless you have been living and installing systems in an underground bunker for the last 10 years (Hello, Kimmie Schmidt!), you know that Ethernet is the King of AV. The good news is that for the delivery of audio, video, data, and control, this is one of the more efficient methods developed. The bad news is that Ethernet networks are highly susceptible to security breaches.

Reports in the media have tracked recent attacks, from the Wordpress keylogging troubles and a barrage of phishing emails, down to vulnerabilities in the processing chips themselves. These threats and troubles are nearly everywhere. Only a short while ago, we could get our systems in place and not worry about network security, essentially walking away, hands up, saying, “That’s IT’s responsibility.” Now IT has to be us, or we lose the job to someone else.

While we cannot control all of the factors, in the end our clients will turn to and often lay the blame on us. After all, it is our name on the rack and the install bill. This problem is multiplied when the plethora of IoT devices (many of which do not include any built-in protections) are considered.

As both a defensive stance and to become an arbiter of trust, it is best to be knowledgeable about the varying aspects of network security. Whether this leads to constructive suggestions that the client can take on their own or a possible new work quote, the end client will know you have the solution.

There is no single answer to network security. Maintaining a stable system requires a number of parts, including you as the integrator. When building a network security plan, always start from the simplest, and often most end-user friendly: anti-virus software. You might just be surprised by the power it holds.

Anti-virus software is the most ubiquitous line of defense, but the majority of individual users do not update their databases (new virus identifiers and tools to eliminate) or forget to renew their subscriptions.

Many hacks and methods of intrusion are not necessarily classic viruses. As with all scams and snake oil salesmen, misdirection and sleight of hand are the tricks of the trade. From hiding in packets and hijacking connection streams, how can we fill the cracks? One of the simplest and most effective front-line defenses is the firewall.

A firewall is simply a method of inserting a barrier between a network or host device and everything else. Just like firewalls installed between buildings, the purpose is to control and manage the potential dangers, saving lives and livelihoods in the process.

Networks are incredibly manic places, where each nanosecond is a tsunami of digital traffic, all competing for space and attention. Within this ordered chaos, nefarious forces are actively (and sometimes unintentionally) seeking to compromise the speed and safety of connected devices.

What we need is order and regulation—the ability to filter out the things we do not want, with a modicum of flexibility to make decisions as needed.

Firewalls are often described as either hardware or software, with varying degrees of traffic filtering. Hardware units are just that—an ancillary box from which an “internal” network is separated from another. Hardware firewalls are typically found between the ISP internet connection and a secondary network in an installation.

When a larger network provides guest access to the internet (typically via Wi-Fi), but does not want to allow connection to the central LAN, a firewall is used. This prevents any malicious tools that may have been downloaded to the guest computers to gain access to the main network. In addition, the host computers themselves can use software to control network traffic in and out of it. This software firewall is often used in conjunction with hardware firewalls to provide a layered defense.

The gatekeeper is an apt metaphor, as with all things in data networking, the overriding goal is to manage and control traffic for maximum protection and efficiency. The mechanics of protection are overlapping, as well, acting on several layers of the OSI model. This dictates which information is allowed and which is to be rejected or redirected.

At the network level, a firewall operates much in the manner of a managed switch. Switches ensure the flow of data gets to the proper destination at maximum speed and that no unnecessary queries or errant information is delivered.

While simple in premise, the ability to dictate exactly which IP address (remote server, web page, etc), IP port, and even which services (such as HTTP or proprietary connections) are allowed in and where they can connect to is quite powerful.

This packet filtering has yet another trick up its sleeve: the skill to actively monitor the “statefulness” of the data coming in. The constant monitoring of the connection, type of data, protocols, and transmission starts and ends provides a means to verify the veracity of the information being offered. If a connection is hijacked or illegitimate data is inserted, the stateful watchdog can preemptively deny it any destination.

Think of the IoT devices that we install or must incorporate or accomodate based on our client demands. Implementing a firewall in every project is essential, whether we put these devices in or plan proactively to prevent damage by an “unauthorized” DIY device.

With adept application of firewall filters, installed as part of the initial system, you can maintain a stable platform for delivery of content and control, protecting you, your client, and the system. 

Related