- The Abe Kanan Show

Posted on: August 16th, 2015 by Ryan Manno

A Firewall is a necessary part of any security architecture and takes the guesswork out of host level protections and entrusts them to your network security device (visit here to get all the details).

Most of the times, network security devices are designed around the needs of the bad guys. They are at the mercy of the attacker and their infrastructure. That means the bad guys can do anything to screw the device that they have targeted. If they make an attack against your server, you are responsible for your network security device’s vulnerability. Do not waste your time on the workarounds that are available. Give your device a day to rest from all the noise and keep it as safe as it can be.

This is not the only risk that network security devices take, but it is still a risk. You are taking a lot of risks on your network, including the risk of taking your network security devices to a state where they are no longer secure and putting them at the mercy of the attacker. The real risk is the risk of taking your devices to a state where the network security devices can do little to stop attacks.

Re-architect your infrastructure, and do not put other systems behind your network security device
In addition to taking the network security device risks mentioned in #6, your network infrastructure also presents several vulnerabilities to any attack on the network. In the world of routers and firewalls, the main problem is that most of them have a complex software architecture and are not modular. The network security devices you might want to use have a big part of the network architecture as their code. In addition to that, routers and firewalls rely on some form of networking technology called encapsulation, which allows an interface to know it is part of a network or to be acting as a service to other networks. In fact, encapsulation could be what turns a rogue device into a hacker or backdoor into your system.

In case you have not yet heard of encapsulation, here is a bit more detail about it.

In summary, the network security devices you might choose to use are very much related to the way you can access the Internet and the way your organization can add value to your network. How you set up your network infrastructure should greatly depend on how you want to use the network as a place to access the Internet. Nowadays, routers and firewalls are rarely used to access the Internet from the building that you use for your network because those devices are not designed to do that. In most cases, you have to use your router or firewall for that. The other issue you have to think about when planning how you want to place your network security device is whether it is used to protect individual PCs, laptops, network printers or network-accessible storage. A router is not designed to guard these sensitive applications from attackers.

Routers can take a lot of the risk by default because they have an impact on everyone else on the network. You can only mitigate the risk when you place the router on another network, or when you use a password-protected network. Routing access through a router only makes sense in certain situations and not others. Make sure you get this right before you place a device behind a router.