Why Firewalls Are Not Enough in Today’s Cybersecurity Landscape

Perimeter devices such as firewalls are currently in the cybersecurity limelight, due to the discovery of vulnerabilities that could be exploited to penetrate them. A recently discovered vulnerability in Juniper firewall devices which allows for full remote code execution is a case in point. While firewalls are an essential component of any security solution, they are far from the only component that has to be developed and implemented. In the area of firewalls alone, there are several specific aspects of the human element that need addressing. Properly configuring the firewall is essential to its effectiveness: too permissive Access Control Lists, faulty VPN configurations, outdated firewall rules, and incorrect port management can all be leveraged by attackers to circumvent a firewall’s effectiveness.

‍

In many cases, firewalls are being supplemented with new devices such as unidirectional gateways and data diodes. Multiple standards recommend this. The NIST Cybersecurity Framework emphasizes the importance of network segmentation to isolate critical assets, and recommends the use of data diodes to implement this. Critical network infrastructure in important sectors such as electricity and industry are also mandating use of this technology as part of security solutions. Even in industries where it is not mandated, enterprises should consider the utility of unidirectional gateways in their security solution for the isolation of critical assets. Defense-in-depth is an important concept to consider when defending the most important assets on a network.