Business-Class Firewall Security

We are often asked “Why does my business need a business-class firewall? Won’t the firewall I bought at the electronics store work for me?” Sadly, in most cases the consumer-grade firewall lacks the kinds of security measures that business-class devices offer – unknowingly …

First, a little back ground… Every website page, most email messages and other internet traffic are actually a combination of requests to send and receive information of some sort. For example when your Outlook grabs your email, a request is sent to your mail server and then your email is sent back. When you go to your favorite webpage, your Internet Explorer sends a request to a web server and the page with all the graphics is sent back.

This system works great until someone with malicious intent and a little technical knowledge uses it to their advantage. These mal-intents know that they can get a user to click a link because “their IRS tax return has been rejected”, “their bank account has gone into overdraft” or “their Facebook page has been hacked”. When someone clicks one of these links, the request is made and whatever these people want to install on your computer is now “authorized” and sent to your computer.

Think of a firewall as the screening agent for your internet traffic in and out of your network much like the TSA screens your luggage before boarding a plane and international customs interviews and inspects your luggage before entering your destination country. It’s not always enough to say “Who are you?” – the actual baggage needs to be X-rayed and inspected first. The passenger needs a pat down to be more secure.

A consumer-grade firewall is designed to provide basic protection against an outside attack, one way, from the outside but does not provide any protection against an attack from inside your network. When a user clicks that “bad link”, the consumer-class firewall allows this to happen because the user requested that information. These mal-intents also know and continue to learn how to get around the basic security measures that these low cost devices provide because these devices never change and never learn any new security tricks.

With a business-class firewall, this is less likely to happen since every piece of information (sending and receiving) is inspected and blocked if appropriate. This major difference of technology is called Deep Packet Inspection. Also, the device is re-trained on a regular basis with the newest of threats by a secure central server that is constantly surveying the internet for newest and latest internet vulnerabilities. If one of your machines does happen to get infected, it is less likely to send out your business information because the traffic going out to the internet is inspected as well.

Also, with business-class devices you get other types of protections and features:

• Comprehensive Security for Anti-Spam, Anti-Virus, Anti-Spyware, Intrusion Prevention
• Content filtering that prevents access to sites and services that you may not want viewed in the workplace such as adult-oriented content.
• Application level filtering that blocks certain kinds of traffic such as file copying or internet messaging services.
• Ability to prioritize certain kinds of internet traffic (such as VOIP telephones) or reduce the speed for less-business related content like music streaming.
• Wireless Zone Security that is also inspected and separated from your devices plugged into your network.
• Wireless Guest Services that provide special network access for your visiting guests that blocks access to your internal information.
• Secure remote access and VPN features
• PCI Compliance if your business handles credit cards
• Cellular 3G data network failover in case your primary provider goes down

You may be asking, “What should I expect to pay for a firewall for my business?” The pricing will vary depending upon how many users and what specific features apply to your business security needs, but start at less than $500 fully configured and installed plus a small annual fee for the Anti-Spam/Virus/Spyware filtering services.

CAP5 is a SonicWall Medallion Partner and is fully qualified to review your network security needs. Call CAP5 today with any questions you may have regarding your business network security. Mention this article for a FREE business security assessment.