Protecting Your Network from Ransomware: Firewall
Lets start out by defining a “firewall.” A firewall is hardware or software solution designed to control access to or from a private network. Any firewall-based protection is only effective against traffic that is actually coming through the firewall. Firewalls will not protect you from an infected USB device plugged into a PC or other threats:
- Minimize your attack surface as much as possible. The best way to do this is through a periodic review of all port forwards and eliminate any that are not needed. Each and every port that is open is a vulnerability in your network. Consider using a Virtual Private Network (VPN) solution for remote access to local network resources.
- Secure any ports that must be open by setting the strictest possible intrusion prevention system (IPS) rules for traffic on those ports
- Consider an DNS Firewall. A DNS firewall routes all traffic through a third-party server that analyzes it looking for known malicious or suspicious sites
- Segment large networks. When large networks are built out as one single LAN, the opportunity for infection of the entire network environment increases dramatically. Use your router to segment your LAN by departments or other functional groups.
- Embrace a layered approach to your network security. No single solution will protect your network from ransomware. A properly selected and configured firewall is a great first step but the addition of a DNS Firewall, robust managed network security solution like our Phalanx product and effective onsite \ offsite backups is the best defense against ransomware.
The last suggestion here is probably the most important. At Gnosys, we make use of a layered approach to network security that includes all of the above. Our Phalanx Advanced Network Defense uses a “default deny” approach to unknown software attempting to run on your network. This means that before any unknown application is allowed to impact your network, it is evaluated and runs in a containment environment during that evaluation period (generally no more than 2 hours).
During this time, the application is checked by an automated system and, if needed, by actual programmers that extract the code to see what the application is trying to do.
If everything checks out, the software is added to the “white list” and released from containment. If not, the application is purged from containment and the actions it took are reversed.
When combined with our recommended routers and the Doru DNS firewall system, Gnosys Networks can provide a solid, monitored defense for your data.
Want to know more? Give us a call at 352.870.2034 or email firstname.lastname@example.org for more information and schedule a free network evaluation.