The most effective firewall features to use

Firewalls have long been part of an effective network monitoring and protection scheme, and that remains the case still today. But, not all firewalls are as effective as others, and each one has its upsides and downsides for every organization.

Here are four firewall features to consider:

1) Geolocation by IP

“China is the source of 41% of all cybercrime attacks.”

This filter works by blocking traffic from certain locations from entering the network. For organizations that operate in limited geographies, this kind of filter can be an easy way to keep a large chunk of malicious traffic off the network in one fell swoop. For example, a business that’s only in the United States might find it helpful to disallow all traffic coming from China, as that country is the source of 41 percent of all cybercrime attacks, the Infosec Institute reported. However, geolocation by IP is not well-suited for global organizations or firms trying to stop malicious traffic coming from their own country.

2) Time of request

For businesses that only operate during certain hours every week, this kind of filter helps ensure that only authorized parties are accessing the network. Cybercriminals often try to install malware or bypass filters at off hours. For example, the perpetrators of the recent $81 million Bangladesh Bank heist sent in some of their money transfer requests during days when the Federal Reserve Bank of New York was closed, Wired reported.

This is a common strategy, and time of request-based filters can help thwart these efforts. But, companies that operate globally or that have employees working 24/7 would see limited effectiveness from this kind of filter.

Network access requests that come in at 3am on a Saturday are likely fraudulent.

3) Port restrictions

This, along with blacklisting, is one of the oldest filtering techniques out there. Essentially, this kind of filter ensures that only traffic traversing through certain pre-designated ports can access network resources.

In particular, the Internet Engineering Task Force noted that many firms used to only allow outgoing requests through ports 80 and 443, which would limit traffic to just HTTP requests. However, with the number of threats coming through via HTTP and even HTTPS at an all-time high and rising, limiting traffic to just these ports would likely do little to keep malware and cybercriminals off a corporate network.

4) Whitelists

Whitelisting is the opposite of blacklisting in that instead of blocking access to select sites, access is only allowed to a select number of sites, apps and programs, with everything else restricted by default. This is typically an easier way to block access to lots of traffic in one fell swoop, but setting up a whitelist can be a challenge and legitimate, approved sites can still harbor potential threats.

Are these firewall filters alone enough?

While all of the above firewall filters have their own unique strengths, not one of them alone would be effective at protecting the network. Instead, it is advisable to combine elements of all of them and others in the creation of custom rules. For example, a company could block access to the network from certain sites and from specific countries during non-core business hours. This kind of custom rule would combine the strengths of many different pre-existing firewall settings in a way that more effectively protects the network.

Still, even with custom rules in place, additional oversight would be necessary. That way, even if a cybercriminal or malicious insider was able to bypass the custom rules filters, anomalous behavior could still be spotted and acted upon in a timely manner. This combination of custom rules and diligent network oversight is perhaps the best way an organization can both stop the majority of potential threats and ensure that issues that do arise don’t snowball out of control.