1. Introduction

The integration of Internet of Things (IoT) with smart healthcare devices brought many opportunities and challenges. Healthcare professionals and medical practitioners can monitor their patients remotely and deliver critical medical care using these devices. The digitization and rapid increase of smart healthcare environments offer a wide range of benefits that not only help healthcare professionals and healthcare providers, but also offer better, and around the clock service to patients. Moreover, patients can be monitored remotely, and healthcare professionals can share their experiences in real-time through these interconnected environments. In addition to traditional “information systems” implemented in healthcare networks, the growth of the IoT paradigm allows various mobile devices and sensors to be part of a healthcare network for monitoring these systems and patients in real-time, but also make these networks more vulnerable and increase the probability of cyberattacks [1]. Such attacks usually target sensitive healthcare records that not only affect the safety and privacy of patients, but also threaten the integrity of the data. Each day, thousands of healthcare systems are threatened worldwide, and “invisible” attackers cause irreversible damages. For example, in 2017, the average cost of a single cyberattack in the UK was $8.7 million, while it was $11.5 million in 2018 [2], registering an increase of 31%. Therefore, it is equally important to have proper management and continued monitoring for all healthcare entities. Cybersecurity is an economic, military, and social issue, and securing healthcare systems can essentially be resumed by the respect of three properties: integrity, confidentiality, and availability ^[3][4][3,4].

The landscape of cybersecurity threats and new security vulnerabilities to smart healthcare systems is constantly growing. The effective and efficient use of firewalls reduces the impact of cyber threats on smart healthcare environments. More specially, cloud-based firewalls play an important role while safeguarding cyber-attacks against smart healthcare devices carrying sensitive data and information. Therefore, it is important to have proper firewall placement for a smart healthcare environment to protect against attacks and threats.

Despite providing the various advantages and benefits in securing healthcare systems, firewalls are still vulnerable to attacks. In this paper, we investigate the most known firewall types and their compatibility to smart healthcare environments. Secondly, we provide a brief description of various types of firewalls, along with their working mechanisms and vulnerabilities for these environments. Thirdly, we identify and evaluate the firewall best practices and placement strategies that help in selecting a firewall suitable for smart healthcare environments. Lastly, we summarize the open challenges and provide recommendations for securing smart healthcare environments. The selection of a proper firewall for smart healthcare will not only protect the confidentiality and privacy of patient data, but also improve trust and security.

The rest of the paper is organized as follows. Section 2 provides a review of security challenges for a smart healthcare environment. Section 3 describes the firewall characteristics related to smart healthcare environments. Section 4 describes the firewall placement for these environments. Section 5 highlights the firewall vulnerabilities followed by the firewall best practices for a smart healthcare environment in Section 6 . Similarly, discussion and open challenges are presented in Section 7 . Conclusions from this work are provided in Section 8 .

2. Firewalls Types for Smart Healthcare Environment

The National Institute of Standards and Technology (NIST) Special Publication 800-10 categorizes firewalls into three types ^[5][27]: Packet filtering firewalls; Stateful inspection firewalls; Proxy firewalls (three sub-categories).

The growing use of virtual environments applied to the enterprise network architecture paradigm have widely led to the demand for virtual firewall devices ( Figure 15 ), a software acting as a hypervisor in VMs or kernel modules, instead of physical devices ^[6][7][30,31], which is essentially addressed to those network systems more oriented to virtualized environments. Virtual firewalls were the first generation of devices no longer applicable at the hardware level, but directly within a virtualized environment, typically virtual machines (VMs), finally moving the same solution to cloud computing services. Next-generation firewalls (NGWF) are typically implemented in either PaaS or IaaS systems, while web application firewalls (WAF) are generally found in SaaS platforms and they are sometimes integrated into SaaS firewalls ^[8][9][32,33]. These firewalls are described briefly in the following subsections.

Figure 15. Virtual Firewall Network Topology.

