Testing Your Firewall.

Your firewall is a critical part of network security. It minimizes the ways an outsider can get at your systems and do damage. People can get in only through the "front door," through the website and whatever other services you decide to make public.

A server's default configuration may open many ports without giving them adequate security. Without a firewall, intruders can access services you didn't even know existed. From there, they can find weaknesses that let them steal data or destroy your files. A firewall protects devices by allowing only specific ports and protocols. It can block known malicious IP addresses or even limit access to authorized ones.

The network firewall can be a separate device running behind the router or software running on the router. A separate one costs more but carries more computing power. Individual machines have their own firewalls in software.

Because the firewall is so important, you need to be sure it's working properly. Periodic testing will ensure that it is.

The basics of testing

You need to test it from outside your network. Many software tools are available for this purpose. There are several kinds of tests you should perform, and you may find that using more than one tool is the best way to cover everything. Some tools require an agent running on the network as well as a tester running outside.

If your network doesn't provide public services such as a website, you can set your firewall in stealth mode. That way, it won't respond at all when someone tries to access its ports. They won't even know there's a target to attack.

The basic function of a firewall is restricting inbound and outbound port access. Firewalls may also remove certain headers from email and HTTP messages to limit exposure of system information.

Port scanning

Common port scanning is the most basic firewall test. It scans all ports which are used for well-known services and reports which ones are open, which are closed, and which don't respond. You should check all ports that are open to make sure they correspond to intentionally active, securely configured services. If port 80 is open but you don't have a website, that's a problem.

Scanning tools offer a tradeoff between the number of ports scanned and the speed of the operation. Scanning all 65,535 possible ports takes a long time, but it should be run occasionally. If malware gets into your systems, it may use the most obscure port possible to communicate with its botnet. Other options may include the 100 or 1000 most commonly used ports, and you can run those scans more often.

Packet analysis

Even if a port is legitimately open, a server may return too much information through it. It could give clues about the network's internal operations that help an attacker. A firewall can remove risky headers from HTTP and email packets. Packet analysis can check if that kind of information is getting through.

Malware can hide botnet messages in normally harmless packets. The messages look like long, meaningless strings in commonly used data fields. If the firewall doesn't stop them, packet analysis will catch suspicious-looking packets and report them for further study.

Windows Messenger spam testing

Windows Messenger is a useful feature, but it's an annoyance or worse when unwanted messages come in over the Internet. They can include invitations to visit dangerous websites. If you don't need it for Internet communication, your firewall should block the service. People can still use it for internal communication. Testing software will attempt to send a message and check if the firewall blocks it.

If you don't use Windows systems, you don't need this test.

The importance of regular testing

Tests on the firewall should be a regular practice. Malware may alter rules, opening up avenues of attack. Updates to the rules may inadvertently create weaknesses. Installing new hardware or services may require strengthening protections. Regularly scheduled tests will catch any new problems, so you can fix them before someone else exploits them.

Resources

  • Strong Automation Strategy Is Key During Pandemic Recovery

    As workplaces figure out their new normal, automation has a role to play – but the ad hoc implementation that happened during the COVID-19 pandemic can't continue.

  • Keeping your IBM Power Systems highly available

    IBM Lab Services helps you deploy the building blocks of a next-generation IT infrastructure that empowers your business.

  • Making storage simple for containers, edge and hybrid cloud

    IBM Spectrum® Fusion is a container-native software defined storage (SDS) solution that fuses IBM’s trusted general parallel file system technology (IBM Spectrum® Scale) and its leading data protection software (IBM Spectrum® Protect Plus).

  • 8 reasons why IBM Power Systems is your app modernization foundation

    Application modernization comes in many shapes and sizes, and it’s not always easy to know where to start. Check out the strengths and benefits that IBM Power Systems brings to your modernization efforts.

Questions?

Are you ready to make the most of IT? Schedule a call with an expert today.

Call 877-591-4015 or REQUEST A FREE CONSULTATION