Firewalls & Social Engineering: What You Need To Know

TL;DR

Firewalls are not a complete defence against social engineering attacks. They protect your network, but attackers often bypass them by targeting people directly. A strong cybersecurity strategy needs firewalls *plus* user training and other security measures.

What is Social Engineering?

Social engineering tricks people into giving away sensitive information or performing actions they shouldn’t. Common examples include phishing emails, phone calls pretending to be from IT support, and even physical deception (like tailgating into a secure building). It exploits human trust rather than technical vulnerabilities.

How Firewalls Work

Firewalls act as gatekeepers for your network. They examine incoming and outgoing traffic based on pre-defined rules. They can block:

• Known malicious websites
• Suspicious IP addresses
• Certain types of network connections

Think of a firewall like a security guard at the entrance to a building – they check IDs and prevent unauthorized access.

Why Firewalls Aren’t Enough

1. Attackers don’t always need to ‘break in’. Social engineering often relies on getting someone inside your network to willingly grant access or share information.
2. Firewalls can be bypassed. A user might click a link in a phishing email, downloading malware that bypasses the firewall entirely. Or they could give their password to an attacker over the phone.
3. HTTPS traffic is often allowed. Firewalls generally allow secure (HTTPS) connections, but this doesn’t mean the content within those connections is safe. A phishing site can use HTTPS too!

Steps to Protect Against Social Engineering

1. User Training: This is the most important step.
   • Teach employees to identify phishing emails (look for poor grammar, suspicious links, and requests for sensitive information).
   • Explain common social engineering tactics.
   • Run regular simulated phishing exercises to test awareness.
2. Multi-Factor Authentication (MFA): Even if a password is stolen through social engineering, MFA adds an extra layer of security.

   # Example: Google Authenticator or Microsoft Authenticator

3. Strong Password Policies: Enforce strong, unique passwords and regular password changes.
4. Email Security Solutions: Use email filtering services that scan for phishing attempts and malicious attachments.
   • Spam filters can block many obvious phishing emails.
   • Advanced Threat Protection (ATP) solutions provide more sophisticated detection.
5. Network Segmentation: Limit access to sensitive data based on user roles and responsibilities.

   # Example: Restrict access to financial servers to only the finance team

6. Endpoint Detection and Response (EDR): EDR tools monitor devices for malicious activity, even if it bypasses the firewall.
7. Incident Response Plan: Have a plan in place for how to respond to a social engineering attack.
   • Who to contact?
   • What steps to take?

Firewall Configuration Tips (to help, but not solve the problem)

1. Block known malicious sites: Regularly update your firewall’s blocklist.
2. Content Filtering: Block access to websites with questionable content.
3. Intrusion Detection/Prevention Systems (IDS/IPS): These systems can detect and block suspicious network activity.

   # Example: Snort or Suricata rulesets

In Conclusion

Firewalls are a vital part of cybersecurity, but they’re just one piece of the puzzle. Social engineering attacks target people, not technology. A comprehensive approach that includes user training, MFA, and other security measures is essential to protect your organisation.