Article Published 26th September 2014 

The latest "Shellshock" security flaw has again demonstrated the need for multiple layers of security protection for your business networks.

Many businesses still only rely upon ptaching and antivirus to protect their critical business systems, perhaps not knowing that a high quality firewall is essential.

Many businesses think that they have a firewall because some basic firewall features (such as NAT) are built into their modem, however, a high quality firewall goes much further than this with protection.

Businesses who have a high quality firewall are not necessarily immune to all security vulnerabilities, but it gives an additional layer of protection, and gives IT support additional lines of active defense that they can configure to protect against threats before vendors release permanent fixes.


  • In plain English: think of it like a security guard standing at the entrance to your building, giving a "pat down" and metal detection scan to every piece of data that comes and goes.


security

For example, a recent Adobe Flash Player exploit potentially allowed an attacker to gain control over computers via an infected flash object on a website.  While waiting for the patch to be available and be deployed to all PCs and servers on their network, a business with a high quality firewall solution like a Watchguard, could configure the firewall to temporarily block all Adobe Flash code from entering the network.  Whist this may stop websites using Flash from working fully, that is usually a small price to pay for immunity from the exploit while waiting for a patch.

Whilst the complete extent of the threat is not yet full understood, the current Shellshock exploit potentially impacts billions of devices, and millions or even hundreds of millions of websites around the world.  It involves injecting malicious code into a device or operating system, which then allows for complete control over the device. That can result in unlimited data theft, deletion or reconfiguration of the device to open additional security holes. 

Figuring out which devices and operating systems are vulnerable, obtaining patches (if and when they become available), and deploying patches all takes time. Meanwhile the exploit is available right now, and at least some of your business systems will be vulnerable. Antivirus software will NOT stop this kind of security flaw - it isn't a virus or any other kind of Malware.

A high quality firewall like a Watchguard has active software component which is updated constantly to be able to identify new threats. (Watchguards themselves are hardened security devices and not exposed to the Shellshock exploit.)  This is different from just a firmware or security patch which protects the device itself, - rather, an active "Security Subscription" is live analysis of all the data and code flowing into and out of your network.  This means that a Watchguard can help to protect all devices inside the network, from vulnerabilities like Shellshock.

"Intrusion Prevention Service (IPS) is a fully integrated annual security subscription for all WatchGuard appliances. It works to provide real-time protection against network threats, including spyware, SQL injections, cross-site scripting, and buffer overflows. It uses continually updated signatures to detect and block all types of threats. And because IPS is integrated with WatchGuard security appliances, you have an easy-to-manage, cost-effective solution without additional hardware to purchase and maintain." http://www.watchguard.com/wgrd-products/security-modules/ips

In plain English: think of it like a security guard standing at the entrance to your building, giving a "pat down" and metal detection scan to every piece of data that comes and goes.

Is this a replacement for Antivirus and software/device patching? No, definitely not. But this additional layer of protection has become an absolutely vital weapon in the armoury of IT professionals to help defend against security exploits rapidly.

Does this provide a guarantee that no security exploits will occur in your network?  No, there is never any guarantee of that - technology systems are just too complex, with too many different hardware and software vendors and components and too many constantly upgraded components to ever be 100% certain. Even the most secure organisations in the world have been hacked by security exploits.  However, it does greatly improve your protection.

IT Leaders uses and recommends Watchguard products, and recommends that all clients have a Watchguard firewall, with an active "Security Bundle" subscription.

For full information on Watchguard Unified Threat Management (UTM) devices, please read here: http://www.watchguard.com/wgrd-products/utm/overview

Contact IT Leaders on 1300 596 560 for assistance with IT security.