Firewalls have evolved far past their old days of port-based, two-way network traffic approvals. However, with these advancements comes another pressing question: How do you know you’re choosing a firewall that will protect your small business from actual cybersecurity threats — and do you even know what those threats are?
In this guide, we’ll discuss how firewalls serve as the foundation for your organization’s internal network security, plus tips for choosing which firewall is best for your applications.
What Is a Network Firewall?
In its simplest definition, a firewall acts as the primary security barrier for incoming and outgoing traffic on your network. Firewalls are designed to perform several essential IT security functions to protect your network from security threats. They do this by reading traffic information that’s leaving or entering your network and determining whether it’s is safe, according to preprogrammed definitions.
Main Components of Network Firewalls
To execute its cybersecurity functions, firewalls will contain a series of pre-programmed security features, each taking care of a specific network defense layer.
Some of today’s top defense functions you’ll find across firewall products include:
- Packet filtering: It’s a primary and near-ubiquitous function of both software and hardware firewalls to filter safe data packets — the individual units of data that deliver the vast gamut of internet capabilities and content.— through a tunnel according to its definition files. (REMOVE)
- Router functionality: Many pieces of firewall hardware double as routers, which allow all your devices to connect to your wider area internet network.
- On-premises authenticator: Many firewalls contain built-in advanced traffic monitoring with traffic rule sets that recognize and log permissible devices or IP addresses while blocking those that are unrecognizable.
- Malware scanning: Firewalls may contain a layer of malware scanning technology to ensure attachments, links, downloadable files and web pages are not harmful before allowing them to enter your network.
- Remote access portal: Firewalls are essential to allow remote employees to access your network, including important databases, files and applications. They work by trafficking remote users through a secure virtual private network (VPN) tunnel.
- Website filtering: Firewalls can also have specific website filters integrated into its definition files. With this feature, you can block specific websites based on condition categories or purely on the web domain’s name.
- Email spam filtering: Since email is one of the most targeted platforms for phishing and other social engineering schemes, some firewalls havebuilt-in email and spam filtering to ensure only safe content passes through.
- SSL encryption: The most advanced firewalls today carry SSL encryption capabilities, which allow you to safely exchange sensitive information and data across networks. SSL encryption is a next-generation feature, ensuring your network defenses remain robust and proactive amidst new security threats.
Not all these features will be available in every type of firewall. When picking a network firewall for your small business, it’s essential to consider your main threat vectors — the attack surfaces or digital domains most at-risk for outside threats. From there, you can inquire with OEMs about the specific affordances included in their products, then select the best-fit solution for your needs.
Different Types of Firewalls
Today, there are four general categories of firewalls, each with their own distinguishing architecture and cyber-defense specialties. These options include:
1. Packet filterers: Packet-filtering firewalls filter incoming and outgoing data packets against pre-programmed criteria to determine whether they are safe or not. Packet filterers may or may not have built-in routers to direct that data packet appropriately once safely scanned. They do, however, operate at the same traffic junctions as hardware, like routers and switches, and are subsequently conflated with the two.
2. Circuit-level firewalls: Circuit-level firewalls do their work at the initial networking level, or right as two separate devices attempt to communicate with one another. They monitor variables like IP sources and transmission control protocols (TCPs) to deem if the devices wanting to communicate are trustworthy. Note that this type of firewall technology does not scan the data packets exchanged during communication.
3. Stateful and proxy firewalls: Stateful, or state-aware, and proxy firewalls perform both the functions of packet filterers and circuit-level firewalls. While it’s a comprehensive firewall option for businesses of any size or field, stateful and proxy firewalls have been known to strain network performance, namely your bandwidth speeds, which can generate inconvenient lag times for your team.
4. Next-generation firewalls: Next-gen firewalls maintain the widest array of traffic inspection and threat mitigation layers. They offer extra features such as antivirus, malware and email spam scanning, as well as advanced monitoring capabilities, such as deep packet inspection, which allows you to continually monitor all internet browsing sessions and communications occurring on your network.
