How to Choose A Firewall That is Right for Your Needs

Every company on the Internet today, regardless of size, requires some measure of perimeter access control (firewall). Even Microsoft, with its in-house expertise and intricate security measures, has been susceptible to outside intruders. With the emergence of more insidious and sophisticated virus/worms, such as NIMDA and the multiple variations of the Code Red worm, security measures are more urgent than ever.

There are several different options available to control external intruders, all of which depend on the size of your organization, how much money you are willing to spend, and how important it is to your organization to ensure that your information is secure. It is vital to bear in mind that there is no absolute guarantee that your information will remain impenetrable. However, there are a number of measures that can at least ensure a maximum level of security

Frank Prince, senior analyst of E-business Infrastructure at Forrester Research is unyielding in his assertion that only those companies with highly knowledgeable IT personnel or with the most complex needs, should attempt to select and implement security measures (firewalls) without consulting an outside security professional. To almost everyone else, his advice is to outsource

All firewalls act as a gateway between two networks. Generally this gateway exists between a corporate network and the Internet. The firewall is set up to let a pre-determined group of people onto the network while keeping others out.

There are 3 basic types of firewall designs

1. The first and easiest to implement is packet filtering, which does not keep a record of who exactly is talking to whom. Most routers can be easily configured to do this; however, the downside is that it is relatively easy to spoof packets to appear as if they are coming from an acceptable source.

2. The second type improves upon the first so that it cannot be circumvented by so-called IP spoofing. Using what is known as "stateful inspections," (a process developed and patented by Check Point Software) packet filtering is enhanced to include multipacket flows.

3. The third firewall design is the application proxy type. In this case, traffic does not go through the firewall but instead the application proxy acts like a server to clients on the trusted network and like a client to servers outside the trusted network.

Moreover, firewalls differ greatly in terms of functionality and feature requirements. There are firewalls that are extremely flexible and configurable, operating on dedicated computer systems such as the Dedicated Cisco PIX Firewall Options employed by Superb Internet. This type of firewall is often used by those organizations that require the ability to configure the firewall to suit their own needs, and have the resources and personnel necessary to do so.

At the other end of the spectrum is the type of firewall that comes as part of an appliance or some other system, and that has limited configurability and flexibility. These types of firewalls are generally designed either for the SME or SOHO environment. Finally, there are those firewalls that are built in routers and VPNs, such as the ones employed by Superb Internet using a Shared Cisco PIX firewall service.

One important factor in determining security requirements is the structure of the organization. Obviously, global organizations will require more sophisticated firewall solutions than those organizations with a single office, while one with a number of branch offices will require an even different solution

It is important for the organization to examine the resources and personnel required to both install and maintain the firewall. Far too often, organizations overestimate their in-house capabilities or fail to recognize that their IT personnel may not possess knowledge of such matters. At the very least, larger organizations should plan on dedicating at least two people to oversee the implementation of its security undertakings. One person should be responsible for looking after the business side (such as contractors, hardware/software acquisitions, etc.), while the other should be responsible for overseeing the implementation of the technology and interfacing with the contractors at the technical level.

To reiterate, Forrester Research counsels that most large organizations should turn to outside assistance and outsource their security needs. Additionally, most small and medium-sized enterprises should at least look at getting outside consultation. Invariably, almost every organization, no matter what size, can profit by utilizing some level of outsourcing. Most likely, the smaller the organization, the more beneficial it becomes to let someone else manage the security requirements.