“Never change a running system”. You wouldn’t believe how many times I’ve had to listen to this saying! In IT, however, this sentence has lost nothing at all and is simply uttered by many out of sheer convenience. Of course, we have all had bad experiences with an update, where nothing worked anymore or one problem was solved, but two new ones appeared. Of course, it can be expensive because a professional has to be involved.
Despite all this, someone who does not update his firewall has probably not fully understood the principle of “security”.
In this blog article I’m going to talk about updates on Sophos Firewall and why they are so important.
Why are updates on Sophos Firewall so important?
The answer to this question, of course, depends heavily on what you expect from your firewall. I assume that most of you buy or already use a firewall to protect your company or home network against threats from the Internet. Therefore, it is also essential to always keep a firewall up to date in terms of software. New security holes are discovered every day, and your firewall needs to know about them in order to guarantee the basic need, which is protection. A firewall lives on updates!
Let’s take a look at a concrete example. Here you can see the dashboard of a Sophos SG 310.
I guess the 23 updates highlighted in red are hard to miss, right? Let’s take a look at what a firewall looks like as a bouncer on your network in this state. As you can see from the “Version information”, UTM version 9.210-20 is installed at the moment. This results in the following:
- SSL Heartbleed Security hole not yet patched
- Poodle Security hole not patched
- XSS Security hole not patched
- Various OpenSSH security updates not done
And these are only the worst and most important threats. In total, there are over 3,500 changes that were not made on the system in our example. In addition, the license has expired, which means that the firewall has paused various security mechanisms and no longer receives pattern updates from Sophos.
Appearances are deceptive…
You may be thinking to yourselves: “What is this guy writing about updates, my system is up to date, all updates are installed. Nothing can happen to me.” However, if it looks like the next screenshot, you have completely different problems. 😉
For all readers who now look at the screenshot and don’t quite understand what I’m getting at, I’ll explain briefly. We see here a dashboard of an Astaro firewall (Astaro was acquired by Sophos in 2011). Support for version 7 of the “Astaro Security Gateway” was already discontinued on December 31, 2012. Therefore, this version will never point to any updates again.
I would simply like to point out that even if a system no longer receives updates, this does not necessarily mean that it is up to date.
The fact that Windows XP, for example, no longer gets any updates is not because it no longer needs them, but because it has not been officially supported by Microsoft since April 8, 2014.
Updates are not everything
In order to achieve the most effective protection with a firewall, the OS on the firewall must be up to date and all security updates must be installed regularly. But that’s not all. Whoever is responsible for a firewall must also be able to configure it correctly. It is no use if created firewall rules point to nirvana or important security features are not activated. It is necessary to know all the functions of the firewall, because a bad or incorrect configuration, can also have a negative impact on a network.
Hopefully, each of you has become aware of the fact that a firewall cannot provide up-to-date protection without updates, based on my examples. Configuring a firewall and keeping it up to date is no walk in the park, even if Sophos wants us to believe that with its slogan “Security made simple”. The 1-click update button can be pressed with relatively little effort, but that is no guarantee that everything always runs smoothly. Updates are important, but in most cases they involve work for the administrator. Nevertheless, you should put aside the comfort and either take responsibility yourself or otherwise hire a professional.
Anyone who buys a firewall to be protected must know that installing it alone is not enough. A firewall needs regular maintenance. You should log on to the system every now and then, perform updates, review logs, run a threat analysis and, and, and….
For those who do not want to take care of the setup and maintenance of their Sophos Firewall themselves, we offer convenient maintenance contracts. Or would you like some assurance that your firewall is configured properly? Upon request, we will be happy to take a closer look at your firewall and subject it to a security check.