Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Network Security //

Firewall

// // //
5/24/2018
09:35 AM
Alan
 Zeichick
Alan Zeichick
Alan Zeichick

GDPR Should Change Your Thinking About Network Firewalls

Old-fashioned firewalls are an effective weapon for protecting the network incursions and data breaches, and that goes for the new era of GDPR that begins Friday as well.

Protecting customer data is now Enterprise Security Job No. 1, thanks to the European Union's General Data Protection Regulation (GDPR). The entire purpose of GDPR is to protect the privacy of European Union residents -- and that affects your business, no matter where you are located, if you have even a single European customer.

While there are several important aspects to GDPR, let's focus on one: preventing data breaches. That's vital to protecting your customers' privacy. (See GDPR Compliance: Enterprises Have Two Options to Consider.)

A firewall can help, but unfortunately it's been in vogue to bash firewalls as out-of-date, often with phrases like, "There’s no such thing as a network perimeter anymore, so firewalls are useless." Totally untrue -- but we'll get into that in a moment.

GDPR is not a how-to document. It doesn't tell anyone how to prevent breaches. In fact, GDPR doesn't even say that business can't have breaches or must install technology to detect attackers. However, GDPR does say that if you are breached, you must notify the authorities and everyone whose data was exposed very quickly.

(Source: iStock)
(Source: iStock)

If not: Prepare to be fined by a European regulator.

The best way to avoid that unpleasant scenario: Do everything you can to block or prevent breaches from happening in the first place. That's where the firewall comes in.

Despite what critics say, it's an essential tool for preventing data breaches on enterprise networks from hackers trying to enter the network from the Internet. Firewalls also can limit data exfiltration -- that is, the removal of the data -- through an Internet download, either caused by malware, breaches or from insiders, such as employees or contractors.

Another security-related provision in GDPR is to rapidly discover if a breach occurs so that you can notify the proper authorities with 72 hours -- but such discoveries are not done by a firewall. Other GDPR provisions include requiring customers to positively opt in to your communications, letting them view the data you have stored about them and letting the delete or change some of that information. While important, those aren't IT security issues.

Sadly, firewalls are often overlooked in favor of newer tech, such as advanced anti-malware engines and endpoint protection software. The newer tech is important, yes, but the firewall is still an essential tool to protect against attacks coming in from the Internet.

Also, we should note that GDPR isn’t the first rule about protecting customer information. For example, the US Health Insurance Portability and Accountability Act (HIPAA) of 1996 specifies that you must protect a person's health information.

However, GDPR is much broader -- and affects many businesses all over the world.

What's a firewall?
Firewalls are designed to stop unauthorized traffic from getting onto a private network -- like a LAN firewall at an enterprise router, which is what we're discussing here -- or from getting onto a specific device, such as the firewalls built into Windows or Mac OS X.

The core functionality of the firewall is to detect unauthorized traffic, and filter it out -- and log the access attempt.

Basic firewall functionality filters based on IP address or the type of traffic trying to access the network -- for example, attempts to access internal resources from outside the LAN. But that's only the start.

Modern firewalls go much farther.

They can filter out traffic that contains malware using functionality called deep packet inspection, for example. This functionality is one essential part of detecting breaches, by having the firewall identify and block attempts to get access to network servers from the Internet.

Firewalls also work in the other direction, by blocking attempts by users, applications or malware inside the network from accessing forbidden resources on the outside, or from sending specific types off data to the Internet.

We're all familiar with website filters that block access to certain websites -- think eBay, gamer sites or non-business email like Gmail -- from inside a business LAN, or stop students from accessing some content from their school. They can also be configured to stop data from being exfiltrated to foreign countries, competitors or the Dark Web.

Firewalls can also be configured to stop data from being exfiltrated, such as letting FTP (file transfer protocol) dumps from databases, or even data theft through email attachments that contain specific intellectual property.

While firewalls can be bypassed by very clever hackers or malware, they are the first line of defense against brute-force attacks from outside the network, and from malware or insiders attempting to transmit stolen data from inside the network. That's why firewalls are an essential ingredient in compliance with GDPR and other essential regulations.

Related posts:

Alan Zeichick is principal analyst at Camden Associates, a technology consultancy in Phoenix, Arizona, specializing in enterprise networking, cybersecurity, and software development. Follow him @zeichick.

Comment  | 
Print  | 
More Insights
Comments
Oldest First  |  Newest First  |  Threaded View
Edge-DRsplash-10-edge-articles
I Smell a RAT! New Cybersecurity Threats for the Crypto Industry
David Trepp, Partner, IT Assurance with accounting and advisory firm BPM LLP,  7/9/2021
News
Attacks on Kaseya Servers Led to Ransomware in Less Than 2 Hours
Robert Lemos, Contributing Writer,  7/7/2021
Commentary
It's in the Game (but It Shouldn't Be)
Tal Memran, Cybersecurity Expert, CYE,  7/9/2021
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Creating an Effective Incident Response Plan
Security teams are realizing their organizations will experience a cyber incident at some point. An effective incident response plan that takes into account their specific requirements and has been tested is critical. This issue of Tech Insights also includes: -a look at the newly signed cyber-incident law, -how organizations can apply behavioral psychology to incident response, -and an overview of the Open Cybersecurity Schema Framework.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2022-45343
PUBLISHED: 2022-11-29
GPAC v2.1-DEV-rev478-g696e6f868-master was discovered to contain a heap use-after-free via the Q_IsTypeOn function at /gpac/src/bifs/unquantize.c.
CVE-2022-44635
PUBLISHED: 2022-11-29
Apache Fineract allowed an authenticated user to perform remote code execution due to a path traversal vulnerability in a file upload component of Apache Fineract, allowing an attacker to run remote code. This issue affects Apache Fineract version 1.8.0 and prior versions. We recommend users to upgr...
CVE-2022-46146
PUBLISHED: 2022-11-29
Prometheus Exporter Toolkit is a utility package to build exporters. Prior to versions 0.7.2 and 0.8.2, i someone has access to a Prometheus web.yml file and users' bcrypted passwords, they can bypass security by poisoning the built-in authentication cache. Versions 0.7.2 and 0.8.2 contain a fix for...
CVE-2022-36433
PUBLISHED: 2022-11-29
The blog-post creation functionality in the Amasty Blog Pro 2.10.3 plugin for Magento 2 allows injection of JavaScript code in the short_content and full_content fields, leading to XSS attacks against admin panel users via posts/preview or posts/save.
CVE-2022-4202
PUBLISHED: 2022-11-29
A vulnerability, which was classified as problematic, was found in GPAC 2.1-DEV-rev490-g68064e101-master. Affected is the function lsr_translate_coords of the file laser/lsr_dec.c. The manipulation leads to integer overflow. It is possible to launch the attack remotely. The exploit has been disclose...