Icon Close country selection
News
Back to the list
Hillstone Networks

Wall difficult to break through

date08.02.2023

Firewalls are the first line of network protection. State-of-the-art firewalls, working in tandem with other elements of the IT infrastructure, are a serious hindrance to hackers and malware, and can also protect ordinary users from their irresponsible actions.


The security of a network in any organization is only as strong as the least protected device in it. This is one of the basic principles that has been, is and probably will continue to be in effect. It is therefore important to provide the best possible protection for an entity's IT infrastructure and its users. In order to do this, all vulnerabilities must be eliminated. One of the most important security elements is certainly a firewall, or so-called firewall, preferably in the form of a physical device. Although this equipment is a much more expensive solution than software tools, but it provides an incomparably higher level of security. Of course, it is optimal to simultaneously use a software firewall - running on each workstation, which controls traffic through ports and applications - and a physical firewall installed between the network and the gateway.

Today, Next Generation Firewalls (NGFW), which are intelligent and the most powerful devices in their class, lead the network protection market.

 

This type of equipment takes care of protecting not only the network itself, but also the users and the cloud or virtual solutions used by the facility. Such devices are selected according to the number of employees, depending on whether there are dozens, hundreds or even thousands of them. The firewall becomes a centralized center for protecting our infrastructure. The task of this type of device is to comprehensively control traffic on a monitoring and verification basis to prevent malware attacks, hacker activities and to block also unknown types of attack. Importantly, for a firewall to be effective, it must work quickly and fully automatically. For this to be possible, it is necessary to develop and implement appropriate rules in advance, defining the methods of operation. A firewall not only protects against external attacks, but must also prevent information from escaping outside the protected infrastructure.

 

Next-generation firewalls (NGFW)

The operation of basic hardware firewalls is based on filtering packets transmitted in the network and - after analysis - blocking those that do not comply with predefined rules. For example, these can be source or destination IP addresses. Although the operation of such firewalls when well configured (and this is not an easy task) can be effective, the level of security should then be considered basic. Their capabilities are quite limited and do not allow to predict, for example, whether a given request from a trusted IP address will not have unpleasant consequences for the system or software. In addition, such firewalls do not support user authentication and do not fully protect against all TCP/IP protocol and application-level attacks. New-generation firewalls are much better equipped to detect threats to a fuller extent. This is made possible by combining the functions of a traditional firewall with additional capabilities - traffic inspection (including encrypted traffic), Intrusion Prevention Systems or antivirus software support. Packet inspection (DPI) is in-depth, while basic firewalls only analyze headers. In addition, network address translation (NAT) allows devices with their own network addresses to connect to the Internet using a common (single) IP, while the individual ones remain hidden. This ensures that an intruder, after scanning our network, will not be able to capture any identifying details and thus launch an attack on a specific device.

 

The next-generation firewall provides security at the packet and application level. The use of mechanisms such as antivirus, IPS and sandboxing allows us to suspect and verify the content sent by users on the Internet before it reaches them.

Contact Us

Bakotech Sp. z o.o.

ul. Drukarska 18/5

30-348 Kraków

Poland

Dane firmy

VAT ID 6762466740

REGON 122894922

KRS 0000467615

Kontakt

ph. +48 12 340 90 30

office-cee@bakotech.com

Privacy policy

Subscribe to stay updated

Would you like to stay updated on the current IT and InfoSec news? About BAKOTECH events like webinars, trainings and conferences? Please, leave your e-mail:
Error occured. Please check the form fields and try again.
This address is already in our database.
The subscription has been added. Thank you!
© Bakotech - 2022. All rights reserved

The website uses cookies to deliver services in accordance with the Cookies Policy. You can define the conditions for storing or accessing the cookie mechanism in your browser.

I accept