What are Firewalls?

A firewall protects your computer from attack by unauthorised users, either internally (from an organisation's own users) or via the internet. It is also used to stop your staff accessing certain websites. The firewall is able to do this by inspecting packets of information as they leave or enter the network and then either lets the data through or stops it.

As a result, a firewall can filter information, i.e. information that is sent and received.

The word firewall comes from a comparison originally likened to prevent fires in a building or a ship by using metal walls that could not be burned down. As the fire reaches the firewall it would prevent further damage.

The future of firewalls

All PCs and networks need a firewall simply because as the internet continues to grow and more users gain access, more malicious people will try to gain illegal access to networks, sometimes just for the sake of it, or to steal confidential data or damage users PCs.

Firewalls have to continue to evolve to counter new threats as they develop and as a result, firewalls are here to stay.

Why firewalls?

Leaving your PC or network exposed to the internet without any protection is similar to leaving your car unlocked.

The chances are you may have some valuable items in there and potentially some confidential documents which have been left in a briefcase. As a result, anybody can open the car door and access the interior and its contents. Sure, you could take the risk, but the law of averages dictates that at some point there will either be a break-in or theft of something you value.

This is similar with a PC or a network. Without a firewall it is relatively easy for an unauthorised person to access and steal valuable information, or potentially vandalise and damage your PC.

Types of firewalls

Software firewalls

Advantages:

• Inexpensive.
• Easy to configure.

Disadvantages:

• Needs a computer to run the program and can therefore slow your PC.
• Requires a copy for each PC on the network.

Hardware firewalls

Advantages:

• More reliable and less vulnerable to attack.
• Much better performance.
• Works on its own computer platform (dedicated computer).

Disadvantages:

• Hardware firewalls are more complex than software and as such are very difficult to configure to an organisation's requirements.
• More expensive because they require their own dedicated computer.

Benefits of firewalls

• Secures a computer network from hostile intrusions.
• Firewalls can monitor and record information. This can be of value in determining who is accessing what type of information.
• Firewalls can be used to complement or supplement content and email filtering solutions.
• Firewalls can automatically block most email viruses and malware attacks even before they start.
• Firewalls can be set up to allow access for certain users to access certain information but prevent others from doing so.
• Firewalls can also calculate usage of the internet, i.e. who spends most time using the internet and how this effects the performance of the network.
• Some firewalls can cause constraints or bottlenecks on the network as they concentrate security in one area.
• Organisations need to have a written policy or procedure that outlines what information can be accessed by employees and by whom. A firewall can be used to enforce these policies.

Disadvantages and potential pitfalls

• Because firewalls inspect every piece of information transferred between users sending information or people downloading information from the Internet, they can slow down the network.
• You have to bear in mind that running and managing a firewall can be costly in terms of resources and budget. The issue tends to be about who manages the firewall and who decides the policies, i.e. who can access what information and what websites are appropriate or relevant to the organisational needs.
• Firewalls cannot alert an administrator that pornographic material is being accessed so it is sometimes best to implement a content monitoring or filtering program as well.
• Some firewalls claim to be proficient at protecting networks from virus attacks and other malware. This is generally not the case and the user needs to check how effective the firewall is or purchase third party antivirus software.
• Firewalls can be restrictive in certain circumstances. If, for example, an email with an important attachment such as a business proposal is stopped by the firewall because it is deemed to be in breach of the company's security policies, it might have an effect on the business.
• If a firewall is installed incorrectly it can prevent users accessing important information on the internet.

Buying and installing firewalls

Step one

• Identify the needs of your organisation and your users.
• Understand your requirements - talk to several firewall suppliers.
• It might be a good idea to test or pilot any system before purchase in order to see how effective it is.

Step two

• Choosing the correct firewall depends on the size of your network.
• With your potential suppliers, assess whether you require a hardware or software firewall. This may depend on the size of your organisation and how many remote users you have. If your organisation is relatively small then it may be easier to choose the software option, but bear in mind that these still have to be configured to your requirements and it will need to be copied onto every PC and laptop.

Step three

• Identify the right supplier.
• Use the 'Find a firewall supplier' search box on the right hand side of this page to shortlist suitable suppliers.
• Who has the experience of working with a company of the same size and profile as yours?
• How many similar installations have they made?
• Ask for references - ensure that the supplier is capable and reliable.
• Ask to speak with a couple of their customers in order to see what benefits they have gained.
• Get a credit check to ensure that they are financially stable. You can get this directly from the supplier details in Conjungo.

Step four

• Request a proposal from three or four of your preferred suppliers.

Step five

• Select a proposal.
• Who best demonstrates that they understand your business and your requirements?
• Is the system flexible and scaleable and therefore able to meet future demand? You don't want to find out later that by investing a little more money now you can save money later.
• Is it cost effective? Does it clearly demonstrate the functional benefits - rather than listing features, does the proposal clearly show what the benefits are? There is no point on spending money for system with features that are of no benefit or that you will never use!
• How much will the software (licence) cost?
• How much will the hardware cost?
• How much will software support cost?
• Can any savings be made by agreeing a multi-year contract for support?
• How will your potential supplier support and maintain your system afterwards?
• How much will this cost?
• Have you spoken to a couple of your preferred suppliers' customers?
• Agree on financial terms - you may be required to pay a deposit but do not pay the whole amount in advance of delivery.

