One of the best ways of achieving network security is by gaining an understanding of the workings of unethical hackers. Most organizations just assume that they are too small to be a target of an online attack. In the early days of cyber-attacks, the assumption was accurate. Today, attackers consider all forms of organization or individual data as being useful. The small entities are a low-lying fruit that they can attack at any instance. The idea of attacking personal computers is easy to attack. The hackers do not have to circumvent airtight firewalls. The awareness that attackers can visit any network is the first step in developing a good defense. There are two main types of firewalls available in the market today, application and packet filtration getaways. All firewalls available in the market today have are vulnerable to attacks as indicated by the increasing in the number of breaches each year.
According to Sari, (2019), to understand the strength of their firewalls, entities test their vulnerability with the tools at their disposal. The concept of a firewall places it as an impediment against all possible attacks to the network. Expert network administrators have the ability to configure the firewalls in a way that they cannot respond to internet control protocols. The firewalls are away from the reach of outsiders with the intention of manipulating it. Still, hackers have come up with ways of circumventing the safeguard tools. Kumari, Singh & Upadhyay (2019), further explain that one of the loopholes is the firewalk, a utility tool that finds open ports on the firewall. The firewall evaluates the live system behind the firewall to discover the devices permitted to access and open ports on the firewall. The tool is able to conduct the scan without interfering with the system.
Kim, Yoon, Narantuya, & Lim (2020), in their study indicate that the firewalk is also able to map the remote network of the firewall. To that extent, the hacker is then able to create a clear topology of the network beyond the firewall. The hacker makes the sketch by forwarding packets to all hosts found behind the firewall. The firewalk diffuses the transmission control protocols and the user datagram packers by using an IP time to live. Once the filtering device allows traffic to flow in, the data packets move to the target. Alternatively, if the filter devices impede traffic, it is impossible to spot any data packets. The implication is that the port remains closed (Hall, 2015). However, some firewalls acknowledge that a packet expires once it reaches its target before an access control lists rules apply. Therefore, the defense occurs by extracting expired packed and sending them back to the hacker to provide false positives.
The other loophole ensues from an H=Pinging. The tool is a ping utility with some added functionality. As Rash (2007) indicates, the tool facilitates its users to explore options on the TCP packet that allow it to penetrate some filter devices even though it may be blocked and it reports the packets received. By utilizing the P switch, it is possible to set a destination port in the form of a traceroute that is able to penetrate the firewall. The tool is also able to fragment the TCP packets but it main role is sweeping utility. However, in some instances, the filtering devices are not able to handle fragmented devices and it allows entering. In such instances, the mapping of the network is a cakewalk.
According to Whitman, Mattord & Green (2012), the rootkit also exploits loopholes found in the firewalls. The rootkit is not one of the conventional malwares in the form of a Trojan or a virus. The rootkit is more harmful than the malwares because it is a major segment of a code moving into the computer system. The design of the tool enables it to hide all unauthorized activities. The rootkits enables the hackers to take over administrative control. Therefore, the criminals can utilize the devices without restriction and knowledge of the owners (Yuan et al, 2019). The rootkit attacks and replaces critical operating system files and that enables it to conceal and hide itself. Once the rootkit is inside the system, it begins to cover the intrusion tracks. The device makes it impossible to notice malicious process running in the background and it opens a port that creates a backdoor (Finley & Harkiolakis, 2018). Some rootkit designs infect the computer BIOS with software that initialize when the computer is on. The rootkits penetrate the BIOS and nullify the operating system installation disk.
The article by Trabelsi, Zeidan, & Hayawi, (2019), shows that hackers find it easy to penetrate the firewalls by luring the victim to open an unverified link. After that, the hackers are then able to access any of the programs on the machine even those that are behind the routers with the ability to block all forms of communication from the outside world. Hackers have the ability to penetrate the firewalls and the routers with the aim of connecting to particular ports. As a preventive measure, the firewalls should not forward the ports. The action of visiting web pages without authentication or user input makes it possible for intruders to circumvent the firewall protocols easily.
Therefore, to reduce the prevalence of attacks; it is important for enterprises and individuals to instill effective firewall management practices. Firewall management policies mitigate the network challenges and enforce the use of certain risk management software. According to Jaïdi (2018), it imperative not note that network hacks are not a result of just technological lapses. The configuration of the firewall and the integration with the business security policies is critical. The number of the devices and applications to oversight precarious firewalls keeps on increasing each day and the level of complication is rising.
Sari (2019) explains that to use firewalls effectively, it is important to establish policy decisions. The administrator has the man responsibility to translate the policies to firewall rules. Therefore, the administration should understand what types of rules are applicable on the infrastructure available to the company. However, there are some common policies implemented by organizations. One of the policies is that all firewall implementations should adopt positions of least privilege by denying all incoming traffic (Kashefi, Kassiri, & Shahidinijad, 2013). The rule asserts that traffic should move incrementally to allow only permissible forms of traffic.
