Hackers utilize several exploits to penetrate firewalls and undermine firewall security. The most common of these include brute force, backdoor passwords, service provider passwords, improper configuration, firmware bugs and telnet/web access. One of the biggest firewall weaknesses, however, is in their very design.
Firewalls detect and block malware using a set of rules for IP addresses and ports and libraries of signatures to which they compare incoming web traffic. This signature recognition technology originated in the late 90s with the development of the first advanced firewalls. These malware signatures are effective against known threats, however, they are useless against new variants and new and old exploits for which no signatures have been developed. In an environment where malware numbers in the millions and some worms, trojans and other exploits go undetected for years, firewalls have serious blind spots.
The first firewalls were initially very effective – the hackers simply moved on to easier targets that did not yet have them. Since then, firewall adoption has become nearly 100%, yet the hackers are still around. Information security and cybersecurity professionals have long recognized that firewalls are only a first line of defense and that alone firewalls have not been able to stem the growing tide of hack attacks.
- Little or no protection against many modern security threats, such as zero-day and undiscovered exploits;
- No protection after a network has already been penetrated and compromised;
- No record of when or how such a penetration occurred;
- No record of what data left the network;
- No protection when a user mistakenly brings malware in by visiting a poisoned website or opening an email attachment containing a virus;
- No protection against insider mis-use and data leakage.
Hackers routinely bypass firewalls. Even IDS-equipped firewalls offer little security against new real-world attacks and sophisticated APTs. The solution? Packet capture appliances, which record all internet/network traffic in both directions, including evidence of breaches and attacks. IPCopper manufactures fully automatic standalone packet capture appliances, with 1 and 10 Gbps capture speeds. The USC1030 and USC4060 combine network tap capabilities with 1 TB and 4 TB onboard storage, respectively, for no-hassle deployment in minutes.
Deploying firewalls creates a false sense of security. The foundation of security is information, something that a firewall cannot provide. Packet capture provides the informational foundation on which to build effective network and data security, giving complete visibility into the network’s activity. This visibility better informs and equips network administrators and IT personnel to address and mitigate network threats and vulnerabilities, conduct incident response, formulate better firewall rules, and detect data leakage, intrusions and advanced persistent threats.
Alone, firewalls stand no chance of giving your network the protection it needs. It is critical, in the case of a network incident, to be able to quickly go back and review historical network IP data to ascertain what happened, when it happened, how it happened and the scope of damage or liability. Packet capture appliances fulfill these needs, complementing firewall security for better network protection.