Do I Need a Firewall?
The simple answer is YES.
The majority of Companies in today’s market store all their records electronically. This means that if anyone is able to access your network, they could have full access to all your business information. This could potentially give an intruder access to your accounting software, payroll information, customer’s credit card detail etc. The consequences could range from inconvenience to business ending disaster and see company directors and management in jail, bankrupted and worse.
Firewalls act as a barrier between the Internet and your business. All traffic going to and from your business will travel through the firewall and anything that does not match the rules specified in the firewall will be blocked. This gives you the option to control what traffic comes into and out of your network.
There are two (2) different types of firewalls:
Software firewalls are programs installed on your computers. These protect you by filtering all traffic through the set of rules when traffic arrives at the computer running the firewall software.
The advantage is these are cheap and often free. All versions of Windows since Windows XP SP2 have included a free basic firewall feature.
The disadvantages are that they normally only have a limited set of rules that can be configured so they are not powerful and most importantly, traffic has already arrived at your computer before it is being filtered. It means potential risks are already at your last line of defense when you try to stop them.
Hardware firewalls are separate pieces of hardware installed in your network that running independently of your computers. There are two (2) types of hardware firewall:
a) Routers with Firewall capability inside them and
b) A dedicated Firewall appliance.
Routers work to direct traffic through your network and at the edge of all businesses with a connection to the Internet is a router. It is normally at this router that acts as your Internet gateway that the firewall capability is applied. Traffic is firstly processed by the Firewall but generally only incoming traffic and then passed to the router part of the device to decide where the traffic is going too. The focus of these devices when they are designed is the routing and Internet connectivity part of their logic and the firewall capability is added on. Generally the processing capacity of the device is also quite low because it is designed for routing not evolving security risks which over time require greater and greater processing capacity in the firewall component to do effectively. So the designers of these type of firewalls generally accept poorer security outcomes for the benefit of performance.
Dedicated firewall appliances are specifically designed to filter network traffic. They may do routing too but this is generally a capability that is required of a device in its place in the network, not a design requirement. Dedicated firewalls apply techniques to maximise their performance at filtering traffic and each vendor has their own way of approaching this but all fundamentally are built to maximise the acceptance and rejection of traffic. With a design focus on security rather than routing, dedicated firewalls are better able to integrate solutions to combat emerging threats and offer greater processing capacity potential for the future than a router based firewall.
Having a firewall means your network is safer as you are able to control what is happening within its boundaries. Having a firewall in your router or a dedicated firewall means you can stop threats before they enter your network. Recently there have been cases where hackers have remotely broken into businesses and encrypted all of their business data. The business is then held to ransom for thousands of dollars. Once you are the victim of this type of attack there is only two (2) ways to get your data back. Restore from backups or paying the ransom. Neither is palatable and both will cost you money, business and potentially your reputation.
Having a professionally configured and monitored dedicated hardware firewall is the best possible way to stop these kinds of situations eventuating. Having anything less can result in leaving yourself at risk for potential attacks and major business impact.