firewall

I recently came across an edgy article that I’d like to share with you.  I think the title is meant to trigger a reaction.  How else are you going to get someone’s attention these days?  The article’s entitled, “Why You Don’t Need A Firewall?”  Wow, that caught my attention!  I mean who in the world would say something like that?  Well, let’s stop for a minute and put it into context. The author states:

“Firewalls need to go away. I’m just saying what we all already know. Firewalls have always been problematic, and today there is almost no reason to have one.”

I agree with the fact that they are problematic.  In addition, the more money you spend on a firewall the harder it is to configure.  It flies in the face of what a typical consumer would expect.  Normally, “if I spend more money…it should be easier”.  The perfect example of that is the Mac versus PC debate.  Users of Apple products typically buy them because they just work.  However, firewalls are part of a layered approach to network security so we can’t just throw them out.  I dare you to go ahead and disable yours then tell me what happens?  You’ll be cleaning up a lot of messes.

He then goes on to say:

“Firewalls tend to be horribly managed. Almost no one reads the logs or responds to the events recorded. Who can blame us? The average firewall produces thousands of warning messages every hour. Who can find the valuable, actionable information in all that noise? Not me — nor any firewall administrator I’ve ever met.”

I totally agree with these statements.  Most companies are not keeping up with the traffic that goes in and out of these devices.  Here are three common scenarios:

1.  The salaried administrator gets complacent because they are overworked, underpaid, lack the training, or just don’t care.

2.  An hourly outsourced IT firm usually has trouble justifying this type of work to their customer.  They hear things like “we’re small who would bother with us?” or “didn’t we pay a bunch of money for this box…shouldn’t it just take care of itself?”

3. Then there is the Managed Service Providers (aka MSPs) who say they’re checking this stuff but have often priced themselves so low that they can’t justify the few minutes it takes.

An easy solution to the device management issue is to spend a little bit of money for the peace of mind.  It’s worth paying someone to review the logs and/or monitor a device.   However, if you disagree and don’t have the time or money for this sort of activity at least get a router with a NAT firewall.  A hundred dollar router is not the best way to protect a business network; however, it’s certainly better than nothing.  Most routers that you buy at a store will allow to block certain traffic from entering your network and allow you to open/close critical ports.

So, I did read the rest of the article.  I agree with many of his points; however, to say that you don’t need a firewall…rubbish! (even if the author is just trying to get a reaction).

-BW

 

Categories: Security