According to CNN Money, nearly one million malware threats are released every day. Some malware can be prevented with a good firewall. As a small company, understanding firewalls for your business is a mandatory and unavoidable task to achieve your IT Utopia. If you’re not sure where to start, there are some key questions you should think about and have ready for discussion with your potential firewall vendor or integrator. Keep in mind, each environment is unique, and a quality integrator might have additional questions for you. You need to actively engage in any discussions a vendor initiates and answer any questions he or she has.
In this blog, we have compiled a few key things you should know about firewalls, and how to protect your business from unwanted web traffic.
Choose the right firewall for your business size
You need to first determine the kind of firewall you need in your business. If you own a business of any size – from a sole employee and system to large corporate entities – we suggest for a departmental or enterprise firewall. Departmental firewalls can not only protect more than one PC at a time, but can screen network traffic, and have increased reporting capabilities as well.
Enterprise firewalls allow you to manage thousands of users, and offer management tools to configure many firewalls at once.
If you’re a small business we suggest a departmental firewall to start.
Understand outgoing and incoming traffic
Firewalls essentially block traffic by creating a virtual roadblock between good and bad on the internet. Firewalls typically block incoming traffic which is unwanted traffic from the internet into your internal system. Many firewalls also block outgoing traffic whereby your traffic on your internal network is screened before it goes out to the internet.
Some firewalls are more specific and can block network traffic depending on the content going to and from the internet. These firewalls often have virus and email scanning built into the software. However, using additional virus protection software is always recommended. The very best firewalls allow you to see reports of network traffic. These reports can show you who tried to access inappropriate websites, or who is trying to breach your network.
Before adding a firewall, you need to decide the type of traffic you need to block and how you want to manage the traffic going to and from the internet.
One of the first considerations for a firewall or any device that sits at the WAN is the throughput. You’ll need to know your current WAN bandwidth from your provider as well as any burstable limits. For example, you may have a 10mbps link with the capability to burst to 25mbps. Couple that information with any data you have on current usage and then identify potential bandwidth growths in the coming years. You should plan enough room for growth for however long you plan to have that box in place. Look at the stateful throughput and maximum connection numbers on firewalls you’re considering. These numbers will help filter out a bulk of products and models from your potential list and narrow your field to two – three models per vendor.
The next key question will be whether you plan to add additional gateway security services to your firewall or unified threat management (UTM). Most UTMs license security features per box instead of per user, so it’s a great way to add a layer of security for a nominal fee. Common gateway security services are antivirus, anti-spyware, and IDS/IPS. Here’s the important part: If you’re adding gateway security to your firewall, it will affect the performance. Don’t worry; that’s not a bad thing unless you started with too small of a box. Revisit the above question and weed out any boxes that can’t handle security services with the bandwidth you need. Remember to consider your future needs and size appropriately. Look at the UTM throughput numbers for products you’re considering.
Here’s where we get into considerations a lot of people overlook. Check out your current firewall configuration very carefully, and make sure you can identify all the functions it’s currently performing. Of specific note are remote connections, including site-to-site VPNs and remote access VPNs for employees or partners. It’s unlikely your VPN needs will dictate the size of the box, but you may need additional licenses, and in some cases, unique remote access needs require some unique products. If you’re currently supporting remote access via IPsec VPN, you’ll want to understand the impact firewall and VPN client software changes may have on your users. Sometimes it’s more of a headache than you want, but proper planning can help mitigate the level of frustration.
Although rarely an issue in smaller organizations, it’s certainly advisable to be sure any firewalls you’re considering support the appropriate physical connections you need. Most common are gigabit copper ports, but you may need a firewall that supports expansion or flex modules for SFP/fiber, T1, or ADSL connections.
Get the details right
Shopping for a firewall can be daunting. The items outlined above are just some of the details that go into protecting your company from internet vulnerabilities. In addition to choosing the type of firewall, you’ll want to look for additional features for your firewall such as network address translation (NAT) which allows for private IP addresses, port management which protects your doorways to the internet, stateful packet inspection which reviews incoming unsolicited information, and activity logging and alerts that keep you up to date on your company-wide PC traffic. All of these firewall features give an additional level of protection and help you manage the intricacies of web security.
These are just a few of the considerations when selecting a firewall. If you’re in the market for a new firewall, think it through and dedicate the appropriate amount of time to selecting the right product for you.