Hardware vs. Software Firewalls
In addition to the four main types of network firewalls, your organization must consider if hardware or software firewall technology is a best-fit:
- Hardware firewalls: As the name suggests, a hardware firewall is a physical piece of equipment. Hardware firewalls are typically installed and connected via cables with your cable modems and routers and offer protection across your entire network from one single piece of IT equipment.
- Software firewalls: Software firewalls, by contrast, are installed on individual devices. For example, a smartphone, laptop and tablet will all contain their own firewall software pre-programmed within.
In many cases, the best solution is to combine hardware and software firewalls. Each option makes up for the other’s weaknesses, resulting in a robust, comprehensive barrier of security.
Pros and Cons of Hardware Firewalls
There are a few advantages and disadvantages surrounding hardware firewalls. Some of the benefits to consider include:
- Simplicity: A hardware firewall is meant to protect your whole network., which can simplify things. When you make updates, they’ll automatically apply to every user. This centralized model may ultimately cost a company less than installing software on individual devices.
- Scalability: Because a hardware firewall is a single solution, it’s able to handle more users that are added to your network without needing to make any changes or install software on these new devices.
- Speed: Hardware firewalls are a dedicated network device, meaning they scan inbound and outbound data packet patterns much quicker than most other firewalls. It shouldn’t negatively affect your organization’s bandwidth performance.
- Strength: A hardware firewall tends to be a more difficult target for malicious software than software firewalls, which can mean stronger protection.
The disadvantages to a hardware firewall are:
- Cost: One deterrent some companies face when purchasing a hardware firewall is the cost. Hardware firewalls tend to cost more than software solutions, but they are still relatively affordable compared to other types of technology you likely have at your business.
- Configuration: If you’re installing your firewall yourself, a hardware firewall may seem more complicated to configure than a software firewall. However, if you opt for a professional installation, this isn’t a problem.
- Capabilities: The majority of hardware firewalls cannot inspect the actual data content being trafficked on your network — and cannot inspect encrypted traffic like ever-prevalent HTTPS sources. It can only note the request for initial network access, permitting access so long as the packet pattern isn’t on its programmed blacklist.
Pros and Cons of Software Firewalls
Like its hardware cousin, software firewalls have unique benefits and a few limitations. Some of the benefits include:
- Personalization: Software firewalls allow more granular traffic controls. You can prevent entire websites from entering your network, as well as specific web content. You can also create restricted user access across network programs and devices themselves. For example, only a handful of employees can use the wireless printer or log into a cloud database housing private customer information.
- Price: Software firewalls cost much less than hardware firewalls, which can make them a more economical choice in some instances. For example, if your office only consists of a few people using devices, then software installations on each device may add up to less than a hardware firewall router.
- Portability: One main advantage of software firewalls is that they continue to work on a device, no matter where that device is located — this means telecommuting employees can continue to use their laptops and enjoy the same level of protection as if they were at the office.
Software firewalls also come with some disadvantages, including:
- Lag: Since software firewalls are installed on devices, they draw on the resources of those devices to operate. That means part of your memory and disk space is going to the firewall, which can slow down your system and cause some lag.
- Lack of scalability: When you’re looking for a solution for a large network of devices, or you want to be prepared for your business to grow, choosing software firewalls means you’ll have to install software on every single device and update each separately over time.
- Limitations: Because software is usually installed on the very device it’s trying to protect, it’s limited in the level of protection it can offer. By the time the firewall reads traffic that comes in, it has already entered your system to an extent.
Factors to Consider When Choosing a Firewall
Deciding what to look for when choosing a network firewall for your small business is one of the most important IT decisions you’ll make. Ask yourself these questions when picking the right network firewall to fit your organization’s unique security risks, current business scale, maintenance capabilities, budget and more:
1. What Are Your Top Security Threats?
All types of firewalls serve a similar defensive function: to monitor network traffic, ensuring only code it reads as well-intentioned can pass through for employees using the internet at your workplace.
