Don’t get hit by Petya or WannaCry: how to configure your firewall

CorporateNetworkPetyaRansomwareWannaCryXG Firewall

The recent malware outbreaks were the first widespread network worms for several years. But, Sophos firewalls can help stop these sorts of attacks.

The recent WannaCry and Petya malware outbreaks were the first widespread network worms for several years.

Worms differ from regular malware attacks because they can spread by themselves, often without needing any help from users.

Both WannaCry and Petya included what’s known as an network exploit: they sent out malicious network packets to take advantage of vulnerabilities in unpatched Windows computers on the network.

The good news is the IPS engine in Sophos SG and Sophos XG firewalls can help to stop attacks of this sort by watching out for, and neutralizing, malicious packets needed for the worm to spread.

However, there are some things you need to know if you want your Sophos firewalls to block network attacks *inside* your network as well as from outside.

(Spreading inside a network is known in the jargon as lateral movement. Hackers and crooks often use one trick to get in, and then another to find their way around internally.)

To prevent the spread of worms and bots on your network:

  • Reduce the surface area of attack: Review and revisit all port-forwarding rules to eliminate any non-essential open ports. Where possible use VPN to access resources on the internal network from outside rather than port-forwarding.
  • Secure any open ports: Apply suitable IPS protection to the rules governing that traffic.
  • Stay up to date: While we send automatic pattern updates,  it is important to consistently check that your firewall firmware is up to date to ensure the best protection, stability, reliability and performance.
  • Minimize the risk of lateral movement: Segment LANs into smaller subnets and assign those to separate zones that are secured by the firewall.  Apply suitable IPS policies to rules governing the traffic traversing these zones to prevent worms and bots from spreading between LAN segments.

Applying IPS protection to a Firewall Rule doesn’t get any simpler than this.

For more information on how firewalls can help against threats like WannaCry and Petya, listen to our WannaCry Webcast or visit https://community.sophos.com/kb/en-us/124744.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s