Category Archives: News

News

Securing Networks: Evaluating Hardware Firewalls

Read Time:6 Minute, 3 Second

The content of this post is solely the responsibility of the author.  LevelBlue does not adopt or endorse any of the views, positions, or information provided by the author in this article. 

In today’s digital world, where digital threats loom large and data breaches are a constant concern, safeguarding your business network is vital. In the collection of cybersecurity tools at your disposal, hardware firewalls are a fundamental defense mechanism for organizations. This article delves into the pros and cons of hardware firewalls, examining their importance in network security, possible disadvantages, and factors to consider when implementing them.

Advantages of Hardware Firewalls

Enhanced Security

At its core, the primary function of a hardware firewall is to filter incoming and outgoing network traffic based on preset security rules. This proactive filtering mechanism serves as a defense against unauthorized access attempts, malware, and other cyber threats. Unlike software firewalls that operate at the operating system or application level, hardware firewalls are positioned at the network level, providing a layer of protection for all devices connected to the network.

Comprehensive Network Traffic Filtering

Hardware firewalls offer traffic filtering capabilities beyond basic packet inspection. They can perform deep packet inspection (DPI), which examines the contents of data packets to identify and block malicious payloads and/or suspicious activities. DPI allows for more granular control over network traffic, enabling administrators to enforce strict security policies and detect sophisticated threats that may evade conventional cybersecurity measures.

Scalability and Performance

Designed to handle large volumes of network traffic, hardware firewalls are well-suited for large scale environments such as enterprise networks or data centers. Their robust processing capabilities and dedicated hardware components ensure minimal impact on network performance even under heavy load conditions. This scalability makes hardware firewalls an ideal choice for organizations experiencing rapid growth or operating in high-demand sectors where uninterrupted network availability is critical.

Ease of Management

Once configured, hardware firewalls typically require minimal ongoing maintenance and management. They operate independently of individual devices within the network, reducing the administrative burden on IT personnel. Centralized management dashboards provided by many firewall vendors assist in policy deployment, monitoring of security events, and updates to ensure the firewall remains up to date with the latest threat intelligence.

Segmentation and Network Isolation

Hardware firewalls aid in network segmentation by separating one network into several zones that each have their own unique security needs. This division assists in preventing security breaches and minimizing the effects of potential intrusions by separating critical assets or sensitive data from less secure parts of the network. It also enables organizations to apply access restrictions and establish customized security measures according to the specific requirements of individual network segments.

Protection for IoT and BYOD Environments

As the Internet of Things (IoT) and Bring Your Own Device (BYOD) trends continue to increase, hardware firewalls play a critical role in securing these endpoints. Organizations can reduce the likelihood of unauthorized access or vulnerability exploits by separating IoT and personal devices into different network zones. Hardware firewalls create a separation between these devices and the central network, guaranteeing that network security is not compromised by hacked IoT devices or devices owned by employees.

Disadvantages of Hardware Firewalls

Initial Cost and Investment

Implementing a hardware firewall entails significant upfront costs, including the purchase of hardware devices, licensing fees for advanced features, and installation costs. For small businesses or individuals with limited budgets, these costs may present a barrier to adopting hardware firewalls, especially when compared to more affordable software-based alternatives or basic router firewalls.

Configuration Complexity

Configuring and managing a hardware firewall requires specialized knowledge and expertise in network security principles. Administrators must carefully define and implement security policies, configure rule sets, and ensure compatibility with existing network infrastructure. Misconfiguration of firewall rules can inadvertently block legitimate traffic or leave network vulnerabilities exposed.

Single Point of Failure

Despite their advanced design, hardware firewalls represent a single point of failure within the network architecture. Malfunctions, hardware failures, or exploitation of vulnerabilities in the firewall itself can compromise network security and disrupt operations. To mitigate this risk, organizations should consider implementing redundancy measures such as high availability configurations or failover mechanisms to ensure continuous protection and minimal downtime.

Limitations in Mobility and Remote Access

Hardware firewalls are primarily designed to protect static network boundaries and might not provide security measures for users connecting to the network from remote or mobile locations. Remote workers and mobile devices often need access to a Virtual Private Network (VPN) and cloud-based security solutions for effective security. This restriction requires a comprehensive strategy for network security that combines various layers of protection in different access points and surroundings.

Potential Performance Impact

While hardware firewalls excel in data processing with minimal latency, security elements like deep packet inspection (DPI) can slow down network performance, especially in strict security settings or high-traffic conditions. Administrators need to strike a delicate balance between security needs and performance factors to uphold network efficiency while still upholding security measures.

Considerations for Implementing Hardware Firewalls

Assessing Security Requirements

Prior to implementing a hardware firewall, companies need to complete a comprehensive evaluation of their security needs, such as data sensitivity, regulatory obligations, and potential threats. This evaluation assists in identifying the necessary firewall functionalities, like VPN support, intrusion prevention systems (IPS), application control, and content filtering, customized to reduce specific risks and improve overall network security.

Integration with Existing Infrastructure

Compatibility with existing network infrastructure, including routers, switches, and other security appliances, is crucial for seamless integration and interoperability. Hardware firewalls should work alongside current security measures to strengthen them, all while maintaining network operations and keeping connectivity between internal and external segments secure.

Training and Skill Development

Investing in training and skill development for IT personnel is crucial due to the complexity of firewall configuration and management. Training programs or workshops provided by firewall vendors that are certified can give administrators the skills and know-how required to efficiently install, supervise, and resolve issues with hardware firewalls. Ongoing education keeps security policies up-to-date and in line with changing cybersecurity risks.

