eCenturion

Many organizations think they're secure just because they have a firewall in place. But a firewall that's incorrectly configured or ineffectively managed is just as dangerous as having no firewall at all. Unfortunately, it has created a false sense of security for the organization.

Avoid the common pitfalls in firewall management with a Managed Stateful Packet Filtering Firewall from eCenturion.

You probably know that you need firewall security; in fact, you may even already have a firewall management program in place. But what exactly is firewall security, and what does firewall management entail?
The word firewall originally referred literally to a wall, which was constructed to halt the spread of a fire. In the world of computer firewall protection, a firewall refers to a network device which blocks certain kinds of network traffic, forming a barrier between a trusted and an untrusted network. It is analogous to a physical firewall in the sense that firewall security attempts to block the spread of computer attacks.

What is Firewall Management?

A firewall management program can be configured one of two basic ways:

A default-deny approach to firewall security is by far the more secure, but due to the difficulty in configuring and managing a network in that fashion, many networks instead use the default-allow approach. Assuming that your firewall management program utilizes a default-deny policy, and you only have certain services enabled that you want people to be able to use from the Internet. For example, you have a web server which you want the general public to be able to access. What happens next depends on what kind of firewall security you have.

Stateful Packet Filtering Firewall

eCenturion's managed firewall has a list of firewall security rules which can block traffic based on IP protocol, IP address and/or port number. With typicall firewalls, all web traffic is allowed, including web-based attacks. In this situation, you need to have intrusion prevention, in addition to firewall security, in order to differentiate between good web traffic (simple web requests from people browsing your website) and bad web traffic (people attacking your website).

A packet filtering firewall alone has no way to tell the difference. A problem with packet filtering firewalls which are not stateful is that the firewall can't tell the difference between a legitimate return packet and a packet which pretends to be from an established connection, which means your firewall management system configuration will have to allow both kinds of packets into the network.

To satisfy all the necessary requirements of a firewall eCenturion has engineered within it's Sentry appliance, a stateful packet filtering firewall. This firewall scheme is more intelligent about keeping track of active connections, so you can define firewall management rules such as "only allow packets into the network that are part of an already established outbound connection." You now have solved the established connection issue but also can tell the difference between "good" and "bad" web traffic. You need need this method of intrusion prevention to detect and block web attacks.