Internet security and Firewalls - how many do you need
by Mountain Computers Inc., Publication Date: Wednesday, September 16, 2020
View Count: 529, Keywords: Firewalls, ISP, Layered, Hashtags: #Firewalls #ISP #Layered
I had an interesting call from a sales manager of a major ISP (telepacific) and they were concerned about firewalls that they offered versus the competition.
From a technical perspective, I shared, there is not just one firewall, there are many. They are layered from the client through the organization and out to the Internet.
Since the evolution of IoT, the ISPs really can't block ports to the client anymore. They use to allow only port 80 and that series through, 8080, 8081, 443, and would block 25, 110, 465, 995, etc... and other Internet related services inbound and outbound through the ISP, especially if you were on a residential circuit versus a business circuit.
Now every major ISP must allow all traffic inbound and outbound. Too many services to manage and too many laws to avoid violating.
What do you use to perform deep packet scans at the edge of your organization. Sonicwall, Fortinet, Palo Alto, Cisco, you name it, there are a bunch and only a few in the upper right corner of the magic quadrant.
Just be happy that if your stuff is cloud based with cloud protection, then VPN and other forms of Edge security is not really necessary unless your content is on premise. Deep packet inspection at your border and edge is always a good idea for the right price.
Backups are key. Client antivirus is key. Cloud and hybrid data distribution and protection is key.
Personally, for me, I have 3 firewalls between me and my ISP and I switch up and out traffic on various ports and let it randomly rotate configurations so nothing can get a pin on internal devices, servers, printers, point of sale, wifi, etc.. That is the safe way to do things.
I keep my clients servers and other services internally on the same rotating frequency, and keep my guests and vendors on similar random networks and segmented circuits. You have to do that to remain PCI compliant and PII safe, and HIPAA safe.
more to come...
if you found this article helpful, consider contributing $10, 20 an Andrew Jackson or so..to the author. more authors coming soon
FYI we use paypal or patreon, patreon has 3x the transaction fees, so we don't, not yet.
© 2023 myBlog™ v1.1 All rights reserved. We count views as reads, so let's not over think it.