Why is it Critical that your Organization have a Firewall?
A firewall is a network security device that continually monitors incoming and outgoing traffic and decides whether to allow or block specific traffic based on a specific set of security rules. A firewall is the first line of perimeter defense for your organization’s computer network against a cyber-attack by establishing a protective barrier between secured and controlled internal networks that can be trusted and untrusted outside networks such as the Internet. A firewall can be hardware, software, or a combination of both. A good firewall will provide a high level of protection and a wide range of options. Many routers and switches have basic security features, and while they may provide Internet access for your network, they most likely will not provide your network adequate protection against the sophisticated level of attacks and threats prevalent in today’s Internet-based computing world. Without a firewall in place, your organization’s network will be very susceptible to threats including security breaches and dangerous malware. Ultimately, these security threats could cost your organization time and money and potentially compromise the security of your internal/client data.
What Factors should your Organization take into Consideration when Selecting a Firewall?
Beyond the level of protection provided, the most important and many times overlooked factor that should be taken into consideration when selecting a firewall is sizing. Sizing should be based on the number of users on your network along with the number of remote users. By failing to take this into consideration, you could end up with an expensive piece of hardware that isn’t capable of providing the bandwidth and throughput needed by your end users. As a result, the efficiency and productivity of your end users is negatively impacted. Often, the features an organization will need most will be bundled with less relevant functionality and offered at a higher price point. This pricing model leaves the buyer with the unappealing options of either buying something that may be out of budget or buying something that may not meet the government’s or non-profit’s needs. Fortunately, there are vendors that offer solutions with baseline functionality that can be customized with modules to meet your specific needs. Different devices have different prices – depending on the functionality they have and how much traffic they can handle. Typically for a governmental or non-profit agency, the budget is often the most significant consideration. However, you should determine the most important features you will need based on your organization’s current and future requirements and resources. Due to the complexity, and range of choices, it is often best to engage an outside technology consultant to assist you in selecting the firewall best for the size and complexity of your network. You will also need to determine whether your organization has the in-house expertise to properly configure and manage it or whether it will require an external technology support provider. In order to get the most out of this investment, a properly trained and experienced security technician is critical to a successful deployment. The technician should also be engaged for ongoing support when updates are released and when issues inevitably arise.
What are the Basic Security Features of a Firewall?
- Border Security – The first level of protection is considered border security. This minimum or baseline form of protection will be offered by all firewalls and will constantly monitor both inbound and outbound network traffic for threats.
- DMZ – Does your organization operate a web server or email server on its premises? If so, you might want to dedicate a certain area of your network as a ‘demilitarized zone’ or DMZ. This type of networking configuration protects the servers in the DMZ and checks traffic to and from these servers along with isolating these servers from the rest of the local area network as much as possible.
- VLANS – If your organization is a large or sprawling network, you should give strong consideration to implementing VLANs (Virtual Local Area Networks). VLANs allow you to group and segregate devices in the same subnet even if the devices aren’t connected on the same router or switch. This is primarily done to contain network data traffic for performance and security reasons.
- ACL – Access Control Lists serve as a filtering mechanism to control and anticipate unwanted traffic by analyzing characteristics such as source, destination or port.
- IDS – An IDS or Intrusion Detection System is a technology that detects potential malicious data traffic in and out of your network. This technology only detects the presence of this type of traffic, but it cannot stop it. For protection, see IPS below in the next section.
- Logging and Alerts – Every type of firewall should have a feature where you can monitor the types of traffic the device is blocking and the kinds of traffic that is permitted through. Also, the notification methods will vary – some will send alerts via SMS while others will rely on email or network broadcast messages. All firewalls should have the capability to alert network administrators in the event of a security breech, attack, or inappropriate/unauthorized use of Internet resources.
What are the Advanced Security Features of a Firewall?
For large governmental or non-profit agencies, there are
more advanced security features that should be implemented:
- VPN or a Virtual Private Network – A VPN encrypts data sent between two or more locations when that data is sent over the Internet or other public network. VPN’s are typically used for staff members working remotely to gain secure access to files and programs on the office network. If your organization has multiple office locations, you can configure a firewall at each location to provide a ‘site to site’ VPN in order to encrypt communications between those locations. Oftentimes, a ‘site to site’ VPN is a more cost-effective option to connect physically separate sites instead of leasing private dedicated point to point connections.
- IPS – An IPS or Intrusion Prevention System is a technology that relies on algorithmic analysis of the data coming in and out of the network to prevent security breaches. Data traffic detected by this technology will be dropped and will never reach the protected network.
- Web/Content Filtering – Through web filtering, policies are established to enable specific websites, URLs, and web content to be accessible by the network’s users. Most firewalls include default web filtering policies that reflect industry best practices.
- E-Mail Protection – Through this feature, the firewall enables the scanning of email attachments and the filtering out of spam emails.
- Malware Protection – Data traffic is analyzed to detect the presence of malware prior to passing the data or web content through to the end user.
- Endpoint Security – Through this type of security, end-user devices on your network such as mobile devices, laptops/desktops and servers are protected via a software package that is managed at the firewall level.
- Application Filtering – This option provides the capability of defining applications that are allowed to traverse the firewalls zones and ones that are not. This is mainly implemented for productivity reasons. For example, you may choose to block all forms of Instant Messaging to the outside world, or you may want to prevent bit torrent applications from downloading content to your network.
In summary, selecting the right firewall is one of the
most critical IT purchases your organization will make. You should carefully
take into your consideration your organization’s size, structure, security
needs and staffing capacity in making this decision.