Application: Discover with the Microwall – Check devices in your own network
How it all started: More structure and security in the network
With the Microwall, more complex network structures can be divided into several sub-nets. As a firewall router, the Microwall monitors and controls the communication between the individual network segments. This makes the entire network more secure: the segmented areas are separated from the higher-level (company) network. Attackers or malware that reach a network participant are prevented from spreading by the firewall routers.
The problem: Critical workarounds when creating sharing rules
The strategy of segmentation is now an accepted part of all security concepts and standards. But what does it all look like in practice? Once the machine or system has been successfully connected to its own network segment through a Microwall, the firewall rules must be formulated. When it comes to accessing the machine from “outside,” the question is often relatively simple. It gets more difficult in the opposite direction. Depending on security awareness, one of the two quick emergency solutions is often chosen:
1. The machine is prohibited from making any external connections.
In a few cases this may be successful and work in the company. However, especially with new installations, it is more likely that malfunctions will occur after a short period of time, for example. B. the legitimate search for software updates or other communication required for operation is also blocked.
2. The machine is allowed all external connections.
If you choose this option (perhaps because the first approach failed), the operation will most likely run smoothly, but at the price of a significantly higher security risk. If malware gets onto the machine in any way (e.g. through manipulated firmware updates), it can do its mischief unhindered: further malicious code can be reloaded and sensitive information can be leaked.
The solution: Connection monitoring for improved security
The better approach is to only allow “desired” and verified harmless connections to the outside world. It is precisely for this purpose that the Microwall has Discover-Mode with an integrated DNS-Proxy and the ability to create sharing rules based on host names. All DNS- Requests and the resulting connection attempts of the machine are recorded by the Microwall and clearly displayed on a website. After checking whether it is harmless, a connection can then be adopted as a release rule with a simple click. Any dubious connections will continue to be blocked and can be used for checking or clarification, e.g. B. be forwarded to the manufacturer.