Stop Attackers Who Bypass Your Firewall: Firewall or Failwall?
When a user gets one of those phishing emails about, “click here to…” and the user clicks, that communication just went through and your organization’s firewall probably didn’t even realize what was happening. Other than training users, there is a simple way to make up for the weakness of your organization’s firewall.
It is very important to have a good firewall between your organization and the Internet. Since attackers find many vectors to bypass that firewall, it is crucial to have what is known as a “client firewall” as well. While over-simplified, think of the client firewall as a firewall “program” running on each computer. This simple tool, if utilized properly, will thwart many common security attacks.
Often, your anti-virus suite offers the client firewalls as an inexpensive upgrade. You may already have the tool and it isn’t turned on. A free firewall, especially good for your computers at home, is described here: https://www.fosterinstitute.com/blog/powerful-windows-firewall/
You might find it fascinating how, when I’m performing audits, I discover that many organizations have the technology for client-side firewalls and the firewalls are turned off. Maybe your IT professional(s) are just too busy to enable and configure the firewall? If so, that is a priority management problem.
Please post your comments on this blog.