Every small business should have a firewall for their network. They can prevent unauthorized users from getting access to corporate information and stop malicious software from being downloaded onto your computers.
You should obtain a firewall that protects against inbound and outbound threats. You’re probably familiar with inbound threats – they can be anything from hackers attempting to breach your network to malicious software attempting to install itself on your computer. Outbound threats can be dangerous too, however, especially with the preponderance of instant messaging and file sharing. If you want to fully protect your network, make sure the firewall can handle both.
Most firewalls aren’t compatible with each other and won’t work properly if they are active at the same time. You will thus want to remove or disable the Windows Firewall, shareware firewall, or any other firewall that might be on your computer. It will give you an alert that you’re about to leave your network unsecure, but as long as you have the other firewall, you should find.
You should have your IT department set up a syslog server to compile the alerts that occur when someone tries to breach the firewall. You can then review the firewall logs at a later time to see how people are trying to access the network and fine tune the firewall as needed. It can also show you which blocked ports on your network would benefit from being opened.
You should generally choose a firewall from a company that’s been in business for a while. Newer and untested vendors run a greater risk of going out of business, and if that occurs you won’t be able to contact the technical support team if something goes wrong with the firewall. You will also no longer be able to receive software updates for the firewall as time goes on.
Egress filtering is a specialized method for making sure that unauthorized traffic cannot leave the internal network. It can be particularly useful against bots that manage to successfully infiltrate the network and attempt to dial home on an IRC server. Many companies don’t take advantage of egress filtering, however, despite the general ease of implementation.
Most companies choose either a software firewall that is installed on each computer or a hardware firewall for the business. If you’re truly concerned about keeping your data safe, if may be a good idea to get both. You will have a backup in place if either one should be compromised, and know that you’ve protected your corporate secrets to the best of your ability.