We’ve talked before about the importance of remote security for your business data; now let’s hone in on your first line of defense…your network firewall. Your firewall is your first line of defense, a protective barrier around the castle that is your small business; your castle is only as secure as its defense barrier.
A network firewall is a security device that is used to stop or reduce the impact of unauthorized access to your computer network. Firewalls allow users to access data and resources within the network while keeping out viruses, malware, and unwanted users (e.g. hackers!) The firewall analyzes incoming traffic through a pre-established set of rules, and they prevent traffic from unsecured or suspicious sources.
Firewalls can be hardware or software based. Hardware devices are usually (though not always) built into the router or other networking device. Software firewalls are installed on a computer or provided by an operating system or the network device manufacturer.
Do you really need a network firewall?
The short answer is yes.
Let’s imagine that one of your employees is working remotely. They decide to take a little break and head to a local coffee shop to work for a bit (masked and sitting outdoors of course!) But if they use their personal computer on a publicly accessible IP address with no firewall, then any network service running on their device is at risk for a security attack. That means your business data is at risk!
Having a secure network firewall in place (in addition to ongoing security training for your employees) ensures that whether your team is working remotely or going into the office, your data is safe from attack. As more and more small businesses move to remote-work models, securing your network is the best first step you can take to protecting your data.
Types of Firewalls
As a business owner, you have more options than ever before when it comes to selecting the right firewall for your small business.
Stateful Packet Inspection (SPI)
SPI (also called Dynamic Packet Filtering) examines traffic streams from end to end. They analyze and inspect packet headers and can provide proxy services. SPI works at the network layer and is more secure than basic packet filtering firewalls. The filter decisions are defined by the administrator and also the context, which uses information from previous connections and packets that belong to the same connection. It creates a checkpoint at the traffic router and inspects information such as destination and origination of IP address, packet type, and port number. However, it doesn’t open the packet to inspect contents; it inspects surface level information and if that information doesn’t pass the inspection, it drops the packet.
This type of firewall is simple and not resource-intensive, but the downside is they can be easier to bypass compared to firewalls that have a more robust system of inspection.
This is another simple type of firewall that quickly approves and denies traffic by verifying the transmission control protocol (TCP) handshake. This handshake check ensures that the session that the information packet originated from is legitimate. This is a resource-efficient solution, since these gateways do not consume large computing resources.
But as with SPI, this firewall does not check the packet itself. A packet could contain malware but have the right TCP handshake, allowing it to pass through and access your data. A circuit-level gateway is not strong enough to protect small business data by itself.
Stateful Multilayer Inspection (SMLI) Firewalls
SMLI firewalls provide end-to-end monitoring of traffic and use rules that are set by a network administrator. These rules are based on protocols, ports, and states, and govern access to the network. This type of firewall combines both packet inspection technology and TCP handshake verification, providing a double-level of protection.
The drawback here is that these firewalls slow down the transfer of even legitimate packets and put more of a strain on computing services.
Proxy Firewalls and Network Address Translation (NAT) Firewalls
A Proxy firewall acts as an intermediary between two end systems, a kind of gateway from one network to another. It works at the application layer to filter traffic between your network and the traffic source. Traffic is evaluated through a set of security rules and then permitted or blocked. Proxy firewalls mask your IP address and provide a complete and protocol-aware security analysis, monitoring traffic for layer 7 protocols such as HTTP and FTP. They also provide content caching and preventing direct connections from outside the network.
Proxy firewalls are also capable of performing deep-layer packet inspections and verifying that they do not contain malware. If a packet is approved to connect, the proxy sends it off, creating an extra layer of separation between the system where the packet originated and the devices on your network.
NAT Firewalls are similar to proxy firewalls in that they act as a gateway between a group of computers and outside traffic. They allow multiple devices with independent network addresses to connect to the internet using a single IP address. This keeps individual IP addresses hidden and provides greater security against hackers or other attacks.
These firewalls are delivered from a cloud-based solution or another proxy device, building upon the security of both those systems. The proxy firewall works to establish a connection to the source of traffic and inspects incoming data packets, rather than letting traffic connect directly. They also look at both the packet and the TCP handshake protocol.
While this type of firewall creates additional protection for your network, the downside is that the extra steps of data transfer can significantly slow down your reception of data.
Next-generation Firewalls (NGFW)
NGFWs combine traditional firewall technology (such as stateful inspection) with additional functions such as encrypted traffic inspection, integrated intrusion prevention systems, anti-virus systems, application awareness that views and blocks risky apps, TCP handshake checks, and both surface level and deep packet inspection. Deep packet inspection examines the data within the packet itself and allows users to be more effective in identifying and stopping packets with malicious data. More and more companies are using Next-Gen firewalls to block modern and increasingly savvy threats such as advanced malware and application-layer attacks. These include intrusion prevention systems (IPSs) that work to automatically stop attacks against your network.
One challenge with Next-Gen firewalls is that there is not a single definition to what it is capable of. All the benefits listed above might be included in your firewall, or they may exist in any combination of those services. It’s important to do your research or partner with an expert when selecting a Next-Gen firewall, to ensure that you are getting the benefits and capabilities you want before purchasing.
Tech Masters can help you assess your protection needs and your most pressing threats and help you select and set up a firewall that will protect your business in the long-term.
“Do you REALLY need a firewall? The short answer is yes.”
Want new articles sent right to your inbox?
Subscribe to our Monthly Tech Guide.
More Blog Posts
Recovering Lost Data: Business Guide to Data Recovery The purpose of a data recovery plan is to give yourself an immediate course of action to protect your small business data. The more comprehensive your plan, and the faster your response time, the more likely that...
How to Evaluate Your Business Website Business IT Self-Assessment - Part 9If you run a small business in 2021, it goes without saying that you need to have a business website. One of the more complex sides of creating and managing a business website is deciding...