Monitoring and Maintenance

Regular monitoring and proactive maintenance are essential for ensuring the long-term efficiency of hardware firewalls. Monitoring tools offer insight into network traffic, security incidents, and firewall efficiency measures, allowing administrators to quickly identify irregularities, unauthorized access attempts, or possible security breaches. It is important to promptly install scheduled firmware updates and security patches to address vulnerabilities and keep the firewall strong against new threats.

Regulatory Compliance and Data Privacy

Compliance with industry-specific regulations and data privacy laws is crucial for organizations in regulated industries like healthcare, finance, and government sectors. Hardware firewalls are crucial in protecting sensitive data, ensuring data integrity, and showing compliance with security controls and audit trails.

Conclusion

Hardware firewalls are a fundamental part of network security systems, providing extensive defense against various cyber threats and allowing for scalability, high performance, and centralized management features. Yet, incorporating them involves factors like high upfront costs, intricacy of setup, and possible constraints in mobility or remote access. By considering the pros and cons described in this article and following best practices for deploying and managing firewalls, businesses can improve their cybersecurity stance and effectively reduce risks in digital environments.

Read More

News

National Public Data Published Its Own Passwords

Read Time:4 Minute, 53 Second

New details are emerging about a breach at National Public Data (NPD), a consumer data broker that recently spilled hundreds of millions of Americans’ Social Security Numbers, addresses, and phone numbers online. KrebsOnSecurity has learned that another NPD data broker which shares access to the same consumer records inadvertently published the passwords to its back-end database in a file that was freely available from its homepage until today.

In April, a cybercriminal named USDoD began selling data stolen from NPD. In July, someone leaked what was taken, including the names, addresses, phone numbers and in some cases email addresses for more than 272 million people (including many who are now deceased).

NPD acknowledged the intrusion on Aug. 12, saying it dates back to a security incident in December 2023. In an interview last week, USDoD blamed the July data leak on another malicious hacker who also had access to the company’s database, which they claimed has been floating around the underground since December 2023.

Following last week’s story on the breadth of the NPD breach, a reader alerted KrebsOnSecurity that a sister NPD property — the background search service recordscheck.net — was hosting an archive that included the usernames and password for the site’s administrator.

A review of that archive, which was available from the Records Check website until just before publication this morning (August 19), shows it includes the source code and plain text usernames and passwords for different components of recordscheck.net, which is visually similar to nationalpublicdata.com and features identical login pages.

The exposed archive, which was named “members.zip,” indicates RecordsCheck users were all initially assigned the same six-character password and instructed to change it, but many did not.

According to the breach tracking service Constella Intelligence, the passwords included in the source code archive are identical to credentials exposed in previous data breaches that involved email accounts belonging to NPD’s founder, an actor and retired sheriff’s deputy from Florida named Salvatore “Sal” Verini.

Reached via email, Mr. Verini said the exposed archive (a .zip file) containing recordscheck.net credentials has been removed from the company’s website, and that the site is slated to cease operations “in the next week or so.”

“Regarding the zip, it has been removed but was an old version of the site with non-working code and passwords,” Verini told KrebsOnSecurity. “Regarding your question, it is an active investigation, in which we cannot comment on at this point. But once we can, we will [be] with you, as we follow your blog. Very informative.”

The leaked recordscheck.net source code indicates the website was created by a web development firm based in Lahore, Pakistan called creationnext.com, which did not return messages seeking comment. CreationNext.com’s homepage features a positive testimonial from Sal Verini.

A testimonial from Sal Verini on the homepage of CreationNext, the Lahore, Pakistan-based web development firm that apparently designed NPD and RecordsCheck.

There are now several websites that have been stood up to help people learn if their SSN and other data was exposed in this breach. One is npdbreach.com, a lookup page erected by Atlas Data Privacy Corp. Another lookup service is available at npd.pentester.com. Both sites show NPD had old and largely inaccurate data on Yours Truly.

The best advice for those concerned about this breach is to freeze one’s credit file at each of the major consumer reporting bureaus. Having a freeze on your files makes it much harder for identity thieves to create new accounts in your name, and it limits who can view your credit information.

A freeze is a good idea because all of the information that ID thieves need to assume your identity is now broadly available from multiple sources, thanks to the multiplicity of data breaches we’ve seen involving SSN data and other key static data points about people.

Screenshots of a Telegram-based ID theft service that was selling background reports using hacked law enforcement accounts at USInfoSearch.

There are numerous cybercriminal services that offer detailed background checks on consumers, including full SSNs. These services are powered by compromised accounts at data brokers that cater to private investigators and law enforcement officials, and some are now fully automated via Telegram instant message bots.

In November 2023, KrebsOnSecurity wrote about one such service, which was being powered by hacked accounts at the U.S. consumer data broker USInfoSearch.com. This is notable because the leaked source code indicates Records Check pulled background reports on people by querying NPD’s database and records at USInfoSearch. KrebsOnSecurity sought comment from USInfoSearch and will update this story if they respond.

The point is, if you’re an American who hasn’t frozen their credit files and you haven’t yet experienced some form of new account fraud, the ID thieves probably just haven’t gotten around to you yet.

All Americans are also entitled to obtain a free copy of their credit report weekly from each of the three major credit bureaus. It used to be that consumers were allowed one free report from each of the bureaus annually, but in October 2023 the Federal Trade Commission announced the bureaus had permanently extended a program that lets you check your credit report once a week for free.

If you haven’t done this in a while, now would be an excellent time to order your files. To place a freeze, you’ll need to create an account at each of the three major reporting bureaus, EquifaxExperian and TransUnion. Once you’ve established an account, you should be able to then view and freeze your credit file. If you spot errors, such as random addresses and phone numbers you don’t recognize, do not ignore them. Dispute any inaccuracies you may find.

Read More