Secure Internet access is mandatory in a network where QuickBooks operated. Let me give you a quick example of an instance that requires one to seriously consider a Unified Threat Management Scenario to secure your Internet gateway.
Application intelligence and controls are important because HTTP (port 80) has been a common method to bypass security, yet there are other protocols and ports that need to be reviewed in a basic security audit. For example, part of the background process a browser performs when going to http://www.google.com is making a request for the destination IP address of the domain www.google.com. This is similar to making a phone call. Unless you know the persons phone number, you can’t make the call. Domain Name Services (DNS) is the ‘phone book’ protocol of the Internet and is fixed on port 53.
In our example, DNS provides the IP address for www.google.com. A hacker knows this and can get around the security which is focused on the port 80 http traffic by redirecting DNS requests to a rogue DNS server running at a location they control. While a firewall or other device can give a user an IP address and network information via DHCP, the recommended DNS server IP addresses are only that: recommended. The hacker bypasses all security that NGFW offers by tunneling their traffic through special software via DNS (port 53) unfettered. The firewall ‘sees’ the traffic as simply DNS on port 53, with no restrictions.
This technique is especially popular with hackers who want to bypass guest Wi-Fi. The business offering the service will redirect any browser to a web page requesting the user pay for Wi-Fi or acknowledge an acceptable use policy. Most of the time, DNS is needed and is not limited to certain servers.