Today’s top security threats for small businesses require firewalls that do more than follow perfunctory “good” or “bad” definitions, though. At a minimum, consider different types of firewalls designed to boost the security of specific workplace applications — often ones that are business-critical, such as:
- Email spam filtering, with firewalls able to look at the entire string of packets involved in an incoming or outbound email exchange rather than just approving based on source and destination ports or IP addresses.
- SSL encryption, particularly if your organization stores sensitive customer or client information, as well as meets certain industry regulations around personally identifiable information (PII).
- Virtual private network protections, or firewalls with specific, dedicated tunnel layers managing devices on your network in remote locations.
- Web-domain blocking, for security as well as general workplace productivity — but with the transparency and the consent of your employees.
You’ll also need to note the degree of advanced features truly necessary for your operations. For example, next-generation firewalls are frequently installing sandboxing defenses to meet today’s increasingly complex malware hidden in hyperlinks.
When you or an employee clicks a link, a sandboxed-enabled firewall triggers a warning allowing you to open the link in a test virtual environment. There, the firewall analyzes its packet behavior to determine its safety and authenticity before allowing you to move forward in your link interaction.
2. What’s Your Interconnected Network Ecosystem Like?
Take inventory of your complete IT ecosystem by performing an infrastructure audit. Account for your full array of devices operating on your network in a typical workday, including:
- Laptops (personal and work-provided)
- Smartphones (personal and work-provided)
- Tablets (personal and work-provided)
- VoIP phones and teleconferencing equipment
- Printers and copiers (traditional and wireless)
- Current operating systems
- Database management systems
- Servers, switches, routers and other core computing hardware
These equipment audits are an enterprise best-practice as well as an essential preliminary step towards choosing a firewall for your small business network — they can help you distinguish between a manageable suite of software and hardware firewall types.
Keep in mind, software firewalls are built into individual devices and cannot integrate with other operating systems or OEM applications — this means each device must be configured and updated manually. Likewise, the growing reality of an omnipresent Internet of Things (IoT) presses organizations to get serious about wireless internet access controls in its devices as well as its wireless access points (WAPs), both of which a firewall can mitigate.
3. Do You Plan to Scale?
Even if you have a limited IT ecosystem right now, you should consider whether you plan to grow as a business. If you plan to add several more devices, then you’ll likely want a centralized solution in a hardware firewall.
Most software firewalls are not universally compatible with operating systems and manufactured devices, like Mac, Windows, Android, iOS and Chrome OS. In other words, every device, program and operating system contain its own isolated software firewalls, meaning you must individually program, configure and manage all the firewalls on all your devices. If your office will soon or eventually have dozens — if not hundreds or thousands — of such technology, software firewalls can easily become time-consuming and cumbersome.
However, that doesn’t mean you shouldn’t use any software firewall solutions. There are still advantages to software firewalls, but you’ll likely want to also depend on a hardware firewall that will automatically protect new devices on the network.
4. Do You Have Remote or Telecommuting Employees?
In 2016, 43 percent of employees worked remotely in some capacity, and that percentage has likely increased over the last few years. Some employees today work solely from home, while others may telecommute as needed.
Even infrequent work-from-home policies require employers to set up the right infrastructure to support safe remote connections. One simple solution is software firewalls, but there are also ways to tie in your remote workers’ firewall protection with your workplace’s firewall.
Remote users are trafficked through your business’s VPN tunnel. Robust VPNs with fully integrated firewalls manage remote authorization, reviewing the original, out-of-network data packets for approved patterns of sources, then re-encrypting them safely back through your tunneled VPN traffic gateway.
If VPN security is a top priority for your business, consider a primary or even secondary hardware firewall type with VPN gateways built into its architecture to save time and money setting up this aspect of your organization’s network.
