Network Firewall Security: Stop Port Forwarding

Broken red lock cybersecurity concept on a wall with blue padlocks in a row.

As a Massachusetts-based company, and as a managed IT provider, we look out for our clients’ best interests all the time. By giving them the best firewall, antivirus, defenses, and technology, we make sure their networks are safely secured and keeping their intellectual property in their control. It’s all part of our managed IT support. However, we can only keep secure what our clients don’t open up intentionally. Hence this blog and its straightforward plea.

The Rise of the Remote Desktop

Over the years people have needed to get into the network utilizing the Internet. Luckily companies like Microsoft, Apple, and more have made it easy to access your systems by remote. Some easier than others. A common method is to utilize a utility such as a remote desktop, VNC, or some variant thereof.

The Easy Shortcut of Port Forwarding

In order to get into the network and to access its resources, a lot of people utilize port forwarding. Port forwarding is entering into your NAT’d (network address translation) router and allowing outside access to internal resources. What this basically does is this: it bypasses all security, all settings, and gives you a direct drop with no security nor control into the network. This makes access of your workstation easy and access to your network resources simple.

And Why You Shouldn’t Take Shortcuts

And that is why it must stop. The same ease-of-use in simplicity is currently being exploited around the globe by hackers, state agents, and so forth. Port forwarding is a disaster. Your firewall becomes useless, your passwords exposed, and if they’re in your network a complete and total takeover of disastrous proportions from somebody who should be there.

What Happens If I Leave Port Forwarding On?

So, what are the consequences of not securing your network and leaving port forwarding in place? The security consequences are intense and vast. Viruses are being developed all the time to take advantage of open Remote Desktop ports, weak encryption, weak passwords, weak firewalls, and weak routers.

Hackers, Ransomware, and More

As soon as the exploit is detected, an automated system will begin penetrating your network and finding how to get in. Once those hackers are in, they automatically encrypt your hard drive and present a ransom (learn more about ransomware in our blog, Managed IT Works: Especially Against Ransomware Like Petya). Most of the time, they want a Bitcoin or some other cryptocurrency that prevents government tracking in its entirety. They are hard to trace and nearly impossible to recover. This happens every minute of every day.

Question: What If I Don’t Want to Firewall?

Firewalls are solid security if you don’t port forward through them, but some businesses will ask about the need for a firewall at all. “What if I don’t want to firewall? The stuff that I have on my network isn’t that important.” In response to that, it’s important to understand that Massachusetts has some strict data law:

Under Mass General Law 201.CMR.17:
Subsection: 17.04/6

“(6) For files containing personal information on a system that is connected to the Internet, there must be reasonably up-to-date firewall protection and operating system security patches, reasonably designed to maintain the integrity of the personal information.”

That is the actual law. If you contain any personal information about any citizen of the Commonwealth of Massachusetts, you are required to take all proactive, defensive procedures in order to secure your data. If you have as a business any information about your clients, you need to secure it. You can read the full set of Massachusetts’ laws on the Protection of Personal Information here.

Keep Your Firewalls Up, Your Data Safe

As you can see below:

Image of firewall with no ports forwarded.

At our firewall, we have absolutely no incoming ports whatsoever. Our firewall becomes a black hole of the Internet and nothing ever response. You need to know how to access our network in order to get into it. This is the standard default defense for people with firewalls, and it should be for you.

The only way to do that is to utilize firewalls and VPNs. Port forwarding literally invites criminals into your network to take it over. If you’re interested in learning more about firewalls, how to set up secure remote desktops, and complying with Massachusetts or your own state’s data laws, contact Triton Technologies. We can help.