(Page 2 of 2)
4. A firewall should never be installed “out-of-the-box” with its defaults in place. Hackers count on this to be successful, and it is the first weakness they look to exploit. Someone experienced with the specific firewall, or at least trained on it, should be responsible for installing, configuring, and implementing it.
5. A trusted employee should be designated to maintain the firewall. Often, upgrades or patches are issued by the vendor to plug security vulner-abilities. Many organizations fail to implement these fixes, and hackers know it. Any upgrades or fixes should be installed as soon as they are available. Always keep the firewall current.
6. Have your firewall tested! There is no other way to determine if your firewall will do its job. You do not want to find out that your firewall has holes in it after some hacker got into your proprietary systems and stole or destroyed your data. Test the system first so you know where the weaknesses are before the hackers do. Then plug the holes.
Hire an independent third-party to perform penetration testing or a vulnerability audit of your system. Don’t try to do this yourself. A third-party that specializes in penetration testing will be able to probe your firewalls for weaknesses that hackers could exploit. Professional security testers will do a much better job of identifying these weaknesses than you could on your own. Just as you would use an independent accountant to audit your financial statements, use an outside professional to audit your security.
Contrary to popular myth, most hackers are not computer geniuses who can crack any system on earth. They are more typically opportunists with too much time on their hands. They tend to exploit known weaknesses in systems and look for obvious vulnerabilities. If they cannot breach a system after a number of tries, they will move on to easier prey.
So the more difficult you can make it to penetrate your firewall, the better the odds that the hackers will decide to seek an opportunity elsewhere. And of course, the best way to dissuade hackers is with a properly configured, well-maintained, and up-to-date firewall that has been tested and adjusted to eliminate any vulnerabilities.
Michael Harden is president of CyberGuardian Inc., Fairfax, Va.