Tag: configurations

The C Word…Configuration – Ping Podcast – Episode 28

Episode 28: The C Word…Configuration

What is the key to unlocking your firewall’s best security and performance? It starts with a C. On this episode of Ping: A Firewalls.com Podcast, Kevin & Andrew talk about configurations with Firewalls.com’s own Anthony Mercho. Anthony discusses why it’s best to skip the configuration wizard and why configurations are never one-size-fits-all. Plus, we delve into why you need regular updates and some of the biggest culprits for problems. Oh, and learn who should do your configuration if you want it done right (hint: it’s probably not yourself).

Learn where to get a professional configuration.

In cybersecurity headlines, we talk about a survey showing small business employees don’t trust their bosses on cybersecurity. Then we hear about a former member of Uber’s leadership team facing charges for covering up a hack. And we double down with a story about CEOs of the future may face issues themselves when breaches occur.

Finally, it’s Ransomware Reckoning #2. This time, our other Andrew tells us about an attempted attack on Tesla.

How to listen

Listen to Ping – A Firewalls.com Podcast using the player above…

Or just about anywhere you prefer to listen to podcasts (Apple Podcasts, Pandora, Spotify, Google Podcasts, Stitcher, OvercastTuneIn, iHeart, Pocket Cast, Castro, Castbox, PodchaserYouTube, and of course via RSS, to name a few). Moreover, please remember to subscribe or follow where you can to get the latest episodes as soon as they’re released. And please rate and review us as well!

Missed our previous episodes? You can get them anywhere you listen to podcasts, or go to our full episode list.

Learn even more about network security through our blog, which features new content every week.

New episodes are usually released every other Wednesday. Have a special request for a topic or a question for our network engineers to address? Email us at podcast@firewalls.com and it could be on our next show. Thanks in advance for any listens, follows, subscribes, reviews, comments, shares, and generally spreading the word!

Data Breach Reminds: Configuration Is Key

An Unfortunate Reminder

If we’ve said it once, we’ve said it 1,000 times – and we’ll keep saying it: the right configuration is key for your network to be fully secure. We had another reminder this week, with news of a data breach affecting Capital One in which a hacker gained access to more than 100 million credit card applications and accounts, in what CNN calls, one of the biggest data breaches ever. Capital One had security measures in place, but the breach still occurred. So how did the hacker get through? A misconfigured web application firewall.

Misconfiguration Opens the Door

More specifically, according to the criminal complaint filed by the U.S. Department of Justice, “a firewall misconfiguration permitted commands to reach and be executed by [a specific] server, which enabled access to folders or buckets of data in Capital One’s storage space at the Cloud Computing Company.” Unfortunately, this is all too common. According to Gartner, 99% of successful network breaches can be attributed to a misconfiguration of the firewall.

The DOJ complaint alleges the hacker gained access multiple times over a few months. It wasn’t until Capital One received an anonymous tip that the company became aware of the data breach. That means the stolen personal information – which included approximately 120,000 social security numbers, more than 75,000 bank account numbers, and millions of names, addresses, and birth dates – was available to the highest bidder for quite some time.

Not only was the firewall misconfigured, the theft was not quickly detected. Those are two expensive issues you don’t want your network to have. Capital One expects to spend $100 to $150 million in costs related to this data breach.

How Can I Prevent a Breach?

So how do you prevent the same thing from happening to you? Get a professional configuration with ongoing management of your network. Our network engineers provide personalized solutions based on your unique needs, ensuring optimized performance and security. Once your configuration is complete, they offer managed security services that take the burden of everyday monitoring, patching vulnerabilities, threat detection, and more away, allowing you to rest assured that the security of your valuable data is in the hands of top-notch, certified professionals. And anytime you have a question, they’ll be there at our Security Operations Center to help.

LEARN MORE ABOUT OUR PROFESSIONAL CONFIGURATIONS

If you want to take a crack at a configuration on your own, we can help with that, too. Our configuration checklist takes you on a deep dive through the complexities of the configuration process and helps you keep your settings, rules, and hierarchies organized. Did we mention it’s FREE to download?

 

*If you’re a Capital One customer and think you may be affected by the data breach, here are some steps you can take.