Firewalls play a critical role in
protecting an organization’s network from a never-ending list of Internet-borne
threats. Firewall selection also often determines how easily remote locations
connect to centralized systems to access essential resources or to complete
important tasks. When you choose a hardware-based firewall, consider these 10 factors to ensure that your business maximizes
its investment, security, and productivity.
1: Trusted security
Numerous entities market unified threat
management devices. With a variety of business models, some network security devices include a
broad range of features and services at premium prices, while others include
only essential services but for lower cost.
Be sure to select a well-recognized and
trusted platform. Barracuda, Cisco,
SonicWALL, and WatchGuard are among the brands having carved market share, and
they’ve earned that market share for good reason: They deliver trusted
security. Whichever brand you select, confirm that the firewall is ICSA
certified, the industry standard for packet inspection.
2: Approachability
Global multinational enterprises typically
require excessive security controls, but even those organizations that need
tremendous protection don’t have to limit themselves to command-line-only
configured equipment. Many firewall models deliver tight security and offer
GUI-friendly administration.
The benefits are several. GUIs help prevent
installation mistakes. GUIs make it easier to diagnose and correct failures.
GUIs make it easier to train staff and implement changes, upgrades, and
replacement.
When selecting a hardware-based firewall,
consider the benefits of approachability. The easier a platform is to
administer, the easier it will be to locate professionals capable of
installing, maintaining, and troubleshooting the platform.
3: VPN support
A firewall’s purpose isn’t just to keep
hackers and unauthorized traffic out of the network. A good firewall also
establishes and monitors secure channels, enabling remote connectivity. Look
for a hardware-based firewall that supports both SSL- and IPSec- protected VPN
connections from similar devices (for point-to-point or site-to-site VPNs), as
well as secure connections from traveling employees.
4: Capacity
Firewalls, due to their network role,
typically serve as an organization’s Internet gateway. Smaller offices may
leverage a firewall in a dual capacity, to serve as both a security device and
as a network switch. Larger organizations, meanwhile, usually just drop the
firewall into a larger architecture in which the firewall’s only role is to
filter traffic.
Confirm that a firewall can manage assigned
loads. This means ensuring that it has the appropriate number of Ethernet ports
and the appropriate speeds (10Mbps/100Mbps and/or 1000Mbps, if necessary). But
there’s more. Ensure that the firewall you select and/or maintain has the CPU
capacity necessary to perform packet inspection, gateway security services, and
routing functions.
Pay close attention to the manufacturer’s
recommendations for maximum node support. Exceed a router’s capacity and you’ll
experience errors, flat-out traffic denials due to lack of licenses, and/or
unacceptable performance.
5: Technical support
Hardware fails. Worse, just because a
device is new and fresh from the factory doesn’t mean it will work properly.
Check that 24×7 technical support is available and implement technical support
contracts with the firewall’s manufacturer.
Before purchasing, call a manufacturer’s
technical support team and ask configuration and deployment questions. The
quickness and accuracy of the responses you receive will reveal much as to the
service you will receive when the unit fails in the field.
6: Secure wireless
Even if an organization doesn’t believe
it’s needed, consider hardware-based firewalls that include wireless network features. IT staff can deploy the units with the
wireless service disabled. The costs of adding WLAN functionality to a new
purchase are incremental, yet when guest access or network flexibility is
required, secure wireless connectivity is just a few clicks away (and an
entirely new router need not be
purchased). And as an organization’s needs change, the WLAN functionality may
prove necessary.
7: Gateway security services
Many organizations successfully reduce
costs by centralizing virus, spyware, and spam protection on their firewall.
When comparing firewall capabilities and determining total costs of ownership,
factor the cost savings that can result if you deploy these services on the
firewall device, versus a traditional domain controller or other server.
8: Content filtering
While many IT departments are migrating to
OpenDNS for content filtering purposes, some firewall manufacturers offer Web filtering
subscriptions. The benefit is that all the network services associated with a
business, from gateway security services to content filtering, can be
consolidated on a single device. The drawback is that you have to pay for the
privilege.
When reviewing potential hardware-based
firewall solutions, consider your organization’s needs and budget. Determine
whether content filtering should be administered from the firewall. If the
answer is yes, select a firewall that supports reliable, proven content filtering.
9: Advanced monitoring and reporting
Firewalls manage critical network tasks.
Repeatedly throughout just one business day, a single router can block
thousands of intrusion attempts, detect consolidated attacks, and log failing
or failed network connections. But this information is helpful to network
administrators only if it’s available in a readily accessible format.
Look for firewalls that not only monitor
important events, but that also logs this data in compatible formats. A good
firewall should generate email alerts, too, at least for critical events.
10: Failover
Some organizations require WAN failover, or
redundant Internet connections with automatic fault detection and correction.
Many firewall models don’t have
support for automatic failover. If that feature is critical to your
organization, confirm that the model you select includes seamless failover;
don’t assume high-end firewalls include such functionality by default.
In addition, make sure the model you select
supports the failover methods your organization will use. For example, a unit
possessing two RJ-45 WAN Ethernet ports will do no good if the second
connection is to run off a cellular card. In such cases, appropriate integrated
USB support for GSM cards or adapters may be required.
No comments:
Post a Comment