Dual Firewalls: Security Boost or Waste?

TL;DR

Yes, two firewalls can be better than one, but it depends on how you set them up. Simply stacking them isn’t enough. A well-planned ‘defence in depth’ approach using different firewall types and configurations offers significantly improved cyber security.

Why Consider Two Firewalls?

A single firewall is a vital part of your network security, but it’s not foolproof. Here’s why adding another can be beneficial:

• Increased Protection: If one firewall fails or has a vulnerability, the other provides a backup layer of defence.
• Different Security Approaches: Using firewalls with different technologies (e.g., next-generation firewall and a traditional stateful firewall) catches threats that a single firewall might miss.
• Segmentation: You can use firewalls to divide your network into smaller, more secure zones.

How to Set Up Dual Firewalls Effectively

Just putting two firewalls in series isn’t enough. Here’s a step-by-step guide:

1. Understand Your Network

1. Map your network: Identify all devices, servers, and data flows.
2. Identify critical assets: What needs the most protection?
3. Assess risks: What are the biggest threats to your organisation?

2. Choose Your Firewall Types

Don’t just buy two of the same firewall. Consider these options:

• Next-Generation Firewall (NGFW): Deep packet inspection, intrusion prevention, application control.
• Traditional Stateful Firewall: Basic filtering based on ports and protocols. Good for initial screening.
• Web Application Firewall (WAF): Protects web applications from attacks like SQL injection and cross-site scripting.

3. Configure the Firewalls

1. Firewall 1 (Perimeter/Frontline): This firewall faces the internet.
   • Configure it to block all incoming traffic except what is explicitly allowed.
   • Enable intrusion detection and prevention systems (IDS/IPS).
   • Use geo-blocking to restrict access from countries you don’t do business with. Example using iptables on Linux:

     sudo iptables -A INPUT -s  -j DROP

2. Firewall 2 (Internal/Backline): This firewall sits between your perimeter firewall and your internal network.
   • Configure it to allow only necessary traffic from the perimeter firewall.
   • Implement stricter rules based on application control and user identity.
   • Segment your network using VLANs and firewall rules.

4. Implement a DMZ (Demilitarised Zone)

Place public-facing servers (web, email) in a DMZ between the two firewalls. This isolates them from your internal network.

5. Logging and Monitoring

1. Centralised logging: Send logs from both firewalls to a Security Information and Event Management (SIEM) system for analysis.
2. Alerting: Configure alerts for suspicious activity.
3. Regular review: Analyse logs regularly to identify potential threats and fine-tune your firewall rules.

6. Testing

Don’t assume everything is working correctly! Regularly test your firewalls:

• Penetration testing: Hire a security firm to attempt to breach your network.
• Vulnerability scanning: Identify weaknesses in your firewall configurations and software.

Potential Downsides

• Cost: Two firewalls are more expensive than one.
• Complexity: Managing two firewalls is more complex.
• Performance impact: Firewalls can slow down network traffic, especially with deep packet inspection enabled.