Firewalls: Protecting your business from unwanted intruders

October 14, 2010 - 0 Comments

A combination of hardware and software firewalls provides a higher level of security

I got a call from my great aunt the other day. She wants to get online and has just bought a new computer. She’s heard her friends talk about bad guys on the Internet and asked me how she should protect herself. I told her she should get security gear for her computer before doing anything else. I explained that like the security gate at her apartment complex, computer security gear can prevent bad guys from getting inside.

That got me thinking about security for small businesses. What security solution should you use to protect your small business?

You need the equivalent of security gates for your network. Firewalls do precisely that. And though you’ve probably heard of firewalls for computer security, you may not know how they work and whether you should get one for your business.

How firewalls work

Firewalls work to block unauthorized access to computers. Without a firewall, a hacker could penetrate your network and access your critical business information, such as financial data and employee records. Firewalls can protect against other malicious activity on the Internet, such as hackers using “malware malicious programs often disguised as legitimate software to get at your private data.

There are two types of small business firewalls: hardware and software. As a small business, you need both types to protect your network.

Software firewalls protect individual PCs

If you have any experience with or knowledge of firewalls, you’re probably most familiar with software firewalls. They are usually part of comprehensive security software packages for individual computers; for example, Cisco ProtectLink Endpoint for Microsoft Windows, which includes protection against viruses and spyware.

Software firewalls are easy to install, you just follow the on-screen commands to control the level of security desired. You as the system administrator can monitor the flow of traffic coming into and out of the individual system to ensure that everything is as it should be. But that doesn’t mean that you need to actively monitor the application at all times. Most software firewalls are continually updating the software in the background to ensure the system and your business is protected.

Software firewalls are great at the individual computer level. For example, they can protect against malware that an employee may have unwittingly downloaded onto his or her computer at home or brought into work via a USB stick. Software firewalls also provide protection for laptops when mobile employees are away from the corporate network or using public networks like a coffee shop hotspot.

However, software firewalls alone can’t protect your whole network. That’s why you also need the added protection offered by a hardware firewall.

Hardware firewalls protect the entire network

Just as its name suggests, a hardware firewall is a firewall in a physical hardware box. These devices are often sold as complete security solutions that include other networking capabilities, making for a more affordable single investment. Several Cisco RV Series firewall products, for example, provide security, a wireless access point, and a switch all in one device and can serve as the secure entry and exit checkpoint for your entire network.

Hardware firewalls provide a richer set of security capabilities than software firewalls alone. For example, hardware firewalls can monitor network traffic for legitimate and malicious activities, rejecting the latter. Unlike software firewalls, hardware firewalls act as a sort of “clean room checkpoint,” quickly inspecting and acting on data without having to actually download it like a PC would do. Rejected traffic never enters your network.

Also, hardware firewalls allow you to create separate virtual networks within a single physical network so you can control access to sensitive information and set up highly secure wireless access for guests. And hardware firewalls support secure VPN so you can provide remote workers with secure access to your network.

Hardware firewalls are just as easy to install as software firewalls, particularly if you buy a device that’s also a switch and a wireless access point. You just plug the device into your cable or xDSL modem and your network is protected.

Preventing intrusions

Taking security up a level are hardware appliances that combine firewall , VPN and email and web threat protection with intrusion prevention systems (IPSes). Also known as intrusion detection systems, these appliances monitor your network for malicious activities. The unwanted activities are blocked and then reported to you. The IPS on the Cisco SA 500 Series Security Appliances can reset the connection and block traffic from the offending IP address.

What type of firewall are you using to protect your network and data?

In an effort to keep conversations fresh, Cisco Blogs closes comments after 60 days. Please visit the Cisco Blogs hub page for the latest content.