5. Can You Stop Distributed Attacks?
Reported distributed denial of service (DDoS) attacks increased by 200 percent in Q1 of 2019 alone. What’s more, DDoS attacks bombarding servers at rates over 100 GB per second increased a whopping 967 percent in the same year, with few signs of slowing down.
Due to this alarming traction, more attention is being pivoted onto firewalls with dedicated architecture against DDoS threats. Specifically, firewalls with advanced firewall monitoring features integrated into the routers can give you advanced alerts when servers first appear to be unexpectedly overwhelmed — the tell-tale sign of DDoS — then trigger appropriate mitigation steps.
6. Do You Want Firewall Alerts?
Real-time alerts identify when your firewall prevented malicious traffic — but also if an attack is currently underway. Preemptive detection assistance like this is routed immediately to network administrators and any other approved user.
With the real-time alert, you can swing into action, opening firewall and router activity history to identify the method of attack on your network then launch a quick, targeted response. Since firewalls are often one of the first layers recognizing any suspicious traffic, it makes sense to pick a firewall type with advance attack alert functions like this for the speediest-possible mitigation turnaround.
7. Will You Need Ongoing Support?
Even the savviest, most advanced internal IT personnel benefit from technical support provided by firewall OEMs.
Before picking the right network firewall, inquire about ongoing assistance from the manufacturer — ask:
- Does their assistance go beyond initial set up or network integration?
- What about ongoing configurations and firewall updates, particularly for software firewalls, which, in many cases, must be individually managed?
- Will you have a go-to support specialist you can contact for miscellaneous questions and case concerns?
All these customer support perks can make a huge difference in the lifespan and functionality of your firewall decision.
8. Is Your Bandwidth at Capacity?
Software firewalls — as well as more advanced firewall types, such as stateful and proxy firewalls — can cause choke points in your network. These chokepoints are directly responsible for slow internet upload and download speeds, transaction lags and even server unreliability during important work activities and transactions.
These bandwidth lags are further complicated when running too many devices in the office, or if you’re not using the bandwidth system requirements recommended by your firewall manufacturer. Therefore, if your bandwidth can’t afford any more drain or if speed is important for your business, you’ll want to choose an option that won’t slow down your system.
9. How Much Access Should People Get?
Consider your network’s actual users — namely, your employees and your customers across client-facing portals or applications.
Firewalls with more granular access controls and authentication rules may be attractive here. The ability to tailor specific access boundaries through your firewalls ensures only the right people can find and use the right work applications at the right time, in the right locations.
In some cases, firewalls can even create access rules where users can interact with certain parts of an application but not the whole, creating logical case-by-case security and more administrative peace of mind.
10. What Does Your Budget Allow?
Finally, you’ll want to consider the cost. The most affordable option for individual users is a software firewall, but a hardware solution tends to be more cost-effective, as long as you have more than a few devices on your network.
Keep in mind that equipping your business with the right firewall is an investment that can easily save you significant amounts of money if it prevents expensive data breaches. In this way, a firewall can pay for itself, so it’s shortsighted to settle for sub-par protection for the sake of your budget.
If your budgetary restrictions are an obstacle to investing in the right firewall solution, you may want to consider choosing a firewall-as-a-service option. As with other software-as-a-service models, you’ll pay a subscription fee for as long as you use the service rather than incurring a large upfront cost.
Boost Your Network Security With Morefield Communications
Firewalls aren’t a bullet-proof solution to every digital security threat that, once installed, makes your network impenetrable.
They’re pretty close, though — especially when your organization vets and selects the right firewall type for your current network defense needs. With these tips for picking the right network firewall, you’ll be able to find the perfect fit for your business.
Contact Morefield Communications to learn what those network defenses are for you. We tailor cost-competitive cybersecurity suites with software and hardware recommendations specifically for our clients, including some of today’s most robust next-generation firewalls.