Every day we face attacks on our technology—malware, ransomware, information and identify theft. With the introduction of the Internet of Things into our homes and businesses, the problem is only getting worse.
One of the most effective ways to protect against these attacks is a well-installed and configured firewall. It can also be one of the most daunting, as it requires a pretty in-depth understanding of how computer networking really works.
We are seeing an incredible increase in the number of devices connecting to the Internet today. It started with just a single PC in the home, then grew to include mobile devices and gaming consoles. With the advent of the Internet of Things (IoT), we are now seeing kids’ toys, thermostats, major appliances, and even lightbulbs now connecting to their manufacturer’s servers and offering control from their owners’ mobile devices.
With each device that gets added to a home or small office/home office (SOHO) network, the threat of being hacked or otherwise compromised also increases. It’s like adding windows and doors to a house. The more a house has, the more choices the bad guys have for breaking in. In computer parlance, this called the attack surface. The larger it gets, the larger the hacking threat.
Control the Chokepoint
In military parlance, a chokepoint is a geographical aspect of an area of land which an armed force is forced to pass. Typically, it forces the attacker to narrow its attack at that point to reach its objective. This greatly decreasing its combat power.
In any network environment, be it at home, in a small office/home office, or even a global enterprise, the connection point between the local network (LAN) and the internet (WAN) is an obvious chokepoint. Control that point, and the hackers are forced to go through whatever defences are placed there—a natural place to put a firewall.
Defence in Depth
Another military strategy is known as Defence in Depth. It tries to delay rather than prevent the advance of an attacker by putting up several roadblocks between the initial attack and the ultimate objective. Defence in depth relies on the attack losing momentum over time or as it covers more ground.
In network security, a great practice is to erect multiple firewalls as defence in depth roadblocks. By establishing firewall protection on any and every device that can support it, a hacker’s attacks become so arduous that while hackers may be able to penetrate the initial defences, each step along the path to their objective presents a fresh, and potentially insurmountable, firewall defence, causing them to give up.
As far as commercial-grade firewalls go, most homes and smaller organizations have either not been able to afford one, or don’t have the technical wherewithal to manage one. Today, a DIY firewall with features approaching those of more expensive commercial firewalls can be built for a fraction of the cost.
Thanks to really cheap hardware (used, recycled, or decommissioned), almost any old PC can be turned into a firewall. Depending on requirements, even affordable platforms like a $35 Raspberry Pi can be turned into a firewall.
As far as software goes, open source Linux-based firewalls have been around for years and can offer commercial-grade performance and protection. Some even share code with more expensive commercial offerings.
Ease-of-use has also improved. Today’s firewalls offer graphical installation, configuration, and management, along with automated wizards to guide users. Installing and configuring a firewall from scratch used to be a very specialized effort. Today, practically anybody can handle the job.