By: Mark Roberts, Systems Administrator, APG EMEA
Cyber attacks often target retailers because retailers process a lot of personal data from payment cards that can be used for identity theft, fraud and other nefarious purposes. This puts a lot of pressure on retailers to maintain a strong security posture, and a big part of that is to properly configure your firewalls.
While “firewall” is a common term, not everyone fully understands what it does in the context of cybersecurity. Firewalls block networks and devices from unwanted traffic while also preventing users and devices from accessing dangerous or unsavory content. As such, firewalls act as both inbound and outbound sentries that protect your network from malware infections, intrusions and data theft.
But just throwing up a firewall isn’t enough. Firewalls aren’t static. They must be maintained and updated to prevent new threats. Here are eight important considerations in firewall configuration and maintenance:
- Traffic Cop
Think of the firewall essentially as a traffic cop that decides what data enters and exits your network. You get to decide how narrow or broad the cop’s authority is. Firewalls can be configured to keep malware from getting in and to prevent connections from within the network to infected websites and applications that can introduce viruses into your environment.
- Multiple Functions
Firewalls come as either standalone or components of larger security solutions. Depending on your specific security setup, the firewall can focus just on the content filtering piece or be configured to also perform functions such as intrusion prevention, VPN tunneling and antivirus software. Which approach makes sense depends on other security controls you implement.
- Network Segentation
Network segmentation is a critical firewall function. Some systems don’t need to communicate with each other, and the firewall makes sure it doesn’t happen. For instance, email and many back-office applications shouldn’t be connected to the POS or card-processing systems. Linking them creates security vulnerabilities that hackers can exploit, which is why segmentation is necessary.
- Network Updates
Any change that occurs in your network may affect firewall settings. For instance, if you decide your business needs a faster internet connection by replacing DSL with fiber or dedicated Ethernet, the firewall needs to be reconfigured to reflect the change. Neglecting to update a firewall configuration is bound to create vulnerabilities that lead to network breaches and data theft.
- PCI requirements
Retailers that process payment card data have to adhere to PCI (Payment Card Industry) standards, some of which relate specifically to firewall configurations. PCI DSS guidelines deal with what kind of data can flow in and out of retailer’s network, security controls for connecting to payment card processors, VPN rules and content filtering.
- The Right Match
What kind of firewall you should use – whether software or hardware, standalone or part of a security solution – comes down to your business needs. Even small retailers may need enterprise-grade firewalls and routers with advanced features. Buying a security appliance off the shelf is not usually the best approach; it’s best to consult with a POS or IT reseller to determine which solution best meets your needs.
When configuring firewalls, it’s a good idea to document everything, including the password and a list of contacts and account numbers that may be necessary when calling the phone company or service provider with issues. Having detailed documentation can be especially helpful if a technician visits your site for troubleshooting.
- Ongoing Process
Firewalls are not “set it and forget it” solutions. They must be updated regularly to fend off new threats and to protect new devices and applications that are added to the network. As the network changes, so must the firewall.
A properly configured firewall can spare a retailer a lot of pain. Be sure to follow these recommendations to secure your environment. For more on how to secure retailer networks, click here.