How are the hackers getting past your firewall?

by | May/27/2009

I get calls from IT Professionals asking what to do when a cybercriminal is trying to log in through the network remotely with a brute force “password guessing” attack. The IT professionals often state they are surprised an outsider could do this “since the firewall was up and running.”

I’m used to executives wanting a single “silver bullet” to take care of security, and am educating them and their IT professionals alike that no single IT security device or strategy can be viewed as complete on its own.

For example, these two statements are wrong:  “I know we are safe because our firewall is up and running.” “I am safe traveling on the road because I always connect to my office through a VPN.” Firewalls and VPN’s are wonderful IT security tools – mandatory security tools if you ask me – and they are not enough. Today’s cyber security situation is so dire that you need many different layers of protection in place.  There is NO SUCH THING as an IT security “silver bullet.”