WHAT IS EMAIL BOMBARDMENT?

-
Image
An email bombing is an attack on your inbox that involves sending massive amounts of messages to it. Sometimes these messages are incomprehensible. But more often, they will be confirmation emails for newsletters and subscriptions. Thus, in the latter case, the attacker uses a script to search for forums and newsletters on the internet. Then they sign up for an account with your email address. Each will send you a confirmation email, asking you to confirm your address. Also, this process is repeated on as many unprotected sites as the script can find. The term Email Bombing or Email Bombing; it can also refer to flooding an email server with too many emails. In an attempt to overwhelm the server and disable it. But that's not the goal here; it would be a challenge to cut down on the modern email accounts used. Meanwhile, Google or Microsoft email servers, anyway. So instead of a denial of service (DOS) attack; against the email servers you are using. Also, the flood of messages...
2 comments

WHY FIREWALL IS IMPORTANT IN ORGANIZATION

-

The importance of information for the achievement of objectives in organizations, has meant that it is considered in many cases as the most important asset. Due to the value attributed to it, it is subject to various threats such as theft, counterfeiting, fraud, disclosure and destruction, among many others.

why firewall is important in organization
The risks to which such information is exposed lead to the need to develop trustworthy environments, but achieving this is a complex and multifactorial problem. For this reason, we have developed security approaches such as defense in depth (defense in depth), which aims to protect the information through the application of controls in different layers.

One of these layers is the perimeter, the logical boundary that divides the corporate network from other networks, including the Internet. In the so-called perimeter security, the firewall continues to be in force as a protection mechanism for networks and has been an essential element since its appearance 25 years ago.

Why Do Companies Need A Firewall?

Let's review first, what does this term refer to? It is a software or hardware tool whose purpose is to filter the connections that enter the internal network of the organization, as well as the network connections that go to the outside of the organization. It is implemented as a logical access control mechanism.

In this way, it prevents Internet users who have not been authorized to enter the company network from having access to it or from members of the organization accessing external services for which they have not been authorized.

So where does the importance of this lie? The firewall operates as a filter that examines all packets going to the corporate network and compares the information in the header with previously established rules. If the IP address and port are valid according to the rules, the packet is delivered, otherwise it is discarded. The same operation is performed with the packages that are sent from the interior to the Internet.

Therefore, by discarding packets that are not allowed and consequently avoiding connections that are not valid according to the rules, the firewall can prevent the spread of malicious code through the network, unauthorized access or possible intrusions of third parties to the corporate network.

However, it will not be able to protect against threats such as phishing or scam, since for the vast majority of organizations email is essential in their operations, so it is not blocked. Nor can it protect against a malware infection, whether it arrives as an attachment or through removable media.

Now, how are the filtering rules defined? Basically, connections are allowed or denied based on criteria and rules that are defined. If a restrictive approach is applied, all connections are blocked except those that are explicitly allowed. On the other hand, if you use a permissive approach, all connections are accepted except those that are explicitly restricted.

The firewall configuration depends largely on the approach used, as well as the services that are offered, the services required by the members of the organization to carry out their tasks, and the assets that are intended to be protected.

Understanding the Importance of the Firewall

The firewall continues to be a highly used security mechanism in companies. According to the study, 76.6% of the executives surveyed in 14 countries in the region affirmed having a solution of this type, which places it in second place if we talk about the most used security controls, after antivirus.

The above, due to the benefits it provides in terms of protection, mainly by filtering external connections that some types of malicious software such as worms, viruses or botnets usually make. Also, avoid the connections of possible intruders in the network or as a security measure to control connections to the outside.

Its evolution in these 25 years

Since its appearance, the firewall has evolved offering different protection features:

The first type developed was called for packet filtering (packet filter), and operates basically as described above: all packets arriving to the network and inspected according to the filtering rules, packets are accepted or discarded. To make the decision, it is verified if the basic information of the packet such as the source and destination address, the protocol or the port, complies with the established rules or policies.

