The increasing complexity of networks, and the need to make them more open due to the growing emphasis on and attractiveness of the Internet as a medium for business transactions, mean that networks are becoming more and more exposed to attacks, both from without and from within. The search is on for mechanisms and techniques for the protection of internal networks from such attacks. Two of the most significant mechanisms used for protection from such attacks are: Firewalls and Antivirus software. Firewalls and antivirus software are an essential part of a comprehensive cybersecurity strategy, they play different but complementary roles in protecting computer systems and networks from various types of cyber threats.
Firewall
A firewall acts as a barrier between a trusted internal
network and an untrusted external network. It monitors and control incoming and
outgoing network traffic based on predetermined security rules. A firewall is a
computer, router or other communication device, or a collection of components
that filters access to protected network. All traffic from inside to outside,
and vice-versa, must pass through a firewall, but only authorized traffic
defined by the local security policy is allowed to pass. Firewalls are becoming
more sophisticated by the day, and new features are constantly being added.
Firewalls have important benefits to organizations’ networks
such as:
- Restrict
traffic based on company’s policies;
- Log
and inspect incoming and outgoing traffic;
- The
keep lists of allowed sources of traffic for fast message exchange;
- The
block out malicious traffic types or malicious sources;
Other benefits are as highlighted:
- Network
segmentation- Separate internal networks for increased security.
- Access
Control- Control which applications and services can communicate with the
network.
- Protection
against unauthorized access- Block unauthorized access attempts.
There are 2 categories of firewalls that exist in the
cybersecurity space. These are:
- Hardware
firewalls:
- Hardware
Firewall is a physical appliance that sits in-between the uplink and the
client system, that filters what traffic gets through based on
pre-configured security policies, user profiles, and business rules
- They
might be built into the router, it’s a portable computing system, and
comes with onboard memory.
2. Software Firewalls:
This are firewalls in a software form factor rather than a
physical appliance, which can be deployed on servers or virtual machines to
secure cloud environments. They are designed to protect applications such as:
- Hypervisors
- Public
clouds
- Branch
offices
- Containers
- Software-Defined
Network (SDN)
These are software applications that are installed on
individual devices.
Further, the two categories of firewalls are divided into
various approaches. These approaches are:
- Packet
Filtering:- This approach inspects each data packet and decides whether to
allow or block it based on predefined rules.
- Stateful
Inspection:- This is where the antivirus tracks the status of active
connections and make decisions based on the context of the traffic.
- Proxy
Service:- This type acts as an intermediary between the user’s device and
the Internet, routing requests on the user’s behalf.
- Application
Proxy:- It uses a proxy that understands the application protocol and
data, and intercepts any information intended for that application.
- Circuit
Proxy:-This proxy replaces the original address with the address of the
intended destination. It conceals the IP address of the target system.
Antivirus Software
An antivirus(AV) software protects against malicious software
(malware) such as viruses, worms, Trojan horses, and spyware. It also
continuously monitors files and activity on your computer for signs of malware.
This software is designed to detect and remove viruses and other kinds of
malicious software from your computer devices.
Features of an antivirus
- Signature-based
detection-It identifies known malware bases on predefined signatures
gathered by the antivirus company. Once a new malware has been determined,
a proper signature of the file is extracted and added to the signature
database of the AV software.
- Behavior
Analysis-This detects suspicious behavior that may indicate the presence
of new or unknown threats.
- Heuristic
Analysis-Virus researchers find common areas that all viruses in a family
share uniquely and can thus create a single generic signature, based on
slightly different strains called variants.
Benefits of having an antivirus
An antivirus is useful to both individual users of computer
device as well as advantageous to small and large companies. These advantages
are explained as below:
- Prevention
and Removal:-Prevents malware infections and removes malicious software if
detected.
- Scheduled
Scans:-Allows users to set up regular scans to ensure ongoing protection.
- Automatic
Updates:-Regularly updates virus definitions to stay current against new
threats.
Limitations
As much as antivirus software are beneficial to users, they
have some limitations in the detection and preventions techniques on the
devices:
- Non-inclusive-
Antivirus software cannot detect all types of malwares, especially new and
advanced variants.
- False
Positive- Sometimes a legitimate file may be incorrectly identified as
malicious.
Firewalls and antivirus software play an important role in protecting computer systems and networks. A multi-layered approach that includes both components and other security measures improves overall cybersecurity.