Firewalls: Test, Test And Test Again!

What do your IT systems, servers, IP telephone systems, network-connected mobile phones, laptops, PCs, Wi-Fi access equipment, IP cameras, Internet-connected temperature and CO2 sensors all have in common these days?

Well, I gave you a small clue when I wrote the phrase 'internet-connected'. All of these, and hundreds of more devices, operate via an internet connection and for businesses, I have three words for you.

"Firstly: Firewalls! Secondly: Penetration Testing!"

Let's talk about firewalls then. I am not talking about Windows Security either. I am talking about a centralised hardware/software/licenced network security device that allows all of the aforementioned devices that connect to your network to be guarded against any possible cyber attacks.

Hackers constantly bombard your network to see where the gaps are in your defences and whether the firewall has been configured to cover every eventuality. Not only should your individual devices require passwords to be changed, but you should also close and lock down ports and firewall permissions. This also needs to be reviewed regularly to ensure as many loopholes are closed as possible.

This is where the second part of the regular penetration testing comes into play. As mentioned in previous blog posts, there are times when new equipment is added or swapped out and the relevant changes required to firewall settings may be overlooked if your IT department were not aware that, for example, the air condition unit is now a 'connected device' and the technician has simply plugged into a spare port with no configuration on the firewall for that particular device.

Quarterly penetration testing would identify these gaps in your defences as hackers could use the IP address of the Aircon unit to hop over to the server networks of your business!

Firewalls come in all shapes, sizes and complexities to match your business. There are many variants to match your budget and with a word of caution, I say don't let price be the deciding factor.

The moral of the story is that you should always involve your in-house or external (outsourced) IT professionals and let them know anytime you add or change devices, especially smart speakers and video doorbells that are seemingly DIY.

Customer data on your network is your responsibility so the more you apply security and testing to your network, the better chance you have of blocking an attack.

If you feel inspired to find out more then do call me on 07555 807700 or leave a comment below and I'll be in touch as soon as I can.