UNDERSTANDING FIREWALLS AND ANTIVIRUSES

UNDERSTANDING FIREWALLS AND ANTIVIRUSES

The increasing complexity of networks, and the need to make them more open due to the growing emphasis on and attractiveness of the Internet as a medium for business transactions, mean that networks are becoming more and more exposed to attacks, both from without and from within. The search is on for mechanisms and techniques for the protection of internal networks from such attacks. Two of the most significant mechanisms used for protection from such attacks are: Firewalls and Antivirus software. Firewalls and antivirus software are an essential part of a comprehensive cybersecurity strategy, they play different but complementary roles in protecting computer systems and networks from various types of cyber threats.

Firewall

A firewall acts as a barrier between a trusted internal network and an untrusted external network. It monitors and control incoming and outgoing network traffic based on predetermined security rules. A firewall is a computer, router or other communication device, or a collection of components that filters access to protected network. All traffic from inside to outside, and vice-versa, must pass through a firewall, but only authorized traffic defined by the local security policy is allowed to pass. Firewalls are becoming more sophisticated by the day, and new features are constantly being added.

Firewalls have important benefits to organizations’ networks such as:

  1. Restrict traffic based on company’s policies;
  2. Log and inspect incoming and outgoing traffic;
  3. The keep lists of allowed sources of traffic for fast message exchange;
  4. The block out malicious traffic types or malicious sources;

Other benefits are as highlighted:

  • Network segmentation- Separate internal networks for increased security.
  • Access Control- Control which applications and services can communicate with the network.
  • Protection against unauthorized access- Block unauthorized access attempts.

There are 2 categories of firewalls that exist in the cybersecurity space. These are:

  1. Hardware firewalls:
  • Hardware Firewall is a physical appliance that sits in-between the uplink and the client system, that filters what traffic gets through based on pre-configured security policies, user profiles, and business rules
  • They might be built into the router, it’s a portable computing system, and comes with onboard memory.

     2. Software Firewalls:

This are firewalls in a software form factor rather than a physical appliance, which can be deployed on servers or virtual machines to secure cloud environments. They are designed to protect applications such as:

  • Hypervisors
  • Public clouds
  • Branch offices
  • Containers
  • Software-Defined Network (SDN)

These are software applications that are installed on individual devices.

Further, the two categories of firewalls are divided into various approaches. These approaches are:

  1. Packet Filtering:- This approach inspects each data packet and decides whether to allow or block it based on predefined rules.
  2. Stateful Inspection:- This is where the antivirus tracks the status of active connections and make decisions based on the context of the traffic.
  3. Proxy Service:- This type acts as an intermediary between the user’s device and the Internet, routing requests on the user’s behalf.
  4. Application Proxy:- It uses a proxy that understands the application protocol and data, and intercepts any information intended for that application.
  5. Circuit Proxy:-This proxy replaces the original address with the address of the intended destination. It conceals the IP address of the target system.

Antivirus Software

An antivirus(AV) software protects against malicious software (malware) such as viruses, worms, Trojan horses, and spyware. It also continuously monitors files and activity on your computer for signs of malware. This software is designed to detect and remove viruses and other kinds of malicious software from your computer devices.

Features of an antivirus

  1. Signature-based detection-It identifies known malware bases on predefined signatures gathered by the antivirus company. Once a new malware has been determined, a proper signature of the file is extracted and added to the signature database of the AV software.
  2. Behavior Analysis-This detects suspicious behavior that may indicate the presence of new or unknown threats.
  3. Heuristic Analysis-Virus researchers find common areas that all viruses in a family share uniquely and can thus create a single generic signature, based on slightly different strains called variants.

Benefits of having an antivirus

An antivirus is useful to both individual users of computer device as well as advantageous to small and large companies. These advantages are explained as below:

  1. Prevention and Removal:-Prevents malware infections and removes malicious software if detected.
  2. Scheduled Scans:-Allows users to set up regular scans to ensure ongoing protection.
  3. Automatic Updates:-Regularly updates virus definitions to stay current against new threats.

Limitations

As much as antivirus software are beneficial to users, they have some limitations in the detection and preventions techniques on the devices:

  1. Non-inclusive- Antivirus software cannot detect all types of malwares, especially new and advanced variants.
  2. False Positive- Sometimes a legitimate file may be incorrectly identified as malicious.

Firewalls and antivirus software play an important role in protecting computer systems and networks. A multi-layered approach that includes both components and other security measures improves overall cybersecurity.

Post a Comment

Post a Comment

Previous Post Next Post