Forget the “Great Firewall,” your local community might not see your safe content

You’ve got safe content but you can’t get through the firewall—what do you do?

Very simply, firewalls protect your network from unauthorized access by cybercriminals. They are used by small and large businesses as well as educational institutions. In some cases, firewalls can span across an entire country like China’s “Great Firewall”

The Great Firewall is a security initiative managed by the Chinese government and its goal is to monitor and censor what can or cannot be seen through an online network in China. It works like any other firewall, but on a state level. While the U.S. doesn’t have a great firewall, it is useful to know how your local firewall works to avoid tripping the safeguard.

So how do you break through—without breaking the rules?

Firewalls rely on threat intelligence. They compare traffic against databases of known malicious signatures and if a match is found, the firewall will block the traffic. Often times firewalls will block uncategorized traffic because it cannot verify its safety based on its standard rules and database.

Here are a few common red flags picked up by most firewalls:

1. Unknow or new traffic: If your traffic is unknown or from a new destination it will be likely get blocked.

2. Encrypted Traffic: If your traffic is encrypted (like HTTPS) and the firewall is not configured or lacks the capability to perform deep packet inspection, it could be flagged as unknown or suspicious.

3. Internal Application Misconfigurations: A legitimate internal application may be just misconfigured. This can cause it to generate traffic that doesn't fit established rules.

4. Unexpected Behavior: Traffic patterns that deviate significantly from a user's or system's normal activity (anomaly-based detection).

False positives are a growing problem within the cybersecurity community. It’s a problem that’s been around for as long as the internet itself. A study in 2007 out of the University of California, Berkley found that about 23-24% of “clean” webpages were blocked in error. While firewalls can be useful, it lacks the contextual reasoning to decide if what it is blocking is truly malicious or truly safe. This means that you could have legitimately safe content that ss being blocked from the community.

The Bottomline

Create Specific Rules (if legitimate): If the traffic is legitimate but uncategorized, create a specific, tightly defined firewall rule to allow it (e.g., by source, destination, port, and application path), ensuring it doesn't open up broader vulnerabilities.

The takeaway? If your content is safe, people deserve to see it.

Let’s Build a Safe Site Together!

Sources:

https://www.lupovis.io/the-dangers-of-false-positives-in-cybersecurity-and-how-to-avoid-them/#:~:text=In%20fact%2C%20another%20study%20found,false%20positives%20they're%20seeing

https://businessinsights.bitdefender.com/every-hour-socs-run-15-minutes-are-wasted-on-false-positives

https://www.cisa.gov/news-events/news/understanding-firewalls-home-and-small-office-use

https://www.fastvue.co/fastvue/blog/what-your-school-firewall-can-tell-you-about-e-safety-and-what-it-cant/#:~:text=3.,overwhelming%20staff%20with%20false%20alarms.

https://www.stat.berkeley.edu/users/stark/Preprints/filter07.pdf

https://www.fortinet.com/resources/cyberglossary/what-does-a-firewall-do#:~:text=Firewalls%20protect%20your%20network%20from,rogue%20activity%20throughout%20your%20network.

https://cs.stanford.edu/people/eroberts/cs181/projects/2010-11/FreeExpressionVsSocialCohesion/china_policy.html

https://www.paloaltonetworks.com/cyberpedia/what-is-a-firewall#:~:text=Firewalls%20also%20rely%20on%20threat%20intelligence.%20They,is%20found%2C%20the%20firewall%20blocks%20the%20traffic