Russia: Do I need a hardware firewall or other tools?

Russia: Do I need a hardware firewall or other tools?

Many users are increasingly unsettled because of Russia’s cyberattacks. Many wonder if you now need another AntiVirus software (article on Kaspersky) and maybe even a hardware firewall.

SPI firewall and incoming connections

Most routers already have a built-in firewall, which of course blocks attacks and requests from the outside. In this case, the router should have an SPI fire wall, which takes a closer look at incoming data packets. Many more expensive and popular routers have this feature by default, but it may need to be enabled.

Windows firewall

The Windows firewall can also provide good bass protection. If the computer does not necessarily need to be accessed by other computers on the network, the default setting for “Public networks” instead of “Private networks” can be used here. This provides slightly increased protection within the network.

Software firewall and outgoing connections

Of course, there can also be threats from “inside”, e.g. from spy software and other tools. Also, from time to time malware contacts a so-called “command and control server” to download new instructions and modules.

The best way to do something against this is to control outgoing connections directly on the computer in question. The Windows firewall only prevents these outgoing connections to a limited extent. A very handy tool for this is TinyWall, which I had already described in another article. Of course, there are other paid solutions here that can also block smarter malware (which masquerades as another allowed program, for example).

Firewall appliances and intrusion detection systems

Besides these cheaper and simpler solutions, there are of course also much more complicated solutions with e.g. pfSense and other special router software which can also detect attackers in the network (intrusion detection). Here, however, much more has to be considered and planned.

Network segmentation

Networks should always be segmented or separated, i.e. a company network should always be separated from the children’s computers. If possible, the guest network and even the WLAN network should also be separated from critical areas.

The goal is to prevent less secure computers from easily accessing important computers within the network. A very simple and fast segmentation can be achieved by VLANs or by using multiple routers. Whereby each router blocks requests from outside the network through its integrated firewall functionality, but requests behind the router to the network in front of it are still possible.

VPN connections

A VPN connection only protects data on the transmission path from the computer to the VPN server (this can be useful in hotel WLANs or abroad, for example).

If the computer itself or the VPN server is compromised, the protection is gone. I also generally advise against using untrustworthy VPN providers, ultimately it is possible for any VPN provider to intercept and manipulate all traffic – even the exchange of SSL certificates is possible. Otherwise, a VPN connection can also be used to authenticate access-authorized clients (e.g. through a firewall). However, the VPN connection must never completely replace authentication. For example, a VPN can be used to enable the “possibility of login itself” in the first place – i.e. the login page can only be opened if the client is also in the VPN.

Furthermore, VPN clients should be prevented from accessing other VPN clients. It must also be prevented that the VPN server and other VPN clients can access the own private network.

Therefore, it is recommended to operate your own VPN server instead of relying on third-party providers.

Protection of DNS queries

DNS queries can be manipulated and intercepted. Therefore, I recommend using secure DNS servers with DNS over HTTPS. This way, the requests are encrypted on the transport route and it is no longer easy for third parties to see which pages are being visited.

Here I recommend the provider NextDNS (article on NextDNS), which also allows the creation of individual filters and rules via its DNS service. This way, many (known) threats can be blocked and talkative manufacturer software can be silenced.

Also, traffic and requests can be better analyzed, which can help to identify and ultimately block problems in your own network.

Other Software

There are many other software solutions to protect against threats. Of course, the use of software from the USA is always a bit suspicious to me. Also, I am not a fan of software that can be managed centrally. This may be practical in larger networks, but in case of a security breach, access to all systems is also safe for an attacker.

Finally, I would like to briefly recommend Hitman Pro Alert from Sophos, which provides many practical functions for exploit defense and risk mitigation.

Of course, with “exotic” software, there may be numerous error messages. Therefore, the software may also make higher demands on users.

Backups

Of course, in the end, it is also important to mention that the most important precautionary measure is backups

Backups should be made regularly and kept in a safe place. Due to the increased threat level, I also recommend additional “offline backups”, i.e. backups on an external hard drive (which is not permanently connected to a computer).

Apart from that, backups should be encrypted and tested regularly, because in a few cases problems only show up when restoring the data.

A very handy tool for backing up entire systems is CloneZilla. The tool creates images of the partition or hard disk for this purpose.

Leave a Reply

Your email address will not be published. Required fields are marked *