Firewall Security
The table below illustrates some of the weaknesses in firewall security and how IPCopper packet capture appliances address them.
Firewalls |
IPCopper |
Blocks packets based on a set of rules. |
Does not block packets, but records information useful for configuring or updating your firewall’s rules.
|
Hackers can sneak past firewall rules.* |
Hackers cannot evade IPCopper. |
Do not retain records of breaches or other IP activity. |
IPCopper captures and retains all IP traffic, with enough storage capacity to last for months and years. |
Some may log and retain a limited number of IP addresses and port numbers for a very short period of time. |
IPCopper captures and records all packets in their entirety, including headers and payload, for months and years. |
Can be targeted, attacked and compromised. |
IPCopper operates invisibly and cannot be detected or attacked. Unlike other networking devices, IPCopper does not have IP or MAC addresses, making it impossible to detect electronically. |
Can be overwhelmed by DoS attacks. |
High throughput (e.g. a DoS attack) cannot overwhelm IPCopper. IPCopper's 1 GbE units can handle traffic of up to 1 Gbps, 400 Mbps sustained. |
Cannot determine the scope of an attack after the fact. |
IPCopper excels at network forensics, helping identify the breadth and scope of an incident, even months and years after the breach occurred. |
*Some firewalls have been enhanced with IDS technologies, however, not only are they not preventing or discouraging hackers (attacks are on the rise), they create a false sense of security that makes end-users more vulnerable. Projections are that attacks will increase exponentially despite firewalls, anti-virus software, bug fixes and software updates.
Hackers utilize several exploits to penetrate firewalls and undermine firewall security. The most common of these include brute force, backdoor passwords, service provider passwords, improper configuration, firmware bugs and telnet/web access. One of the biggest firewall weaknesses, however, is in their very design.
Firewalls detect and block malware using a set of rules for IP addresses and ports and libraries of signatures to which they compare incoming web traffic. This signature recognition technology originated in the late 90s with the development of the first advanced firewalls. These malware signatures are effective against known threats, however, they are useless against new variants and new and old exploits for which no signatures have been developed. In an environment where malware numbers in the millions and some worms, trojans and other exploits go undetected for years, firewalls have serious blind spots.
The first firewalls were initially very effective – the hackers simply moved on to easier targets that did not yet have them. Since then, firewall adoption has become nearly 100%, yet the hackers are still around. Information security and cybersecurity professionals have long recognized that firewalls are only a first line of defense and that alone firewalls have not been able to stem the growing tide of hack attacks.
Firewalls provide:
- Little or no protection against many modern security threats, such as zero-day and undiscovered exploits;
- No protection after a network has already been penetrated and compromised;
- No record of when or how such a penetration occurred;
- No record of what data left the network;
- No protection when a user mistakenly brings malware in by visiting a poisoned website or opening an email attachment containing a virus;
- No protection against insider mis-use and data leakage.
Hackers routinely bypass firewalls. Even IDS-equipped firewalls offer little security against new real-world attacks and sophisticated APTs. The solution? Packet capture appliances, which record all internet/network traffic in both directions, including evidence of breaches and attacks. IPCopper manufactures fully automatic standalone packet capture appliances, with 1 and 10 Gbps capture speeds. The USC1030 and USC4060 combine network tap capabilities with 1 TB and 4 TB onboard storage, respectively, for no-hassle deployment in minutes.
Deploying firewalls creates a false sense of security. The foundation of security is information, something that a firewall cannot provide. Packet capture provides the informational foundation on which to build effective network and data security, giving complete visibility into the network’s activity. This visibility better informs and equips network administrators and IT personnel to address and mitigate network threats and vulnerabilities, conduct incident response, formulate better firewall rules, and detect data leakage, intrusions and advanced persistent threats.
Alone, firewalls stand no chance of giving your network the protection it needs. It is critical, in the case of a network incident, to be able to quickly go back and review historical network IP data to ascertain what happened, when it happened, how it happened and the scope of damage or liability. Packet capture appliances fulfill these needs, complementing firewall security for better network protection.