Unexpected gains for clients using Sophos Firewalls.

Thu, Jan 31, 2019

Read in 4 minutes

I was noticing that even though we had firewalls. They were really nothing special. Firewall breaches suddenly became a thing. Considering it my weakest point. I called all my computer nerd friends and the competition. Sophos seemed to be my answer. My first deployment with Sophos went to a once small Durable Medical Equipment (DME) company. It had struggle for many years, then one day it started to grow and grow fast. There where new employee being hired and computers being purchased at a steady pace for years. This small family company was really starting to grow at a good and steady pace.

Unexpected gains for clients using Sophos Firewalls.

I must admit that I really liked them on a personal level, but where late paying for a brief time. I had realized around then that loosing clients was ironically a good thing, and I fired one every year. This somehow always turned out to be a good thing for me. A better client almost always came afterward, and I was finally starting to make a real living from the IT startup I jumped feet first into just 5 years prior haveing no clue what I was in for. They where obviously struggling as a family together. Living very a average lifestyle. Then boom. They where suddenly bounced up, and very humble about their success. They very much deserved this just as much as anyone else. I was happy and proud for them. I was also revealed that my effort keeping our relationship good paid off. Its really been the only time ever.

At this time in early 2018 firewalls seemed like a week spot that was getting PWNED and always in the news. I decided that this was going to be what I focused on as my ever evolving always changing IT landscape project.

Sitting at the edge of the network and rarely configured or monitored for active compromise, the firewall today is a vulnerable target for persistent and targeted attacks

Exploiting the firewall beachhead: A history of backdoors into critical infrastructure.

The little DME company by this time had moved to a much larger space, and just as soon as they got there. They where already starting to outgrow it. They had issues with the internet going out all the time, and needed a fail-over internet. It just so happens I am going to increase the availability of the internet by doing a dual LAN project, and putting a big upgrade in network security at the same time.

When I installed and configured the firewalls I was able to see things about what was going on that I was sure was happening, but now its in my face. We had 6 people playing you-tube videos for the music. That Facebook was being used way to much. I watched the traffic for about a week. Then I slammed the entire office down to only being able to do their jobs. I explained to the family that there was way to much entertainment going on at work. Job hunting. Playing games. People where taking advantage of their kind nature, and I became the bad guy. I was not familiar with how to use this new firewall. So I continued to work on the firewall for a few days. Getting everything smoothed out. Security can be a process sometimes. They also where able to work more having a constant internet free from frequent outages.

Policies where created and assigned everyone. Then I was able to give all the owners free roam with the exception of known trash sites. Everyone else had very limited access to the internet. Realizing that some of the staff needed more permissions to work on continuing education and the such. I approved and let the hard workers work hard. Giving some freedom back. Not everyone was not abusing the relaxed environment. The ones who where I turned into the guy that needed hater-raid poured all over because I took the gaw to control and shape the traffic. The funny part is the least of the productive people complained. The hard workers didn’t get bothered. Someone told me it was not as easy to get distracted.

I was constantly asked questions about why can I not do this, or why cant I check my personal mail. The owner can use Facebook and I am blocked. Usually I would reply. “Is there something keeping you from doing your job?” The answer was always “No.” Then I would say back. “Soooo.. I am not sure what the problem is?” Then walked away. I gave no mind to it. I work for the people that write the checks, and there is where my loyalty is. My job is never ever to trust the employees. No matter how well they are liked. That is just how it is, and I went from upgrading the security of an office of 25 employees to not only increasing security but overall productivity in several unexpected ways.