How to Choose A Firewall That is Right for Your Needs

There are several different options available, all of which depend on the size of your organization, how much money you are willing to spend, and how important it is to your organization to ensure that your information is secure. It is important to bear in mind, that there is no “silver bullet”; no absolute guarantee when it comes to Internet security that your information will be foolproof. However, there are a number of measures that can at least ensure a maximum level of security.

Frank Prince, senior analyst of E-business Infrastructure at Forrester Research is unyielding in his assertion that only those companies with highly knowledgeable IT personnel or with the most complex needs, should attempt to select and implement security measures (firewalls) without consulting an outside security professional. To almost everyone else, his advice is to outsource.
All firewalls act as a gateway between two networks.

Generally this gateway exists between a corporate network and the Internet. The firewall is set up to let a pre-determined group of people onto the network while keep others out.
There are 3 basic types of firewall designs.

1. The first and easiest to implement is packet filtering, which does not keep a record of who exactly is talking to whom. Most routers can be easily configured to do this, however the downside is that it is relatively easy to spoof packets to appear as if they are coming from an acceptable source.

2. The second type improves upon this so that it cannot be circumvented by so-called IP spoofing. Using what is known as “stateful inspections,” a process developed and patented by Check Point Software, packet filtering is enhanced to include multipacket flows.

3. The third firewall design is the application proxy type. In this case, traffic does not go through the firewall but instead the application proxy acts like a server to clients on the trusted network and like a client to servers outside the trusted network.

Moreover, firewalls differ greatly in terms of functionality and feature requirements. There are firewalls that are extremely flexible and configurable operating on dedicated computer systems, such as the Dedicated Cisco PIX Firewall Options employed by Superb Internet. This type of firewall is often used by those organizations that require the ability to configure the firewall to suit their own needs, and have the resources and personnel necessary to do so.

At the other end of the spectrum is the type of firewalls that come as part of an appliance or some other system, and that have limited configurability and flexibility. These types of firewalls are generally designed either for the SME or SOHO environment. Finally there are those firewalls that are built in routers and VPNs, such as the ones employed by Superb Internet using a Shared Cisco PIX firewall service.

One important factor in determining security requirements is the structure of the organization. Obviously, global organizations will require more sophisticated firewall solutions than those organizations with a single office, while one with a number of branch offices will require an even different solution.

Finally it is important for the organization to examine the resources and personnel required to both install and maintain the firewall. Far too often, organizations overestimate their in-house capabilities or fail to recognize that their IT personnel may not even possess knowledge of such matters. At the very least, larger organizations should plan on dedicating at least 2 persons to oversee the implementation of their security undertakings. One person should be responsible for looking after the business side such as contractors, hardware/software acquisitions, etc., while the other should be responsible for overseeing the implementation of the technology, and interfacing with the contractors at the technical level.

To reiterate, Forrester Research counsels that most large organizations should turn to outside assistance, and outsource their security needs. Additionally, most small and medium-sized enterprises should at least look at getting outside consultation. Invariably, almost every organization, no matter what size, can profit by utilizing some level of outsourcing. Most likely, the smaller the organization, the more beneficial it becomes to let someone else manage the security requirements.