The fact is, there’s a right way and wrong way to deploy a firewall in a network. Positioning your firewall correctly could make all the difference if a malicious actor were to obtain access to a workstation in your environment.
Having your firewall deployed correctly can dramatically improve your security posture. Be sure you are putting your firewall to work for you!
The right and wrong way to deploy a firewall
The key here is where the firewall is placed relative to how traffic moves through the network.
We have seen the "flat" network method of deploying your firewall countless times at Ascend Technolgoies. We call it that because all of your devices are on the same network, sometimes the same subnet, and the firewall is the only thing between the internet and your whole network. So, when traffic goes from your workstation or laptop to any other server within your network, there is nothing in between to block traffic or inspect for security threats.
With this type of configuration, it's not a matter of if, it's a matter of when does this workstation get some sort of malicious code or bad actor on it. In this network configuration, that bad actor has free reign because there is nothing to stop them from connecting to the rest of your network. With no firewall inside your network, it makes it easy for bad actors to move around and steal data once they have access to a workstation.
Fast forward to what we call the segmented network. This is the Ascend way of deploying a firewall. With this configuration, the firewall is deployed in the middle of everything so no packet ever goes from one VLAN or subnet to the other without going through the firewall.
Why does that matter?
The firewall or a Next Generation Firewall serves as the inspection point.
It looks at every packet and:
- scans for security threats
- creates a log of who connected to what, when & how much data they took
- looks at what applications they used
In this situation, if a bad guy gets on the workstation he or she still has to go through the firewall to get to these other critical devices where your sensitive data is stored. It makes it hard for the hacker to move around and steal your data while making it much easier to see what's going on within your network on any given day.
If your network is set up the Ascend way, with a segmented network, you're doing a great job! If you're using a flat network where your firewall is only between the internet and your network, you need to make some changes to protect your business.
Get the Firewall Do's and Don'ts eBook that contains 31 tips, tricks, and best practices from our security experts.