One of the most important parts of a network security plan is a good business class firewall. However, it’s become apparent through conversations had over my career that most folks don’t know what a firewall is, or why it’s important. The goal today is to explain in simple terms the basics of what a firewall is and how they can protect your business.
Firewall basics – What a Firewall does
In the majority of cases a firewall is installed where your network connects to the internet. They serve as a gateway for all data that passes from the internet to your internal network. For most business networks this means that they are the first thing plugged in after the router from your internet service provider. This is what a basic business network typically looks like.
Firewall location in the scheme of the network is important because it allows you to understand that the firewall stands between you and the internet. Its job is to keep bad traffic out, and only allow what you say is ok in.
Blocking Incoming Traffic
One of the most basic functions of any firewall is the ability to block unwanted traffic. This means that the firewalls job is to keep people from outside your network from getting in.
Blocking Outgoing Traffic
In addition to keeping folks out a firewall can screen network traffic from your internal network to the internet. An example of this would be you wanting to block users on your network from visiting inappropriate websites. Some firewalls have this feature built in, and some need an extra software license to do this task.
Another thing that firewalls can do is screen network traffic for unwanted content. Many come with integrated virus scanners that can identify viruses and stop them from entering your network. Again, this feature may require a software license, but offers an additional layer of protection.
Allow Secure Connections to Outside
An additional feature that many firewalls offer is the ability to allow traffic from outside to connect securely to your network. This is typically done with a VPN (Virtual Private Network) which has users authenticate for security. Once done the firewall will pass your traffic to your internal network as if you were at the office.
Another useful feature that IT admins enjoy is reporting that will give you statistics on the traffic on your network. This can allow admins to see what websites folks are visiting, and how much time they are spending there. This can be particularly useful when troubleshooting issues of low bandwidth. It can also arm you with information as an organization that will allow you to tighten up your internet usage policy if your users are wasting time online, or visiting sketchy websites.
Firewall Basics – What does it look like
This is actually a harder question to answer than you might think. There are a few reasons for that. The biggest one is that they can be a physical appliance, or they can be software based. Even the firewalls that are physical appliances can be one of hundreds of name brands. Brand names can help identify them, but their place in the network is even a better indicator sometimes. Here is what a typical firewall appliance from Sonicwall looks like.
The rear is actually the business end of the firewall. That’s where all of the connections and power come in. Typically, these will be labeled somehow so you can easily keep track what is plugged into what port. This example is X0-X8, but that will vary by brand and size of your firewall. Firewalls can vary significantly in shape, size, number of ports etc based on the hardware manufacturer.
Firewall Basics – Which one is right for my business?
What features are most important to you in your firewall selection will depend on your needs for security, throughput and a few other factors. What security features are important to you? Do you have specific reporting needs? How fast is your internet connection? What are your needs for secure remote access?
Firewalls usually have many different models to meet the different needs of the clients that use them. Sonicwall for example has 9 different models currently in their small and medium business line of products. They have an additional 12 models in their entry enterprise line, and even a couple of models bigger than that for true enterprise applications.
Need for Speed
A good place to start is to look at the speed of your internet connection. Do you have 1GB speeds or 10MB speeds? The answer to this question will help you decide on the size of firewall you need. This is important because if you are paying a premium for 1000MB internet speeds and order an inexpensive firewall that only allows 100MB throughput you’ve created a bottleneck. That means that even though you’re paying for the faster speeds no machine on your network will be able to connect to the internet faster than the firewall can pass that traffic.
The way to avoid this is simple. Make sure that the throughput speeds on your firewall meet or exceed the current speed of your internet connection. If you’re thinking about upgrading your internet it might be worth purchasing a firewall that could handle the upgraded speeds. All firewall manufacturers will post these throughput speeds as part of their marketing literature. Check before you buy.
It’s also important to keep in mind that many firewalls will have slower throughput when you turn on additional security features. Make sure that you check the throughput of the firewall with all the features turned on you plan on using. Again, this is typically listed in the manufacturers marketing materials.
Once you’ve determined the size or class of firewall you need based on speeds you should also check that it has all of the security features you need. Most firewalls have the basic abilities mentioned above of blocking traffic. Not all firewalls have advanced security features such as Gateway Anti-Virus, Anti-Spyware, Intrusion Prevention, Application Intelligence and Control Service subscription, Content Filtering and Advanced Threat Protection (Sandboxing).
This article is gear to the basics of firewalls, so we won’t go in depth about any of these features today. All of these security features can add additional layers of security to your network. Talk to your IT solution provider to get an idea of what needs your business has. Many times you can purchase a subscription bundle of these services with your firewall that will be a good fit for your needs.
Secure Remote Access
Another thing to consider when purchasing a firewall is your need to have users connect safely from home or another location to resources on your network. Firewalls can typically facilitate this secure connection via VPN or SSL-VPN. Some firewalls will come with VPN licensing built in, while others offer these licenses at an additional cost.
You should think about whether this will be a need for your organization. Then determine how many users you expect would be connecting from outside your network in this manner. Once you have that number check to ensure that your firewall either comes with the needed licensing, or that you purchase that along with your firewall. This is more important than ever right now considering that a good portion of the world is working from home during the pandemic.
Reporting is another thing on the list worth checking. It’s possible that your business doesn’t have a need to report on internet traffic or usage at this time. If that’s the case than skip ahead. Many businesses will have security compliance or other needs that make reporting a necessity.
There are also advantages to having some of this data from an IT troubleshooting standpoint. Knowing where someone has been on the web can help easily pinpoint the source of problems when they arise.
Take the time to ask your stakeholders if there is a need for reporting from your firewall, and if there is match up the functionality offered so that you can ensure those needs are met.
Firewall Basics – Conclusion
There is a lot to think about when selecting a firewall for your business, and your business SHOULD have a firewall. They are an absolute necessity for all businesses today.
If you find this to be a daunting task, or want some help or advice the experts at i.t.NOW are only a call away. Feel free to reach out with firewall or other IT needs. Stay safe out there.