Set out to find the right firewall, but you don’t know where to start? There are thousands of options in the market and you might feel discouraged. But believe me is not so complicated.
In fact, if you are reading this post on your computer or mobile, then you are probably using some kind of firewall. If you are connected to the Internet then the ISP (Internet Service Provider), Wi-Fi router or Windows Firewall PC, might be filtering your connection.
"But you want to add an extra layer of protection to keep your sensitive data away from nasty cyber thieves"
Then you are in the right place. This tutorial will define the basics of firewalls and help define your requirements so that you can choose the right firewall for your network.
The original meaning of the word “Firewall” refers to a wall used to protect sensitive areas of a building in case of a spreading fire. Consequently a firewall in the IT world is a virtual wall that keeps your internal network protected from any malicious activity coming from the Internet or other sources.
In other words, a firewall keeps the network secured by controlling outbound and inbound network traffic. To do this an administrator has to define the rules that dictate how traffic is handled by the firewall. The firewall allows all packets that obey the rules and discards packets that contradict them.
One of the core benefits of a firewall is the ability to filter traffic in order to protect the network. With a firewall in the right place, you can specifically control what the network users are able to send and receive from the Internet
All firewalls work under some sort of firewall software and all firewall software needs to be hosted in hardware. But the terms hardware/software mentioned in the title are used for different purposes, mainly to distinguish between products.
A hardware-based firewall (or appliance) requires a bit more adjustment. It needs to be plugged into the network, configured with basic information and rules must be clearly defined. An example of an appliance can be either a Cisco ASA 5500-X or FortiNet FortiGate. Appliances vary in size and can be used for any type of network. Software-based firewalls (or host-based) on the other hand are intended for different purposes.
Firewalls such as Norton Security Premium are usually designed for individual users or small networks. For that reason host-based firewalls are cheaper and even free (for example Windows Firewall automatically comes with MS Windows). These types of firewalls are easier to implement as usually come with pre-defined rules and just need basic adjustment.
Either an appliance or a host-based firewall, it has the same objective in mind: Inspect traffic and avoid threats into the network. It is easy to make the following assumption: “Firewalls equal security”.
We believe that installing a firewall will save our battle against hackers and get rid of all malware.
But choosing a wrong firewall or performing a bad implementation can create unexpected problems, such as traffic bottlenecks, low network usability or may even expose critical data to the Internet. To avoid this, it is essential to specify the requirements before acquiring your new firewall.
No matter if a firewall is a piece of hardware or software; they work under different underlying traffic inspection technologies.
Below is a list with the basic types:
Is a firewall the only option to protect a network? NO, firewalls are not the only players in the security field.
Today we are starting to see more advanced security capabilities built into a single box. Intrusion Detection and Prevention Systems (IDS/IPS), Honeypots, Antiviruses/Antispyware can perform very specific tasks.
But as everything they also have weaknesses, for example an Intrusion Detection System (IDS) might be the best option against hackers, but is usually costly and complex to implement. Antivirus appliances are great to protect from worms and Trojans but they might know nothing about a Denial-of-Service attack.
On the other hand, a firewall with basic functionality, right resources and the right configuration can work miracles. It can stop a Denial-of-Service DoS attack, deny unauthorized users from accessing the network, prevent a data leakage and even help against viruses. To keep up with competition most firewall vendors are adding simple features that are not related to firewall activities, but can be really impact security. The following is a list with 4 of the most common ones:
Outside the technologies and features available in the market, it is important to know the current network state and define exactly what you need. Below are three questions that can help you be more confident when choosing the right firewall. Answering these questions can help you know your requirements and find the right balance between cost and benefits.
So what are the most recognized brands of firewalls in the market? There are products aimed for enterprises and others aimed for Small Office Home Offices (SOHO). These products can take the shape of an appliance or a host-based firewall.
If you have a large number of users or your bandwidth is really high, then an enterprise firewall might be the right choice. Enterprise solutions can cover a large amount of users but at a much higher cost. For small networks, less than 50 users and limited amounts of memory requirements, a SOHO firewall might be enough.
There is a large diversity of firewall producers out there. NGFW (Next Generation Firewalls) and UTM (Unified Threat Management) devices are considered the new firewalls and can integrate many security services into one platform. The list below mentions some popular Firewalls, NGFW or UTMs found in the market.
Note: None of the above link is paid/affiliate
You have understood the basic functionality of the firewall; now you know the differences between hardware or software firewalls and enterprise or SOHO. Armed with your requirements you can begin to give shape and define the firewall that will meet your needs.
This firewall tutorial is just the tip of the iceberg. Don’t be afraid to ask questions to the vendors and continue educating yourself on the subject. If you liked the tutorial please share it and let us know your comments and suggestions.
Muhammad Asfand Yar, or Asfand as his friends call, is Author cum Owner of List Enthusiast. Blogging is his old new-found love. He writes to boost his Knowledge - and yours too. He usually remains in front of computer screen - even when he isn't writing any Blog post - doing computer programming. C++ is his passion. Catch him on twitter @asfandyar12.