Firewalls & IPS in Chicago
The multi-billion dollar hacking industry is targeting your company's prized assets. You need a Next-Generation Firewall (NGFW) to separate your trusted internal network from the dangers of the public Internet.
Beyond the basic concept of a firewall, there is a lot of complexity and a lot of choices among firewall vendors, models and configuration options. Equilibrium’s network and security teams work together to guide customers through choosing the right firewall with the right features and right configuration suited to their environment.
Through a combination of our experience deploying hundreds of firewalls and strong partnerships with vendors like Cisco and Palo Alto, we offer low product costs and high-value design, implementation and management services.
Read on to learn more and take advantage of our Free Firewall Assessment today.
Intrusion Prevention System (IPS)
Protecting your business assets is becoming more complicated as applications become more dynamic and as more users access on-premises and cloud-based resources from mobile devices.
Old-school signature-only detection products lead to a one-dimensional approach. You need an IPS solution to identify and mitigate attacks with context-aware threat prevention that augments your firewall and VPN deployments.
You also need a powerful solution that incorporates capabilities for regulatory compliance. They can help you meet PCI DSS, HIPAA, SOX, GLBA, NERC CIP, FISMA, and other business-critical security standards. Planning a secure environment, will naturally help you maintain compliance.
IPS devices are also known as Intrusion Detection Devices (IDS), however you will want to have this device configured in Prevention (IPS) mode. These are network devices that use advanced technology on top of the basic firewall features to look for, block and log malicious activity.
For example IPS devices can block malware from being download in-line at the firewall. It can also block access to known bad sites which are known to host malware. IPS devices leverage definitions which are updated daily as well as statistical anomaly based detection. This works in an analogous fashion as anti-virus software, but more powerful, more proactive and with higher visibility on your network.
IPS is no longer optional. It is now a common best practice security technology needed to keep up with malicious activity and block hackers. Most firewalls have IPS features built in, which is great for SMBs and Mid-Market organizations with modest security budgets.
Implementing IPS on a firewall can be a headache without the right implementation and product vendor. There are many configuration settings that must be set correctly to avoid issues. You need a device that determines the best response by looking at multiple factors, including the network reputation of an incoming flow’s source, the target’s value to the organization, the target’s operating system, and the user identity associated with the flow.
The last line of defense within an IPS device requires high processing power, in general. Be sure to pick a vendor that leverages intelligent means to block the most obvious malicious traffic before it reaches the last line of defense in the IPS module. This defense-in-depth architecture is critical in order to maximize performance and throughput on your firewall/IPS hardware.
Firewall and IPS Logging, Monitoring, Alerts and Reponse
A robust firewall and IPS solution will help you automaticlly prevent the most common technical security issues from occurring. These devices also have intelligence to log activity allowing your security team to review and respond to hacking attempts. Logging, alerting and response is not included in the IPS itself, but requires another system and/or team to filter through the noise and respond to real issues.
Equilibrium can also help with firewall and IPS logging, alerting and incident response along with our hosted SIEM system. This system provides intelligent alerts which can be acted up by either Equilibrium or your internal staff.
We always suggest the use of a basic centralized logging server (syslog) server as a bare minimum during firewall deployments. This allows us or the client to review logs in case of a security incident, performance issue or for other troubleshooting scenario. Centrailized logging is also a common regulatory requirement.
Our internal firewall deployment procedures have the NIST Guidelines on Firewalls and Firewall Policy built-in. This includes Special Publication 800-41. We review the list for each deployment to look out for any special customer requirements. In a similar vein, we also leverage NIST’s National Checklist Program Repository which covers similar details.
For example, we ensure that ICMP (pings) are only allowed from trusted sources to the firewall such as external monitoring solutions or ISP monitoring sources. We are also sure to disable telnet globally and allow SSH only from trusted internal hosts or IP ranges. Our list of security best practices is comprehensive.
Each firewall deployment includes free external vulnerability scanning. This allows us to ensure the firewall and published applications are locked down and secure from the start. It provides a solid baseline from which to start recurring vulnerability management.
We also audit your firewall using an automated tool to look for unforeseen configuration issues and vulnerabilities. This will allow you to stay one step ahead of your auditors.
VPN and Remote Access
Firewalls allow for both site-to-site VPNs and a Remote Access VPN. The security settings for site-to-site VPNs must match at both sites to avoid issues and must be configured with a balance of performance and security to maintain confidentiality. Some firewall vendors are behind in their security technology, while others have future-proofed their options including next generation encryption.
Configuring Remote Access on a firewall provides a convenient method for users to work remotely. There are a long list of configuration choices. Planning the correct licensing, authentication model and encryption algorithms can be a challenge to get right.
We only deploy SSL VPN remote access technology. This technology is easier to manage than the older IPSec method and offers more flexibility for the remote users. For example, it can be deployed client-less or with an easy-to-use SSL client.
Be sure to choose a solution that is compatible with other Identity and Access Management (IAM) solutions for use in the near or distant future. Remaining flexible is key as security technology improves.
Be sure to pick an IPS devices which also includes URL Filtering and web security. This allows you to streamline URL filtering with your firewall/IPS vendor or add this useful security measure for the first time. Ensure you find a solution that can log and manage access through Active Directory users and groups.
The Equilibrium Difference
Take advantage our experience of deploying hundreds of firewalls over more than a decade in Chicago. We understand the priorities of each industry, company size, SMB and Mid-Market as well as listen to understand your specific security requirements and priorities.
Take the first step to protect your organization and avoid a security breach.
Additional Free Resources