Unlike the other category of cloud firewalls, virtual firewalls apply transversally to all cloud platforms. Virtual firewalls can also protect a broader range of machines, from a single server to a group of virtual servers (this practice is better known as micro-segmentation), applying all firewall rules and security policies automatically to all devices added to the firewall application. In contrast, there are some potential downsides. Firstly, a virtual firewall might not be easy to implement in a Wide Area Network using wireless devices or software-based technology, which requires constant software updates and maintenance support; secondly, like in traditional IT network systems, there is not enough room for customization. Thirdly, the high quality of design standards required may expose cloud networks and security systems to additional (and sometimes unpredictable) design extra charges, and technically speaking, to potential vulnerabilities not easy to fix, especially when systems are hybrid cloud systems, a solution very often taken by those companies gradually moving to the cloud ^[10][11][34,35]. However, virtual firewalls are still smart and portable solutions specifically for smart healthcare, showing very useful benefits, such as: Better potential network performances in speed and connectivity terms due to more flexible positioning attitude and less resource consumption. A best practice can be to set a firewall machine behind each of the VMs, working as a managed kernel process for all running VMs separately ^[12][36]. This configuration should avoid the potential risk of malicious attacks to VMs when sharing network, storage, and computing resources. Virtual firewalls have additional functionalities provided by inter-VLAN (routed) firewalls and NIC-level firewalls, which are directly attached to VM NIC, able to filter ingoing and outgoing traffic through single VMs.

This later classification makes it possible to distinguish these firewalls, which are intended for standard environments, from others that handle additional services capable to integrate cloud platforms. For example, next-generation firewalls offer advanced attack detection and removal features for cloud environments where there are generally more advanced categories and a vast set of attacks. Although this separation, some traditional firewall types, such as stateful inspection firewalls, may also operate in cloud environments since stateful inspection enablement is generally still preferred today and this separation is not necessarily intended for the targeted environments, but essentially due to topology constraints ^[13][14][45,46].

3. Firewall Placement in Smart Healthcare Environment

Firewall technology paved the way in the development of smart healthcare environments and provides smarter solutions in both network architectures and software domains ^[15][55]. The placement of the firewall is an important indicator for deciding on the best firewall type to use. Firewalls are generally used to protect network perimeters, typically at the WAN level. A firewall placed in the wrong layer can get a bad performance, even if the design of that firewall has been previously fulfilled ^[16][56]. The architectural adaptability, on the other hand, involves the minor or major difficulty of a firewall facing a network security architectural change. For example, if the network needs to add a new firewall or create a WAN connection, a suitable firewall is the one that can result in the least number of changes in the existing system. The firewall best practices have been classified using the following metrics: Placement; Architectural adaptability; Automatic update and reaction; Mode of operation; Privacy preservation.

Regarding the firewall placement, stateful inspection firewalls provide optimal performances while the connection has been established. WAF also offers the best performances when positioned closest to the targeted application and just behind load balancers when managing the security of multiple applications. Stateful inspection firewalls may also assume the form of application proxy firewalls under certain circumstances. The high level of architectural flexibility, scalability, and adaptability makes this firewall the preferred solution also for cloud environments ^[16][56]. Figure 28 depicts the high-level abstract of firewall best practices for a smart healthcare environment.

Figure 28. Firewall best practices for smart healthcare environment.

WAF is also particularly flexible in integrating existing architectures and can be configured in learning mode to make a step-by-step updated Access Control Lists. We have learned from the previous section that, in the application layer, we can find boundary checking errors as well as design and validation errors, then requiring additional network management capabilities ^[17][57]. In this regard, stateful firewalls keep any information about each connection state behind the firewall, ultimately informing the system if the test failed and provide potential ways to fix that issue and are successfully extended to heterogeneous networks characterized by modern security features and devices ^[18][58]. As a result, only already established sessions and previously filtered packets would be accepted by the firewall. Consequently, this modus operandi makes this category of firewalls the most preferred among all the other traditional firewalls. Concerning cloud firewalls, the fact that WAF acts directly to the web application and the application layer does not imply serious security constraint, therefore, WAF provides a certain degree of flexibility and attracts decision-makers to opt for this solution. Furthermore, WAF is particularly effective against several vulnerabilities at the data validation level, but they can also interact and collaborate with the source code level, and then switch very quickly from denying rules to a recommended set of policy applicable in the next maintenance windows ^[19][20][59,60]. Some automatic rules (for example against data leakages) are configurable in last WAF application manager interfaces, such as the filtering of comments, which may involve sensitive area (i.e., passwords or other private content), and some parameters are automatically checked by the WAF, with regular ACLs update. Furthermore, WAF provides a self-test for quality assurance when new versions of the application have been released. Regarding privacy best practices, stateful inspection firewalls have some extra ability, and intelligent states allow manipulating information when applications are connected to it, such as the encryption mode. This is a robust security state allowing to preserve the information when new sessions have been established. Conversely, WAF firewalls can force SSL mode in the function of the encryption strength previously defined ^[21][61]. Following this survey, stateful inspection and WAF firewalls are generally the most advised category of firewalls for cloud environments. As seen in previous sections, they are neither exempt from challenges, further required improvements, nor extra features to broadly cover residual vulnerabilities, but concerning the application of best practices in these firewall categories, satisfactory results in targeted environments can be made.

