In order to protect your company’s data that resides on your internal network from predators who stalk the World Wide Web, a firewall is an absolute necessity. Sitting right in the middle between the outside world and your internal network, the firewall prevents malicious traffic from the outside from getting to your precious intranet.
There are various firewall vendors who offer different kinds of solutions. We’ll take a look at a few of those here, as well as what you’ll need to purchase in addition to the firewall itself.
Before We Begin
Before considering purchasing any kind of firewall, spend some time thinking about what needs to be protected on your network and how severe the consequences of an attack might be. Do a security risk assessment. Having an understanding your vulnerabilities upfront will help in determining how much money and time your company should spend on a firewall purchase.
There’s one other thing to consider in regards to the purchase of a firewall. Remember that the true cost of a firewall consists of more than just the cost of the physical hardware. You’ll need to take setup and maintenance into account, as well as training and regular updates. Most firewalls are sophisticated pieces of hardware and require someone with special knowledge to work on them.
Basic Purchasing Advice
Before looking at some specific vendors and what they offer, let’s first consider some basic purchasing advice. All mainstream firewalls have the same core functions. Therefore, in order to determine which firewall is best for you, hone in on functional requirements. This is where you’ll begin to see the differentiation. For example, ask yourself whether you need to emphasize network throughput or enhanced security features.
Consider the vendor as well. Your firewall is going to be a long term investment. Besides paying for the product, your administrators are going to invest significant time and energy building and customizing a rule base for the product. These rule bases usually are not portable between platforms, so any future platform change will require a further significant investment as rules are rebuilt for the new product. Therefore, choose stable companies with solid financials. Don’t go with the new kid on the block just because they’ve got a snazzy product for a great price. Chances are, they’ll be out of business in a few years and you’ll be stuck with a product that no one supports.
For our purposes, we’ll take our own advice and look at solid vendors.
Cisco – Cisco is generally recognized as the overall leader in the networking arena, and their firewalls are some of the best you’ll find on the market. Cisco takes a different approach from other vendors, embedding network security throughout the network and integrating security services in all of its products. The end result is that network firewall security becomes transparent, scalable, and manageable in the business infrastructure. The company offers several integrated network firewall solutions: the ASA 5500 series, which controls network access at the WAN edge or within the LAN; the Cisco IOS Firewall, when helps control application traffic; the Firewall Services Module (FWSM) for Catalyst 6500 Series Switches and 7600 Series Routers, which allows a port to act as a firewall and protect traffic within the LAN or at the network perimeter; Embedded Firewall Services in the ASR 1000 Series Routers, which adds firewall functions at the network perimeter to protect network services; and finally, a Web Application Firewall, which helps XML-based application traffic securely reach its destination. All of these solutions can be deployed either as stand-alone products or in conjunction with one another to provide the best security possible.
SonicWALL – SonicWALL is another respected name in the network security arena. The company’s Next-Generation Firewalls can scan every byte of every packet for the deepest level of protection available. With multi-core architecture, all network traffic can be scanned while delivering high performance and low latency. Some of the company’s offerings include: SuperMassive E10000 Series, which is built to meet the needs of enterprise, government, university, and service provider deployments; the E-Class NSA Series, for enterprises; the NSA Series, which provides application control, intrusion prevention, and gateway malware protection for mid-sized offices; the TZ series, offering high performance and multi-layered UTM protection that includes filtering, anti-spam, gateway anti-virus, anti-spyware and intrusion prevention for small networks; the WXA Series, which is a WAN Acceleration Appliance; and the Clean Wireless Series, offering high performance 802.11 technology with high performance wireless security.
Juniper – the last vendor we’ll look at is Juniper, a company that is growing and gaining more of a foothold in businesses for data protection. The company boasts that their “security solutions provide fine-grained access control that identifies, mitigates, and fully reports on the most sophisticated security threats of the moment.” Some of their products include: the IDP Series Intrusion Detection and Prevention Appliances, which offer comprehensive inline network security from worms, Trojans, spyware, key loggers, and other malware; ISG Series Integrated Security Gateways, high performance hardware units that are designed to deliver scalable security for large enterprises, carrier and data center networks; the Netscreen Series Security Systems, providing flexible network access security solutions for medium and large enterprise companies, as well as service providers; the SSG Series Secure Services Gateways, which deliver high performance and network access security with flexible LAN and WAN connectivity options for small companies up to large enterprises.
Whatever firewall choice you decide to go with, you’ll need to make sure it’s compatible with your Internet Service Provider (ISP). If not, you may need to purchase some additional equipment to integrate it into your environment.
As mentioned earlier, firewalls are sophisticated pieces of hardware that require people who have been trained on them to install, configure, and maintain them. You’re going to need to purchase some kind of installation and setup support, perhaps some consulting, and you’re also going to have to invest in training the staff at your company that is going to use the product. Having at least one person onsite who understands the product is much better than having to call out a consultant every time there is an issue.
There are many firewall options you can pursue, not just in terms of the number of vendors out there, but also in terms of the different types of products each vendor offers. Be sure to do your Security Risk Assessment so you know upfront what your issues are and what you need your firewall to do. That will help as you being to work with vendors to decide on your ultimate solution.