The other common policy is that the installation of firewalls should be within the confines of the production environment. The policy helps in the achievement of functional separation of application, database and web servers. Further, a common policy requires regular review of the configurations of the firewall. Additionally, most entities require the firewall configurations and rulesets to have backups frequently with alternate storages. Further, organizations have a policy that requires firewalls to protect credit card data on the networks. A policy in the firewall logs is also critical. Entities have a rule that requires the administration and event logs to be in alternate storages (Andrea, 2014). A review of the logs should be on the schedule of the network administrators daily. Additionally, a policy should enforce schedule maintenance procedures by the administrators.
Apart from the firewall policies, there are some general guidelines put in place by organizations to prevent breaches. One of the essential measures to protect the sites is to stay informed on the general happenings in the context of cybersecurity (Dezhabad & Sharifian, 2018). Administrators and company directors can access information by reading technology blogs and research. Various hacking sensitization sites inform people how they can safeguard their networks. Secondly, it is important for business to educate the staff members on the risks. One of the easiest ways for hackers is to gain access to the system is by taking advantage of virtual doors left open by employees. Members of staff need to do much more than using strong passwords. For instance, the internal users should lock their computers when they are not using them.
To summarize, it is important for administrators to work around the most common points of entry utilized by hackers. One of the first measures should be to change default passwords on all software and hardware devices. It is also vital to consider assessing the ports open in the network. The administrators should consider whether all the ports open are necessary. The unnecessary ports should remain closed. All programs and services not in use should also remain closed on the computers. Applications are also vulnerable points that the hackers can access. It also important to ensure that the firewall software is up to date. Regular tests on the firewall ensure that it is working properly. Anti-malware scanners and antivirus programs are also imperative.
Sari, A. (2019). Turkish national cyber-firewall to mitigate countrywide cyber-attacks. Computers & Electrical Engineering, 73, 128-144.
Kumari, S., Singh, P., & Upadhyay, R. K. (2019). Virus dynamics of a distributed attack on a targeted network: Effect of firewall and optimal control. Communications in Nonlinear Science and Numerical Simulation, 73, 74-91.
Kim, S., Yoon, S., Narantuya, J., & Lim, H. (2020). Secure Collecting, Optimizing, and Deploying of Firewall Rules in Software-Defined Networks. IEEE Access, 8, 15166-15177.
Hall, T. C. (2015). Max Power: Check Point Firewall Performance Optimization.
Rash, M. (2007). Linux Firewalls: Attack Detection and Response with iptables, psad, and fwsnort. No Starch Press.
Whitman, M. E., Mattord, H. J., & Green, A. (2012). Guide to firewalls and VPNs. Cengage Learning.
Yuan, H., Zheng, L., Qiu, S., Peng, X., Liang, Y., Hu, Y., & Deng, G. (2019, February). Design and Implementation of Enterprise Network Security System Based on Firewall. In The International Conference on Cyber Security Intelligence and Analytics (pp. 1070-1078). Springer, Cham.
Trabelsi, Z., Zeidan, S., & Hayawi, K. (2019). Denial of Firewalling Attacks (DoF): The Case Study of the Emerging BlackNurse Attack. IEEE Access, 7, 61596-61609.
Jaïdi, F. (2018, December). A Novel Concept of Firewall-Filtering Service Based on Rules Trust-Risk Assessment. In International Conference on Soft Computing and Pattern Recognition (pp. 298-307). Springer, Cham.
Sari, A. (2019). Countering the IoT-Powered Volumetric Cyberattacks with Next-Generation Cyber-Firewall: Seddulbahir. In Security, Privacy and Trust in the IoT Environment (pp. 83-96). Springer, Cham.
Kashefi, I., Kassiri, M., & Shahidinijad, A. (2013). A survey of on security issues in firewall: a new approach for classifying fire wall vulnerabilieties. Internationla Journal of Engineering Researh and Applications (IJERA), 3(2), 585-591.
Andrea, H. (2014). Cisco ASA Firewall Fundamentals-: Step-By-Step Practical Configuration Guide Using the CLI for ASA v8. x and v9. x. CreateSpace Independent Publishing Platform.
Dezhabad, N., & Sharifian, S. (2018). Learning-based dynamic scalable load-balanced firewall as a service in network function-virtualized cloud computing environments. The Journal of Supercomputing, 74(7), 3329-3358.
Finley, I. B., & Harkiolakis, N. (2018). Cybersecurity policies and supporting regulations for maritime transportation system in the USA. International Journal of Teaching and Case Studies, 9(2), 89-108.