Moreover, it has been seen that cloud networks suffer a larger number of security threats than traditional networks, meaning that firewall policy and rules should be frequently reviewed and updated according to the requirement of smart healthcare environments. More specifically to the network security domain, autonomic computing invests an important role to promote best practices in security automation facing multiple threats and different defense models. Firewalls have also been impacted by this paradigm and best practices mainly involve the automatic update of firewall rules and policies. From a functional point of view, the operating mode of a firewall describes the two general different concepts for a firewall to act ^[22][62]: Not allowed means denied. Not specifically denied means allowed.

4. Firewall Vulnerabilities

The classification of firewall vulnerabilities may help to find (quicker) any potential issue exposing a network system to security concerns throughout the use of that firewall policy. Common issues generally include wrong configurations, design errors, or misleading firewall configurations and settings; thus, disclosure of poor and unsatisfactory security policies ^[23][65]. Even worse, a misconfigured firewall may leave the system, which is supposed to be protected, exploited from the outside. Vulnerabilities, such as validation or design errors, are generally associated with IP and port filtering practices. When an error occurs, the probability of a malicious event or an attack (e.g., DDoS issue) increases accordingly. Moreover, a vulnerability belonging to the first layers of the OSI model (e.g., Layer 3) is still present in other layers touched by that application. In other words, layers are correlated with each other, and vulnerabilities cumulate throughout the layers. Vulnerabilities follow the fault classification scheme ^[24][25][66,67]. Spurious, misplaced, missing, and incorrect entities are erroring whose corrections may require an insertion, a change, or removal of an entity from the original source code to fix that vulnerability. Some common vulnerabilities affecting both hardware and software firewalls are troubles in rejecting policy for illegitimate network traffic, ignoring rules for malicious threats, lack of security rules for domestic network traffic, then causing insider attacks. Vulnerabilities typically affecting only software firewalls are any malicious action aiming to bypass the firewall by exploiting it at the application layer (application control, masquerade, prevent loading, firewall uninstall, etc.), or any attempt to move the application of the firewall at a lower level, such as the network layer ^[26][68].

Firewall vulnerabilities can be resumed into two big categories: (a) vulnerabilities related to design constraints and limitations; (b) vulnerabilities related to misconfigured firewall policy and rules. While in the second category, best practices can potentially fix the vulnerability assumed in that system (soft vulnerability), vulnerabilities of the first category are typically due to design/topology issues, then best practices can only be applied at the source (hard vulnerability), by providing, for example, a new design of the firewall ^[26][68]. Firewall engineers should always avoid the first category of vulnerabilities that happen after the testing stage of the product cycle has been validated. As a result, software firewalls disclosing hard vulnerabilities in production environments will no longer be used, and then uninstalled, and firewalls that are more effective will be considered. Table 12 provides the most frequent and common firewall vulnerabilities in the function of the firewall type(s) by cause, effect, and fix remedy of the issue found. For example, an issue, such as the validation error, occurring when a program is running in an environment regardless of the correctness of the data introduced in that environment (cause), is strictly related to a DDoS issue (effect). Likewise, firewall design errors (cause) lead to issues in the execution of codes (effect) ^[27][69].