What is the Proper Firewall Setting for Cyber Attacks | Antivirus Software

 A firewall, translated as a " firewall," serves to protect against unauthorized access to internal networks such as businesses and homes via the Internet. On the contrary, it can block suspicious access from the inside to the outside and prevent data leakage, so it can be said that a firewall is indispensable as a countermeasure against cyber attacks.

What is a firewall

The methods of cyber attacks are becoming more sophisticated year by year, and security measures are indispensable. There are various security measures, but one of the basic and important measures is the installation of a firewall. Firewalls act like "barriers" between internal networks such as businesses and homes and the external Internet.

Firewalls constantly monitor access to the internal network from the Internet and access to the Internet from the internal network, detect unauthorized access, and block unauthorized access, even if it is permitted. Connecting an internal network to the Internet without a firewall is like going out with the gates open, making it a good target for cyber attackers.

Mechanism and type of firewall

Firewalls that block unauthorized access from the outside can be broadly divided into three types, "packet filtering type", "application-level gateway type", and "circuit-level gateway type", depending on the filtering method for identifying unauthorized access.

Packet filtering type

The most basic type of firewall, it analyzes the header part of the packet flowing through the network and decides whether to pass the packet based on the IP address and port number described in the header part. That is, filtering is performed at the network layer.

Application-level gateway type

It is a type that performs filtering at the application layer such as HTTP and FTP and operates as a proxy server. Since it is possible to check the contents of packets for each application and block unauthorized access, detailed settings such as access control for each user are possible. This type communicates internally via a proxy and does not connect directly to the internal network from the outside, so it is highly secure. In addition, among the firewalls that can control a large number of applications by evolving the application-level gateway type, there is also a firewall called the next-generation firewall.

Circuit level gateway type

Evolution of a packet filtering firewall, in addition to communication control by packet filtering, a type that relays and controls transport layer level communication. It is possible to specify the port that allows communication and control only the communication of a specific system or application. Please note that there are cases where dedicated software is required for client terminals such as personal computers.

Each method has advantages and disadvantages, and the operation method differs depending on whether it is installed on a server or functions in a terminal such as a personal computer (sometimes called a personal firewall), so the target and purpose of introduction It would be better to select the most suitable one according to such factors.

Firewalls alone cannot prevent malware

Although firewalls monitor communications, which can be said to be the lifeline of cyber attacks, they are highly effective, but they alone cannot prevent all cyber attacks. A firewall is just like a barrier between the external Internet and the internal network, monitoring packets flowing through the communication path, and blocking unauthorized communication. Communication is checked based on the set rules of the user to manage, but it does not include the function to detect the malware itself hidden inside the packet and the function to remove the malware from the terminal infected with the malware. Therefore, it is necessary to install not only a firewall but also antivirus software for malware.

In addition, firewalls cannot prevent DoS attacks and SYN flood attacks in which the source IP is spoofed. It is important to correctly understand the defense mechanism of the firewall and use security tools such as antivirus software together.

Point of firewall setting

Firewalls are not the end of the installation, but the effects are maximized by making appropriate settings according to the usage environment. The points of firewall setting are as follows.

Properly block unused ports

To prevent port scanning from finding vulnerabilities in your server, block unused ports as much as possible and open only the minimum number of ports.

Allocate port numbers

A typical service has a fixed port number to use, but some network cameras use different port numbers for each product. If you are using such a device or service, configure your firewall so that you can use that port number.

Set permissions for each application

In the firewall, you can set whether to allow communication with the outside for each application. In the case of the so-called whitelist method, communication with the outside is blocked except for permitted applications, so it is possible to prevent information from being leaked to the outside by an unauthorized program.

Please be aware that we are entering an era in which security measures such as firewalls should be taken by utilizing security software that is easy for individuals to introduce.