Firewall Configuration for Your Tax Prep Business - Security Six

A firewall is made up of three different types of protection:

• The first type of protection is called inbound protection, which monitors the traffic coming into the computer network and protects the network from malicious attacks.
• The second type of protection is called outbound protection, which monitors the traffic leaving the computer system. An outbound protection component is something that watches the traffic being sent to other computers or networks and prevents unauthorized transmissions.
• The third type of protection is called application layer protection, which monitors specific applications on your computer. Application layer protection watches programs like Internet Explorer and prevents malicious sites from entering your computer.

Why Does a Firewall Matter for Tax Preparers?

As a tax preparer, protecting your clients' sensitive data and personal identifiable information (PII) is crucial. A firewall serves as a critical first line of defense against cyber threats that can compromise the confidentiality and integrity of your clients' data.

A firewall is a security system that monitors and controls incoming and outgoing network traffic based on predetermined security rules. It inspects all traffic to and from your computer or network and blocks any unauthorized access or malicious activity that violates the security policies set by the user.

Tax preparers have a legal obligation to protect their clients' data and comply with IRS regulations. Publication 4557 outlines the necessary security requirements, which include the installation and maintenance of a firewall configuration. The IRS also requires that tax preparers establish policies and procedures for configuring, installing, maintaining, monitoring, testing, upgrading, and disabling firewalls on their computer systems.

A properly configured firewall can prevent unauthorized access attempts, block malicious traffic, and minimize the risk of data breaches, cyberattacks, and identity theft. By implementing strong firewall protection, tax preparers can safeguard their clients' sensitive information and ensure compliance with IRS regulations.

Within A Firewall’s Configuration, You Can:

• Create and enforce a security policy on the network and provide for network monitoring so that policies can be dynamically enforced.
• Allow traffic to flow between two or more networks on some specified terms by specifying rules that define which traffic is allowed and which is not allowed through the firewall based on specific criteria.
• Provide for packet filtering so that different types of data can be selectively handled by defining rules based on the type of data such as web, email, telnet, and ftp.

There Are Many Different Types of Firewalls:

Packet-Filtering Firewall:

This type of firewall is used to block packets that are not allowed through the network. Usually, it is done by examining the IP header of each packet inbound or outbound and making a decision to allow or block it.

A packet-filtering firewall usually has rules in place to allow or deny packets based on the following: source IP address, destination IP address, protocol used, port number on which the packet was received and Source or destination MAC address.  A packet-filtering firewall can be used to create a network segment in which only packets destined for the LAN are allowed through.  A packet-filtering firewall is typically configured to accept all other traffic only after it has been filtered by the rules placed there.

However, depending on the type of packets that are allowed through, this may result in a slower Internet connection for users outside of the LAN because they have to go through the router before being able to reach the LAN.  A router's proxy and firewall capabilities can be configured globally with a set of predefined rules or individually for each port that is allowed through.

Circuit-Level Gateway:

Unlike packet-level firewalls, they read the content of the packet rather than just looking at its header information, and they are able to have a plethora of filters, such as protocol discriminators.  Once a packet is transmitted, these firewalls create a temporary connection (called a virtual circuit) that allows the packet to move from one point to another on the Internet.  The virtual circuits are usually created through some sort of network address translation, which takes the source IP address and translates it into something else for all outgoing packets and then the translated source IP address is used as the destination IP address for all incoming packets.

Stateful Inspection Firewall:

This firewall inspects all incoming and outgoing packets and blocks those that do not comply with an expected protocol or standard.  The state inspection firewall is typically used in conjunction with a stateless packet filter and a proxy server. The proxy server provides a single point of access to the Internet.  The proxy server forwards all packets to the state inspection firewall, which inspects them and if necessary blocks them.  Incoming packets are passed on to the destination host while outgoing packets are returned to the source host through an outbound proxy process.  Unlike other types of firewalls, state inspection is not the primary role of an outbound proxy; it is primarily a packet-forwarding device.

The major benefit of an outbound proxy firewall is that it can appear as a generic IP router on the Internet and other networks in order to collect and forward packets destined for specific hosts or networks, thus acting as an effective load balancer.

The main drawbacks are that proxies are less likely to be able to provide stateful inspection, they cannot filter traffic by application protocols or ports, they cannot filter traffic by source IP address, and they cannot handle non-HTTP or non-TCP traffic.

Depending on the specific implementation, a firewall can be either stateful or stateless. Stateful firewalls are able to inspect application layer protocol fields such as TCP port numbers and state information such as reachability of server contact information.  Stateless firewalls look at only the IP address of packets traveling through them, and compare them with a list of known clients to determine if they are trusted. Stateless firewalls are easier to set up, as they do not require any configuration of existing applications or application-layer protocol mechanisms.  However, stateless firewalls do not prevent hackers from sending crafted packets through them to manipulate traffic between two endpoints.

App-Level Gateway Firewall:

The App-level Gateway firewall is a type of firewall that works at the application level rather than blocking or allowing traffic based on the port it uses. It blocks or allows traffic based on what type of application it needs to interact with. For example, if you are using an email app, then you would need an App-level Gateway firewall in order for the email app to work properly because there needs to be a connection between the app and your email server.

Types of App level gateway firewalls:

1. Network-Based Application Firewalls That monitor network-based traffic destined for the application layer or a specific application.

2. Host-Based Application Firewalls: That monitor all traffic initiated by an application or service on a local computer, system or host.

Next Gen Firewall:

A next generation firewall (NGFW) is a type of firewall that can be used to monitor and control traffic between two networks. The NGFW is a network security system that protects against network intrusions, malware, and other cyber threats.

The NGFW is a hardware appliance or software application that monitors the incoming and outgoing traffic on the network. They are typically installed in front of an organization's perimeter router or at the entry point to the local area network (LAN).

The NGFW can be configured to allow or block certain types of traffic based on its configuration. The NGFW may also have additional features such as intrusion prevention, malware protection, content filtering, web filtering, and more.

The main difference from a traditional firewall is that a NGFW adds additional layers of the OSI model (Open Systems Interconnection) which provides additional filtering of network traffic dependent on package contents.  This deeper inspection checks packet payloads for harmful exploitable attacks and malware.

Get Help with Your Firewall Configuration Today!

Protecting your tax preparation business with a firewall is crucial in today's cyber landscape. It helps safeguard your company's data and PII from unauthorized access, and is a compliance requirement set by the IRS for tax preparers. While the idea of configuring a firewall may seem daunting, it's essential for the security of your business. If you're unsure about how to get started or have any questions, don't hesitate to reach out to a member of our tech team for assistance. Additionally, stay tuned for part 3 of our Security Six series for more tips and information on securing your business.

Part 1 > Part 2 > Part 3 > Part 4 > Part 5 > Part 6