In this day and age, every organization should have a good firewall at the perimeter of their network. There are firewalls all over the spectrum and many good options for businesses small and large. For small businesses there are great firewall units designed for the SMB market from companies like Cisco, Sonicwall, and Astaro. For medium to enterprise size organizations, or if you just want that extra capacity, there are some really fantastic devices from Cisco, Fortinet, and Astaro that should give you the functionality and flexibility you need. Regardless of the manufacturer, there are key components which are critical to your network’s security.Here is a short list.
Network Protection should be one of the key features of any firewall, but surprisingly this is a feature not commonly included in many low-end dubbed firewalls.
Intrusion Protection is another key feature of any firewall. This technology applies a certain level of intelligence against all incoming (and sometimes outgoing) connections to determine if a connection is a potential threat. Intrusion Protection often requires a subscription, but in my opinion it is well worth the cost.
protection comes in many varieties from different firewall manufacturers. In some cases, you have the ability to scan web traffic (to help protect end-users from threats found in infected websites), and in other cases there a mechanism to scan all incoming and outgoing email to make sure it is free of any threats. In the best cases, you have the option to protect users from both web and email based threats. I do want to mention that having antivirus & antimalware protection on your firewall should be critical to your IT security planning, but does not replace the need to have Antivirus & Anti-Malware protection on all PCs and servers as well!!
Things you should do periodically:
Renew subscriptions. A firewall device (or any security device for that matter) can only work as well as the software that it runs. This software needs periodic updates to fix potential security holes within itself, or perhaps to help protect against new threats. In some cases these updates offer new functionality which can make management easier, or help protect you in new ways. I cannot stress enough how important it is to keep your network firewall up to date. In fact, it probably isn’t worth spending the money on a good firewall if you are not up to date, since most of the advanced functionality will be obsolete without these periodic software updates and definition updates.
Periodically check open ports and DMZ to make sure you aren’t unknowingly allowing potential threats. As a consultant working with new clients, I always look at the firewall rules. So often I find old rules which open common ports (80, 21, 3389) to unintended systems. Imagine finding out that someone has accessed all of the information on your PC and turned it into a distribution center for a targeted malware all because someone forgot to turn off a rule which allowed Remote Desktop (RDP/RDS) connections through to your PC’s IP address.
Regardless of how methodical we are, and how often we update, as IT pros, it is important to do periodic security/penetration testing. Of course have a full plan of what you will be doing, and get full permission from your organization! Sometimes scanning for open ports, and following public facing portals is the only way you notice a hole in your own security.