The Importance of a Layered Approach to Financial Institution Security: Best Practices in Leveraging Firewalls and Encryption
Over the last decade, we have seen major advances in the world of online security, mainly with the development of firewalls and encrypted data options.
Safe Systems hosted a live webinar earlier this month discussing how firewalls, encryption and other online security measures work; why a layered security approach is best in all situations; possible threats to each security measure; and what your financial institution can do to keep your information secure and uncompromised. In case you missed it, here are a few key points from the webinar.
What are firewalls and how did we get to where we are today?
Firewalls became a necessity when banks and credit unions started connecting all of their computers to the same network that was then connected to the internet. Firewalls functioned as the first line of defense – but were nowhere near the caliber of defense we have available today.
When attacks started to occur, it put company computers and the data stored on them in a compromised position. A need arose to come up with appliances that were either in line with the firewall or were an additive to the firewall’s system. The new appliances included IDS/IPS systems, AV Gateways and Web filters – all of which added new layers of security to the firewall.
Today, the latest generation of firewalls, known as Next Generation Firewalls, combines earlier firewall models and offers multiple layers of protection as part of the firewall service. However, some of the additional layers may be included by default and some require extra licensing to take advantage of specific features.
What is the layered security approach and how do today’s firewalls implement that strategy?
What we have learned over the last several years is that security solutions may be incredibly strong in some regards but have gaping holes in others. A layered security approach assists in closing those gaps and lessens the potential risks for an online attack.
What is encryption, how does it work and what can we do better?
Encryption is another aspect of the layered security approach. The two encryption types highlighted in the webinar are Secure Socket Layer (SSL) and Transport Layer Security (TLS), and while they use different nomenclature, the two encryption types are essentially the same – TLS is just a slightly new version.
The goals of TLS:
- Encrypt Data
- Data Integrity
In the last 5 years, there has been major growth in website encryption. It has expanded from being used only when a user types in their username and password to include approximately 90% of the most visited websites today encrypting all of their webpages.
Although having encrypted sites gives users a more secure experience, encryption has some unintended consequences. When traffic is encrypted between the website and the desktop browsing the site, the firewall cannot evaluate the traversing traffic. This means, in the past, a firewall could evaluate a large majority of web traffic. Now, the firewall can only evaluate about 10% of web traffic, because the rest is encrypted.
Bad actors have focused on these security holes and have built their malware to navigate encrypted traffic to get through the firewall and to the workstation. To fight this issue, TLS inspection can be implemented on a Next Generation Firewall to inspect the encrypted traffic passing through on a daily basis.
Today, with TLS inspection, firewalls can get back to inspecting a majority of web traffic farther than just 10% that isn’t encrypted today. This closes a major security gap many institutions may not even know they have.
What steps can you take to increase your online security?
Although there are several ways you can increase your level of online security, as of now, there is no software that guarantees you will not be compromised. However, in addition to encryption, you can take several steps to keep your online presence safe and secure.
A few of the steps you can take to fight malware are:
- Anti-Malware Scanning – an anti-virus engine that came about in the Universal Threat Management (UTM) devices. Anti-malware is a software program designed to prevent, detect and remove malicious software on IT systems.
- Sandbox Analysis Piece – an additive that enables a firewall to analyze a file and determine its risks level. If the file is determined to possibly be malicious, the file can be sent to the sandbox where the file can be detonated. If the file appears malicious after detonation, the file is blocked from being downloaded to the end user. If the sandbox determines the file is likely safe, the file is allowed to pass through the firewall to the end user for us.
To learn more ways to protect your institution, watch our recorded webinar, “Why You Shouldn’t Ignore Encryption.”