"Never change a running system. You wouldn't believe how many times I've had to listen to that one! In IT, however, this sentence has no place at all and is simply used by many for convenience. Of course, we have all had bad experiences with an update where nothing worked afterwards or where one problem was fixed but two new ones appeared. Of course it can be expensive, because a professional has to do it.
Nevertheless, someone who does not update his firewall has probably not fully understood the principle of "security".
In this blog article, I'll look at updating the Sophos firewall and why it's so important.
Why are updates on the Sophos Firewall so important?
The answer to this question depends of course strongly on what you expect from your firewall. I assume that most of you buy or already use a firewall to protect your company or home network from Internet threats. Therefore, it is also essential to keep a firewall always up to date with the latest software technology. New security vulnerabilities are discovered every day, which your firewall needs to know in order to guarantee the basic need, namely protection. A firewall lives on updates!
Let's look at a concrete example. Here you can see the dashboard of a Sophos SG 310.
The red highlighted 23 updates are hard to miss, aren't they? Let's take a look at what a firewall looks like as a doorkeeper on your network in this state. As you can see from the "Version information ", the UTM version 9.210-20 is currently installed. This results in the following:
- SSL Heartbleed Security hole not yet patched
- Poodle Security hole not patched
- XSS Security hole not patched
- Miscellaneous OpenSSH security updates not made
And these are only the worst and most important threats. Altogether there are over 3'500 changes, which were not made on the system in our example. In addition, the license has expired, causing the firewall to pause various security mechanisms and no longer receiving pattern updates from Sophos.
Appearances are deceptive...
You may think to yourselves: "What does the guy here write about updates, my system is up to date, all updates are installed. Nothing can happen to me."_ But if it looks like on the next screenshot, you have quite different problems. ;-)
For all readers who are now looking at the screenshot and don't quite understand what I'm getting at, I'll explain it briefly. This is a dashboard of an Astaro firewall (Astaro was acquired by Sophos in 2011). Support for version 7 of the Astaro Security Gateway was already discontinued on December 31, 2012. Therefore, this version will never indicate any updates again.
Ich möchte damit einfach darauf hinweisen, dass auch wenn ein System keine Updates mehr bekommt, es dadurch nicht unbedingt auf dem neusten Stand ist.
The fact that Windows XP, for example, no longer receives updates is not due to the fact that it does not need any more, but because it has not been officially supported by Microsoft since April 8, 2014.
Updates are not everything
So that you can really achieve the most effective protection with a firewall, on the one hand the OS on the firewall must be up-to-date and on the other hand all security updates must be installed regularly. But that's not all. If you are responsible for a firewall, you must be able to configure it correctly. There are no benefits if created firewall rules show into Nirvana or important security features are not activated. You have to know all the features of the firewall, because a bad or faulty configuration can also have a negative effect on a network.
I hope that all of you are aware that a firewall without updates cannot provide up-to-date protection. Configuring a firewall and keeping it up to date is no piece of cake, even if Sophos wants to make us aware of it with its slogan "Security made simple". The 1-Click update button can be pressed with relatively little effort, but this is no guarantee that everything always runs smoothly. Updates are important, but for the administrator they are in most cases connected with work. Nevertheless, you should drop the convenience and either take responsibility yourself or hire a professional.
If you buy a firewall to be protected, you have to know that the installation alone is not enough. A firewall needs regular maintenance. You should log on to the system from time to time, perform updates, look through logs, start a threat analysis and, and, and...
For those who do not wish to set up and maintain their Sophos Firewall themselves, we offer convenient Maintenance contracts. Or would you like a protection that your firewall is configured correctly? On request, we will be happy to take a closer look at your firewall and perform a "security check".