The second feature developed firewalls is known as stateful inspection (stateful inspection). Unlike the first type, the packets and the status of the connections that pass through it are tracked. In this case, only packets that match an active connection that has been recognized as legitimate are allowed to pass; all other packets are rejected.

The third type is known as filtering application (application filtering) and its main feature is that it detects whether a desired connection is not trying to avoid through an IP address and a valid port, according to the set rules. In other words, it is capable of controlling specific applications, since in addition to checking the packet header, it also checks its content.

In recent years, people began to talk about new generation firewalls (NGFW), which must have additional functionalities to those described above. Although the new features it should have not yet been fully defined, it is expected to combine the capabilities of Intrusion Prevention Systems (IPS) , as well as their integration with other technologies, as well as broad and deep packet inspection. In the different layers of the OSI model.

A single control is not enough

Despite the benefits that we have reviewed, firewalls are a solution applied only to one of the layers described in the in-depth security approach, so it must currently be complemented with other security controls regarding perimeter security, including Intrusion Detection Systems (IDS) or IPS.

In the same way, the other levels considered in layered security must be included , which can lead to the application of other controls necessary for companies such as antivirus, antispam , practices such as data backup and encryption, double authentication solutions, even security solutions for mobile devices when they are used to access the corporate network.

We continue to see the evolution of this security mechanism, which remains in force as one of the fundamental elements for security management, and which currently should not be lacking when the purpose is to protect assets and mainly information in organizations.

Comments

Post a Comment

Popular posts from this blog

WHAT IS EMAIL BOMBARDMENT?

-
Image
An email bombing is an attack on your inbox that involves sending massive amounts of messages to it. Sometimes these messages are incomprehensible. But more often, they will be confirmation emails for newsletters and subscriptions. Thus, in the latter case, the attacker uses a script to search for forums and newsletters on the internet. Then they sign up for an account with your email address. Each will send you a confirmation email, asking you to confirm your address. Also, this process is repeated on as many unprotected sites as the script can find. The term Email Bombing or Email Bombing; it can also refer to flooding an email server with too many emails. In an attempt to overwhelm the server and disable it. But that's not the goal here; it would be a challenge to cut down on the modern email accounts used. Meanwhile, Google or Microsoft email servers, anyway. So instead of a denial of service (DOS) attack; against the email servers you are using. Also, the flood of messages...
Read more

TESTING THE ANTIVIRUS THAT YOU USE

-
Image
Have you ever wondered how antivirus is tested before it is available on the market? The truth is that, despite what you may think at first, these applications pass a series of tests that have the mission, obviously, of verifying their effectiveness. Well, for most IT security vendors these assessments are now out of date. Testing an antivirus before its launch is something that is done regularly. Thus, the AV Tests (name by which the aforementioned tests are known) allow users to choose which antivirus they want to install on their computers, knowing what their main characteristics are and what they protect against. So far everything normal. So what is the problem? Some manufacturers of security solutions have raised their voices against the fact that these tests are “not modernized”. In what sense? Some companies claim that, although the complexity of security applications has grown considerably in recent times, when conducting evaluations they do not test the new technologies w...
Read more

WHAT IS PAZERA TROJAN AND HOW TO AVOID IT

-
Image
Pazera Trojan is a recently discovered computer malware that spreads in active attack campaigns. The current wave of infections is due to a complex Android mobile threat, including this Windows-based malware. The mechanisms of infection depend on the manipulation of the victim. Once installed on a given computer, the built-in engine will lead to many dangerous actions. Read our in-depth analysis of the samples and learn how to eliminate active infections in this article. Pazera Trojan - Virus Infection Methods The Pazera Trojan is a dangerous threat that is sent as part of a targeted campaign with the main malware being the Trojan. Originally, this has been used in an attack carried out by an Android Trojan, seeking to infect mobile users. Through the elaborate and complex chain of infections, the Pazera Trojan will install itself. Some of the observations made by security experts who analyze this malware are that the main Trojan infection that has been created by an unknown hackin...
Read more