Network Computing is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them. Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Enterprise Firewall Checklist

  • A firewall is an important part of any network security system, whether hardware or software based. It filters network traffic based on a set of rules in order to protect the network from malicious attacks. Today's rapidly evolving threat environment, however, requires that organizations move beyond the traditional model for firewalls and revisit perimeter security architecture.

    A growing number of threats stem from web-based applications and services that penetrate corporate networks. This means enterprises must consider these kinds of security threats, both known and unknown, when selecting an enterprise network security platform.

    Enterprises and service providers are deploying next-generation firewalls at an ever-increasing pace in order to control applications and block emerging threats. Next-generation firewalls have been designed with an enterprise focus, including advanced features like intrusion prevention, application-level inspection, and granular policy control.

    When it comes to selecting a firewall to secure an enterprise system, IT professionals struggle to truly integrate granular security functions without compromising the effectiveness and efficiency of the firewall. Continue on to learn about key features to look for when  choosing an enterprise firewall for the modern era.

  • Application visibility & control

    Applications today no longer adhere to standard ports and can hop to any port. As a result of this evolution, enterprise firewalls must be application aware, and should be able to monitor and classify traffic by application on all ports at all times, by default. This kind of firewall requires constant predictive knowledge to monitor traffic from Layers 2 through 7 and determine what type of traffic is being sent and received. The firewall should be capable of running all signatures on all ports, all the time. Image:Palo Alto Networks

  • Identification & control of evasive apps

    There will always be applications that are purposely made to evade the security policies within an organization. These can be external proxies, non-VPN related encrypted tunnels, or remote server/desktop management tools. The enterprise firewall needs to identify and control all of these applications and monitor them closely to prevent any attacks from hackers.

  • SSL decryption & Identification

    The increased adoption of HTTPS on heavily used websites such as Gmail and Facebook and the growing ability of users to force SSL have created a security hole for organizations that can't decrypt, classify control, or scan for SSL-encrypted traffic. An enterprise firewall must be flexible enough to identify SSL- encrypted traffic that can be bypassed and segregate that traffic from other types (e.g., SSL on nonstandard ports, or HTTPS from unclassified websites) that can be decrypted via policy. The firewall should have the ability to look for decryption of SSLs on any port, inbound or outbound; implement policy control over decryption; and have the necessary hardware and software elements to perform SSL decryption across tens of thousands of simultaneous SSL connections with predictable performance.

    An additional feature to consider is the ability to identify and control the use of SSH. Specifically, SSH control should include the ability to determine if it is being used for port forwarding (local, remote, or X11) or native use (SCP, SFTP, or shell access). Knowledge of how SSH is being used can then be translated into appropriate security policies. Image:Palo Alto Networks

  • Identity awareness

    The enterprise firewall should provide visibility and control over traffic, irrespective of the users location. It should have the ability to track the identity of the local traffic device and user, typically using existing enterprise authentication systems (i.e. Active Directory, or LDAP). This helps security professionals track what a specific user is allowed to send and receive, in addition to being able to control the type of traffic that is allowed to enter and exit the network. The enterprise firewall should provide granular visibility of users, groups and machines, as well as access control through the creation of identity-based policies.Image:Palo Alto Networks

  • Integrated IPS

    An intrusion prevention system (IPS) is a network security/threat prevention technology that examines network traffic flows to detect and prevent vulnerability exploits. The IPS often sits directly behind the firewall and provides a complementary layer of analysis that identifies dangerous content. Unlike its predecessor, the intrusion detection system (IDS), which passively scans traffic and reports back on threats, the IPS is placed inline (in the direct communication path between source and destination), actively analyzing and taking automated actions on all traffic flows that enter the network.

    Traditionally, IDS and IPS technologies have been deployed via a separate device. Next- generation firewalls, however, integrate the IPS or IDS with the firewall. An integrated IPS provides increased performance and accessibility of the information from all layers of traffic.

  • Application control with consistent performance

    It has been observed that enterprises struggle with lower throughput and performance when it comes to fine-tuning the security controls on their firewalls. Enterprise firewalls often need to perform computationally intensive tasks (e.g., application identification or threat prevention on all ports) on high-traffic volumes, and with the low tolerance for latency associated with critical infrastructure. For this reason, the enterprise firewall must have hardware designed for the task, dedicated specifically to processing for networking, security and content scanning.

  • Consistent operations in physical & virtual environments

    With the growth of virtualization and cloud computing, new security challenges such as inconsistent functionality, disparate management, and lack of integration points with the virtualization environment have emerged. In order to protect traffic flowing in and out of the data center, as well as within virtualized environments, an enterprise firewall must support the exact same functionality in both physical and virtualized form factors. It is imperative that the firewall provide in-depth integration with the virtualization environment to streamline application-centric policies as new virtual machines are created and destroyed. This will ensure operational flexibility while addressing risk and compliance requirements.

  • Total cost of ownership analysis

    Enterprise organizations need to know the total cost of ownership (TCO) of an enterprise firewall. Elements that can impact TCO include maintenance fees, installation charges, hardware, and technical support costs. To mitigate operational costs, some service providers offer advanced troubleshooting and analysis through their user interface, which often helps reduce issue resolution times from hours to minutes, saving your company time and money to get your enterprise firewall up and running. Further, ease of use tends to bring down anticipated training and administrative costs over time.