Firewall What is it? Do we need one? Oxford Hills School District - - PowerPoint PPT Presentation

▶

Dec 19, 2023 283 likes •506 views

Firewall What is it? Do we need one? Oxford Hills School District March 5, 2018 What is a firewall? Term first used in 1851 Henry Ford used them to protect passengers from engine fires, smoke and heat. Computer networks: a part of a

SLIDE 1

Firewall

What is it? Do we need one?

Oxford Hills School District • March 5, 2018

SLIDE 2

What is a firewall?

Term first used in 1851 Henry Ford used them to protect passengers from engine fires, smoke and heat. Computer networks: a part of a computer system or network that is designed to block unauthorized access while permitting authorized communication.

SLIDE 3

SLIDE 4

What is a firewall for the internet?

Data firewalls protect machines, people and data on inside from uglies on outside. Allows good stuff to pass through Firewalls distinguish themselves by their ability to:

discern the good from the ugly
detect when risky data is leaving the protected zone (DLP)
detect and prevent zero-day exploits
and much more

SLIDE 5

Ugly stuff

Viruses Bots Ransomware DDoS attacks Phishing (r.colpitts@msadl7.org) "Dark Overlord" targeting school districts

SLIDE 6

Our firewall history

WatchGuard for a number of years. Too slow, too old. Untangle until two years ago. Became a bottleneck. Crashed frequently. Currently have very limited protection from the NetworkMaine router. Currently protecting payroll via private IP. SIS is protected by NAT and InfiniteCampus.

SLIDE 7

Is there a cyber threat?

Yes. See http://map.norsecorp.com

SLIDE 8

Yes, we have a problem

In the past year, of the 74 most common exploit kit and payload infection paths,

99% of them used evasion techniques.1

Attackers release 360,000 new malware samples every day.2
The number of records exposed by data breaches totaled over 174 million3 and

the average cost of breaches was $3.6 million. The cost of cleaning up a small business after it has been hacked is $690,000.4

1 Minerva Labs Research Report 2 Infosecurity Magazine: 360K New Malware Samples Hit the Scene Every Day 3 Identity Theft Resource Center 4 2017 Ponemon Cost of Data Breach Study

SLIDE 9

Security team

Fortunately, I have a large security team! Staff and students A bit of regular training is needed.

SLIDE 10

Un-Security team

Unfortunately, I have a large un-security team! Staff and students A bit of regular training is needed.

SLIDE 11

Firewall features not security related

Traffic composition Traffic shaping, quality of service (QoS) Google integration Switch and/or WAP integration Reporting

SLIDE 12

Firewall on our network

One hour's usage 1/19/2018 7:30am-8:30am

SLIDE 13

Firewall on our network

15 minutes of usage 1/19/2018 8:30 - 8:45AM

SLIDE 14

Firewall on our network

One hour's usage 1/19/2018 7:50am-8:50am

SLIDE 15

SLIDE 16

User activity

From 6:45AM 2/15 through 6:30AM 2/16 Why a peak at 8:00PM?

SLIDE 17

This is more detail...

02/15 19:30:00- 02/15 20:29:59 Exacqvision is security camera video traffic. 2 users.

SLIDE 18

Threat activity

From 6:45AM 2/15 through 6:30AM 2/16

SLIDE 19

High level report

Firewall demo installed in tap mode 21 page report produced analyzing one week of HS traffic in January Good news: no malware detected Bad news: lots of threats, CnC traffic detected

SLIDE 20

Firewall reviews

ERate supported* Conferred with 7 vendors Released RFP for each of 6 vendors Developed feature matrix Arrived at rank order of firewalls excluding cost Added in cost to find best mix of features and cost Recommend to Board Budget Committee for inclusion in budget

*Up to ERate limit of $157,000 for HS, but that has to include WiFi also!

SLIDE 21

Conclusions

Yes, we need a very serious firewall Yes, we can afford a good one Having a firewall is no guarantee of safety! Questions?