Simple steps to install firewalls

It is highly recommended that you have a professional company install and maintain your firewall unless you have an IT responsible person within your organisation that can do it. Unless a firewall is installed correctly, it will cause more problems than it resolves and it can leave the organisation exposed to malicious attacks.

1. Make sure that you have antivirus software installed and regularly updated.
2. Make sure that backups are carried out regularly. Ideally, this should be at least once a week. The reason is that if data or information is lost, it will be possible to retrieve the latest information.
3. Ensure that your organisation has a written security policy. This will ensure that all employees understand what is expected of them from an IT security perspective. This can include:
   
   > Processes and procedures for leaving their PC unattended.
   > What information they can access.
   > How often they should run the antivirus software.
   > Privileges - who can access certain types of information?
   > This may be based upon role, function or job description.
4. Make sure that there is a firewall policy in place and an administrator who can manage and implement it. This is essentially a set of rules that allow users of the network to access certain information and websites while restricting access for others.
5. It is imperative to keep up to date with any enhancements from the manufacturer and to upgrade as and when necessary. You may install the most leading edge firewall but if it is not updated regularly, it can become insecure and therefore vulnerable within a few months or less.
6. You may need to appoint an administrator who can update and set new policies as required, add websites to be blocked or filtered, and add further users when new staff joins the organisation.

In summary about firewalls

A firewall is an essential element of a security policy for any organisation, small or large.

What type of firewall to run, or whether to choose a hardware or software option, will depend on the size of your organisation and if it has many remote users. For small entities with maybe less than 10 PCs it may be more practical to have a software firewall on every PC but any more than this will probably necessitate a hardware firewall.

The key to a successful implementation of a firewall is to ensure that it is correctly installed, regularly updated and that you set proper policies to meet the needs of your organisation and users.

Frequently Asked Questions

What is a firewall?
A firewall protects your computer from attack from unauthorised users either internally (from your organisation's own users) or via the internet. It is also used to stop users accessing certain websites.

How does it work in practice?
The firewall is able to do this by inspecting information (sent and received) as it leaves and enters the network. If it spots any suspicious activity it will alert either the user or the IT department and also put any suspicious files into quarantine ready for inspection.

Why is it called a firewall?
The term is borrowed from ship building. When ships were designed and built, they were sectioned or partitioned so that in the event of a fire, the partitions would prevent the fire from spreading.

Do I need a firewall?
In a word, yes! Without one, you are leaving your PC or network wide open to people who may wish to steal data or damage your PC.

Why do I need a firewall?
A firewall is all part of having a viable security policy in place regardless of whether you are a home user or large organisation with many users.

Not having a firewall is akin to leaving your car doors open allowing all and sundry to steal confidential files that you conveniently left on your seat!

Which is better, a hardware or software firewall?
Most PCs come with a pre-installed software firewall that can be configured to your individual needs. Generally speaking, for home or small business use this is practical and easy to set up. Software firewalls will only protect the PC that they are installed on and not the entire network.

A hardware firewall is a dedicated piece of technology designed to sit in between your PC or network and the internet. Hardware firewalls have the advantage of being able to protect a network.

That said, both have their merits and many people advocate the use of both as added protection. It is best to seek the advice of a potential supplier(s) as the best setup will depend on you and your organisations' needs.

Is it something that I can install myself?
It can be as many people do so at home. However, in an office environment it is wise to get advice and guidance from your chosen supplier because setting up correct policies is absolutely critical to ensuring that your network is protected effectively.

How do I find the right vendors and partners?
Conjungo is a great starting point because it will let you search for a supplier according to your location, company type, size and whether they have the right accreditations. Furthermore, Conjungo is completely unbiased, lists most of the major vendors' resellers, and it's free to use.

Glossary of terms

• Packets - When information, for example an email, is sent via the internet, the email is broken down into pieces of information or 'packets' of information. The packets include vital information including who has sent the information and its destination. This ensures that the information is sent to the correct destination.
• Backup - A backup is a copy of all information, such as documents, spreadsheets and email, that is recorded onto another medium, such as CD, DVD, or memory stick so that in the event of a PC becoming infected by a virus or if a hard disc breaks, the data can still be accessed from the CD, DVD etc.
  
  It is advisable that a backup is taken at least once a week to minimise any data loss. Imagine losing six months of hard work without being to retrieve it. This can have terrible consequences on an individual or organisation.
• Malware - A computer virus is a way of describing a computer programme that has been written specifically to cause damage to your PC. In essence, it is a piece of software that is written to cause as much havoc as possible.
  
  There are many types of viruses including worms, phishing, rootkits, and Trojan horses. They are collectively known as malware.

Back to gounderstand homepage