From Ryan Groom,
Your Guide to Business Security.
FREE Newsletter. Sign Up Now!

Introduction

Many non security pros have a hard time grasping the functions and variations of a firewalls. This misunderstanding is the foundation of many of the myths.

I Have a Firewall Thus I am Secure

When conducting security audits many companies feel they were secure because “they had a firewall.” For whatever reason they deduced that if they spent the money on a firewall, their network would be protected by their guardian. This leads to the thought pattern of “We have no security risks”.

Firewalls are important. However, they only protect the segment of the network on which they are located. Secondly, a firewall is only effective if configured properly. To many people the almighty firewall protects them from viruses, spam, and nasty hackers. This is of course untrue.

Firewall Protects Me from Viruses

A select number of SOHO firewalls have a virus scanner. Most enterprise grade firewalls do not have this option as they are designed to secure network traffic. Virus protection is offloaded to another device or system software.

Firewall Protects Me from Spam

As mentioned above, some SOHO or “all in one” network appliances that have firewall features may also have the added functionality of anti spam. By implementing a firewall, you will need to address the issues of spam as well.

Firewalls are Difficult to Configure

This is a loaded statement. Many SOHO firewalls, when installed, automatically allow no traffic from the Internet but allows all of your traffic out to the Internet. This is called the “deny all unless permitted” rule. Many firewalls now have a web interface to manage the network rules, and for the majority of IT admins this should be easy enough to configure. High end firewalls can be very complex to configure but most firewalls for many businesses can be easily administered.

A Firewall is a Firewall

There are many different varieties firewalls; free firewalls, desktop firewalls, software firewalls and hardware firewalls to name a few. There are various firewalls for different needs. Are you protecting a single computer, a whole company, a certain type of Internet application? You need to have the right firewall for the right application or you could be putting your organization at risk. Below is a quick summary of firewall types:

Free Firewall – Free comes in two flavours: free desktop firewall or a free software firewall. IPCop is good example of a free firewall.

Desktop Firewall – A software firewall installed on your desktop operating system to protect your personal computer. Windows Firewall as part of Windows XP SP2 is a desktop firewall.

Software Firewall – A software application installed on a server operating system to create a firewall system.

Hardware Firewall – A device with a proprietary or stripped down operating system optimized for high throughput network traffic.

For more information about firewall types, click here.

Hardware Firewalls are More Secure Than Software Firewalls

This is only true if the underlying operating system of the firewall is not hardened. Today’s modern operating systems (Mac OS X, Windows Server, Linux, UNIX, BSD) all can been hardened to a high degree.

Free Firewalls are No Good

Many times you get what you pay for, but thanks to the open source there are many free firewalls that can protect your organization. OpenBSD configured with firewalling can be very effective firewall. My favourite open source firewall IPCop is also a simple and effective firewall for many organizations.

Hackers Cannot See Me When I Have a Firewall

If your firewall is configured with DENY ALL, then a hacker will not see the hosts on your network. But if they find your email address, and send you a phishing email they still can still wreak havoc with you and your system if you act on the fake email.

Information about your organization can often be found on Google or by searching your public DNS records. Becareful not to leak information to the Internet.

If I Have a Corporate Firewall Then I Do Not Need a Desktop Firewall

Corporate firewalls keep the bad guys out of your network. But what if a bad guy is someone that works at your business? A desktop firewall is another layer of security and protects your computer. If for some reason a network replicating worm virus enters your computer network, a desktop firewall many times will stop your computer from being inflected.

I Do Not Need a Firewall

What! You don’t need a firewall! In my opinion you cannot have enough firewalls. I know my situation might be overkill as being a security professional many times you paint a bright red target on your back for hackers.

At my place of work I have a hardware firewall to filter the internet noise, a software firewall which does content inspection of the traffic plus publishes my email and web servers to the Internet. All the computers (Mac OS X, Linux and Windows) all have desktop firewalls for worst case scenarios.

BTW: At home my favorite still is IPCop to protect my home network.