For many medium sized business, meeting IT compliance and securing their network infrastructure is becoming more of a challenge as investments in IT decrease while state compliance rules become stricter & network attacks increase. One of the general principles of IT security is defense in depth; the principle that states that only a layer of security measures in a company would provide the highest layer of security. There is no single device that can magically secure a company.
At the lowest level, policies and procedures regarding use of technology resources should be defined in a transparent manner. This is done so that users know the policies of the company, and sometimes this predefined knowledge that was given to them prevents from the company from data loss and virus/malware issues.
Secondly, being a consultant working with medium sized businesses, I know from experience although the client values their data and has a robust security infrastructure, they fail to ensure physical security to servers and other data-sensitive resources. Simply, having the server room locked can prevent security breaches. A lesser known fact is that the highest vulnerability of attacks actually is executed internally.
Thirdly, protecting hosts or computers in a business is very important. The threat of malware, viruses, that exist on the internet as well as on removable devices such as thumb drives needs to be addressed. Having an antivirus solution with firewall capabilities are one of the ways of protecting hosts on a network. I’ve noticed that system administrators usually disable the windows firewall so that other applications can work seamlesssly (pushing out software). This leaves a huge hole in security. So instead of disabling the firewall, certain features such as ICMP ping/reply should be enabled while majority of the other pots should be blocked. THe fact is, not everything is filtered by the network firewall. Packets can be fragmented and come through the fireall using open ports, and then reassembled to make a connection with common ports on local hosts.
Lastly, protecting the network with a firewall is important. At the same time, just putting this device on the network will not prevent attacks. THe device firmware should be updated regularly, and access lists should be updated depending on the company needs. Also, any servers facing the internet should be puton the DMZ which essentially separates the servers from the local area network. So if a server is compromised, the attacker cannot also exploit the resources on the LAN. These internet facing servers should not have any critical business data but rather handle requests being received from the internet.
Protecting a network is not a magical process that guarantees security by placing a single device such as a firewall. Security should be layered and protect servers, computers, users using various schemes.