What Kind of Firewall Should You Use?
The average computer system left unprotected on the Internet will come under attack within 20 minutes after going online, according to the SANS Institute, a computer security watchdog.
With that in mind, getting a firewall may seem like an easy decision. But, choosing a firewall and figuring out what exactly needs to be protected may be a little more complicated.
A firewall provides a virtual barrier between an outside network (typically the Internet) and a private network or personal computer. It can be used to block viruses, worms, pop-up ads and spam, filter out contact with undesirable websites and protect sensitive files.
There are two kinds of firewalls: hardware and software. Hardware firewalls (sometimes called embedded firewalls, as they are embedded into a router or switch) come housed in appliance form. It’s a device that is typically wired between the network and the gateway to the Internet. Software firewalls are loaded applications used to filter out unwanted traffic coming and going. And like anything else, either kind can cost a lot or a little ranging in price from less than a $100 to more than one hundred thousand dollars. A good mid-level firewall will range in price from about $500 to $1500 and accommodate up to 100 users.
How to choose a firewall
So which type of firewall is better for your business? “I don’t recommend a specific solution until I know what a company needs,” says Joern Wettern, co-author of Firewalls For Dummies. Wettern recommends that before picking out a firewall, a small or mid-size business owner would be wise to inventory what exactly is being protected and what kind of traffic is and isn’t to be allowed.
Here are some criteria Wettern says to consider:
- Is the company network accessing the Internet strictly for surfing only? That being the case, a simple off-the-shelf consumer level software firewall may be all that is needed.
- Is there a corporate website or an e-commerce component to the business? That’s a whole new level of liability, safeguarding customer credit card information for example, and it is far more complicated to protect. Most companies would choose both a hardware router-based firewall, with the added protection of an application-based firewall that does a better job of filtering out viral attacks.
- Does the business have employees that access the system remotely? For example, is there a sales force that is constantly “dialing in from the road?” Virtual private network (VPN) connections to the network present a great vulnerability and require more features in a firewall for full protection. A VPN quarantine feature that screens users for security risks for virus infections before allowing them to login remotely is available on most mid-level firewall products, like Checkpoint or Cisco PIX.
Manage what you have
One of the biggest problems that officials of small companies run into is believing that setting up a firewall is all they need to do to protect their business computers, network and data. Firewalls also need maintenance. “You don’t have to spend a lot, but you do have to take responsibility for it. You have to manage your firewall,” says Ben Rothke, director of security technology implementation at AXA Financial, a New York- based financial institution, and a frequent speaker at industry conferences on network security.
Rothke says that for anything more complicated than basic Web surfing, invest the money in a specialized IT consultant to do the initial set-up. Make sure the firewall is configured properly from the beginning.
At least monthly, he says, check for any new updates or patches and install them immediately. Test the system. There are many websites and programs that offer system checks that will point out the weak links in the network.
Features and pricing are important, but it’s not what determines the quality of a good firewall. In the end, what may matter most is how well a firewall is maintained once it’s in place.