FIREWALL: AS A SOFTWARE OR AN APPLIANCE
‘…why go occupy space with that entire hardware when you can get the exact same thing as a software?!’
Segun is a systems administrator of an organization which has about five other branches. He got this job recently, and found that IT in that organization was way below the recommended average. He already topped this up – he got systems, networking devices, and every other thing necessary. But Segun still had a thing to worry about. Security. He knew quite well having anything that goes over the internet needed protection, plus, a way to communicate with other branches, and even more, other branches to communicate with the head office. Segun sought for help, and that was when we had the discussion.
Of course, we both knew quite well the solution to the problem was getting a Firewall. The confusion he had was ‘should he get the Firewall as a software, or get the device itself?’ Doesn’t seem like a big deal, right? Well, it was!
Now, in case you haven’t heard, or have heard but have little or no knowledge what a Firewall is, here’s a brief explanation using a party scenario:
Assume a high strictly-by-invitation party is to hold. Invitations have been sent and guests have confirmed attendance. There would definitely be uninvited guests hanging around trying to sneak in. This is where the bouncers come in. they make sure only invitees get to go in, and kick everyone else away by any means possible. This is similar what a Firewall does, and more. It checks out what goes in and comes out of the network, and decides whether or not to allow or block specific network traffic based on traffic security rules.
Having a high speed internet is perfect, right? I mean, the minimal waiting time for a webpage to load is about 0.00001 second. Everything is nice and perfect for you. Well, it is the same for your attacker too. You get the same high-speed internet benefits since:
Your internet connection is always active and ready to go,
Access is on high speed, so no sluggish network to bore your attacker out, and
Since you’re always active, there’s no change of IP Address. It’s just constant. Making your attacker’s day sweeter than honey!
Knowing you need a Firewall is not enough. You still need to ask yourself some other critical questions like:
Am I protecting just my system, or those of an organization?
How large is the organization?
Do they go over the internet?
What sites specifically do the workers visit?
Does each branch have to communicate?
Firewalls are designed as software, hardware, or both. Each with its own benefit, you have to ask yourself the above questions. For personal use, most OS are built with Firewalls in them. In most cases, all you have to do is activate or deactivate the service. You are also provided with the ability to allow or disallow certain networks, programs, or features. Basically what a Firewall is about, right? A software Firewall: no stress of wirings and connections a device that does the same would need.
Segun thought the same too; which brought up the thundering space-occupying question.
What could possibly make one recommend a device, instead of the software of the same functionality? This would be better understood by explaining types of Firewall grouped by how the work.
Firewall as a Proxy
As the name implies, proxy Firewalls hide the identity of the device, connects to the internet, sends and gets responses from the requested sites and receives data on behalf of the device. It then analyses each packet and delivers only packets allowed. In other words, proxy servers act as intermediaries between a local area network and the internet as a whole, and has its own IP Address.
Firewall using the Stateful Inspection method
Access or blockage of network traffic is based on the state of the connection, the port being used, and the protocol. Thorough packet inspection is performed down to the application layer. When a request is sent from an in-house device, the Firewall inspects the packet thoroughly, saves the port and protocol details, and sends the request. When it receives response, it performs the same examination process, and decides which packets to allow based on the administrator’s defined parameters.
Unified Threat Management Firewall
UTMs are the most used, and most required IT security policy in organizations. They work just like the stateful inspection Firewall does – read from a database of packets, select matching packets according to admin defined policies, and sends or blocks packets depending on the database match. In addition, UTM Firewalls prevent intrusion and provide anti-virus services.
In a home or small business setting, this would be perfect – just run the UTM Firewall software on your PC, and you’re good! But really, think about Segun’s workplace: A head office, several branch offices, shareable documents, communication between branches, high-speed internet. Rather than looking for completely varying means of solving each of these problems, a UTM Device would serve just right.
UTM devices are the same UTM Firewall, and then more:
It balances network load.
It prevents data leaks,
Blocks hackers, and worm attacks in general,
Prevents intrusion and protects systems from threats.
As a system’s administrator, you will need a reporting system (for network tracking, device monitoring, and so on), create VPNs to allow systems in separate branches communicate with ease, Web Control policies explicitly stating what is allowed to go in and out of the network and much more services that would ease the job of the administrator. All needed is a little cabling and configuration.
These explanations made Segun realize how best he could help his organization, and make his job much less stressful just with one solution.
Hence, before deciding on how to secure your system(s), be sure to put all conditions into consideration.
Writer:Oluwatimilehin Oluyinka is a seasoned IT Administrator with Summitech Computing Limited with vast experiences in application support and server administration.