HTTPS Inspection at the Gateway Stops More Threats at the Perimeter.
NextGen Firewalls can be a great deterrent against ransomware. They can detect when a machine is trying to get to known bad parts of the internet and block it. They can use content and security-based web control to block out huge chunks of bad sites.
Part of the challenge is that the bad guys are taking advantage of encryption in various ways in order to disguise payloads. This includes SSL traffic from the Command and Control server. Enabling SSL or Deep Packet Inspection goes a long for breaking that encryption and making sure nothing bad is coming across. However, the challenge in doing this is that you are effectively creating a “Man in the Middle” attack.
The Firewall is representing as if it’s the endpoint to the HTTPS destination, which has no idea if its legitimate or not, so no issues there. However, it’s also representing to the endpoint that it’s the HTTPS website, here’s where the error occurs. This can cause your web browsers to throw up a warning to end users for every HTTPS website they visit. In order to solve this, you simply need a certificate from the gateway device and load it into each browser so that it knows that the firewall is authorized to represent the final HTTPS destination.Creating the certificate is easy, getting it installed on your devices can be done in mass but will still take a little bit of effort.
To get stated first do a browser inventory. IE, Edge, Chrome and Safari for Windows will all take advantage of the MS Cert store, so you can use a GPO to install this. For Firefox and Safari on Mac, you will need to use custom scripting. Any other browsers will require research to figure out how to pull this off.
It’s a little bit of work, but inspecting HTTPS traffic will help block more threats from reaching your endpoints.
Review Firewall Settings on an Annual Basis
Annual Firewall reviews are becoming more and more important. For many of our clients we are finding that they are routinely needing to adjust, or tweak firewall rules in order to allow for new applications or services that are getting introduced into their environment.
From my experience, it’s not always easy to get instructions from application vendors on what exactly needs to be whitelisted or allowed. Many times, you’ll find detailed instructions for part of the application. but not for the applications OEM’s components.Other times the instructions are too general and not secure, I recall a time of cutting and pasting the instructions from a VOIP phone/conferencing solution and our tech guy telling me “That opens up the whole internet”. That’s not good.
The process of creating more access through your firewall can lead to more ways to exploit your environment. An annual review with a fresh set of eyes can help you figure out where to get your firewall back in line with your desired posture.
The other benefit of an annual review is learning about new security features that have been released. We find many people delay implementing new security features or taking advantage of enhancements because they don’t have time to learn how to implement them or in many cases, didn’t even know they exist. A firewall expert can help you with in a fraction of the time that it may take you to review your firewalls settings. When you consider your time savings, security posture improvement,and mitigated risk, contacting an expert makes a lot of sense.
If you can’t tell what’s going on with your current gateway device, or are running a basic firewall, we would love to help you look a modern Next Gen Firewall. If you have a unit that you aren’t sure if you are getting the most out of, let us know. Even if we can’t help, we’ll give you some guidance on who can.
