Disclaimer

The content of this material are challenges faced onsite and how I personally resolved them. Please be noted that solutions posted here

1> should not be considered as ultimate. The material may be considered for reference only.

2> should not be considered as guarantee that solutions may work. Contact Cyberoam support before making any changes.

3> blog does NOT belong to the Cyberoam. It's a blog...a personal blog.

Changes done after referring this site may seriously damage the network. So...

........DO CHANGES AT YOUR OWN RISK

(please contact cyberoamsupport before implementing any changes)

Wednesday 23 May 2012

Most important things your firewall should do

We have recently organised a customer meeting, where we have invited most of our customers and requested them to the poll for the most important things a firewall should do. This is a regular operation we do.

How this helps us?

1> increased satisfaction of the customer because we care
2> customers tends to learn new threats
3> New customers who appreciate the need of security
4> awareness of new technologies released and how its going to help them
5> a common platform to discuss existing network problems and their solutions

After many suggestions and many reviews we have decided to list them down. The list which will help most of the customers to take a better decisions while buying a new security product or when they are ready for renewal or when they want to replace existing solution

The attacks have grown mature, the users went mature, the applications are more mature but most of the appliances are not ready for this challenge.The attacks can be blocked from WAN but what about the new threats. These new threats are also known as Zero day attacks. The products are not aware of these threats.

So to provide a check list we came up with Top 10 list and below are the important list of these features:

1> Intelligent and advanced Application filter with bandwidth control

The advanced application filter should identify applications which are running on standard ports. Like HTTP i.e. port 80. Port 80 has simple web traffic, IM traffic, CRM traffic, streaming media traffic. Most of our customers wanted a solution which will allow steaming media on port 80 but with a limited bandwidth. If a solution can not identify the streaming media on port 80 its very difficult to manage your limited bandwidth. Along with that many online movies sites and live TV can also be differentiated and should be limited on usage.

Another set of bandwidth hungry applications are the p2p applications which eat up your most important resource i.e. bandwidth. Recently one of our customer complained slow browsing, we installed a solution just to find most of the users were bringing their laptops with P2P applications still active when they come from home. They were not only choking up the bandwidth but also risking the network with new Virus, worms and Trojans.

2> A True identity based solution

Some users are very aggressive. They launch an attack deliberately or accidentally and the organization looses important data. Most of the organizations trust their employees and we seldom hear these but the truth is these things never come to light unless they occur to important organisations. So administrators right choice is to identify the users who take advantage of this trust.

Also, most of the attacks are not from outside but inside like spam. we want to identify the users and then block them. The identity based solution should also have the ability to allow admin to create granular policies over the users.

Now that we are aware the user is the weakest link in the security his activities should be monitored regularly.

3> Live view of the network

Once the user has been identified, the solution should be capable to show how much of bandwidth is being consumed by each user or application. The data is very important for the optimizing the network performance. When you keep these advanced solutions in your network, you will be amazed to see so many applications being used which are chocking your bandwidth. Based on the live reports, you can take immediate actions on the users.

4>  Anti-Spam

Spam is very ugly truth. With no solution your email server and your users can be easily compromised and soon your IP will be blacklisted. Once a IP gets blacklisted, we all are aware of the hardships we have to go through to get it unlisted. A true spam solution should be able to catch spam in any language or format. Also, it should be capable to block spam at the gateway level itself.

5> WAF

In my earlier thread I have explained the use of WAF and its requirement. To refer it kindly browse through below link
http://cyberoamexpert.blogspot.in/2012/05/cyberoams-waf.html

6> Web Category based Bandwidth control:

One best example is the Facebook or social networking sites. These social networking sites are very good and I am big fan of them. Recent study also showed that the allowing the users to do facebook increased the productivity of the employees. But that does not mean that users should be given full bandwidth to these networking sites. So a true solution should be capable to implement the bandwidth policies on these sites. So users can enjoy the site but at a limited bandwidth.

7> Logging and Reporting

A true solution should include inbuilt logging and reporting solution. The reporting should be very elaborate and should not require any external device or software. Howerver, it should also provide a facility to generate logs and reports to a syslog server.

8> SSL VPN

I like working from home as many of us do. But it gets difficult to work if I am not able to access resources securely. The solution should allow users to login from home and work safe and secure. SSL VPN is best as its secure and provides mobility.  While client to site is also better way but a SSL VPN is truly a best solution.


All our customers were very satisfied with the list as it really helped them to choose the right product!




No comments:

Post a Comment