Firewalls are crucial for protecting networks and data from threats, both internal and external. They are the virtual walls that separate networks from the internet; they filter traffic, restrict access to internal networks, and prevent threats such as denial-of-service (DoS) attacks. Without an effective firewall in place, a network could be susceptible to breaches and other malicious threats that could end up costing your business not only a lot of money, but customers as well.
So, it’s important to do your homework when choosing a firewall. Consider the following questions when choosing a firewall in order to pick the network security solution that best meets your needs.
Does it provide DoS/DDoS protection?
Google “DDoS attacks” and you might be surprised by not only by how often they occur, but also what types of organizations have been hit hard by these attacks in recent years. A DDoS attack on DNS provider Dyn in October knocked many major websites offline for hours.
Attackers are increasing the amount of malware that they attach to botnets, making their attacks significant and more potent. DDoS attacks can be launched with no warning, leaving IT pros unaware of attacks until there’s a sudden reduction in bandwidth and performance. By then, the damage is already done.
The good news is that firewalls can help identify and stop DDoS attacks at their most basic level. If you pair them with other services such as an intrusion detection system, you’ll have a more advanced solution for fending off potentially malicious traffic. With that in mind, it’s important to choose a firewall that has DDoS detection and mitigation functionality.
Does the firewall send attack alerts?
While you rely on firewalls to prevent attacks, it’s equally important they help you know when attacks occur or are in progress. So, consider firewall solutions that can send alerts to administrators when major attacks happen.
Alerts serve as reminders to check firewall and router logs, a routine that can help determine the method of an attack. With that knowledge and the right firewall in place, you can quickly mitigate an attack before it leads to downtime and loss of revenue.
Do you need alternative ports for critical services?
Hackers use ports to spread their mayhem, which is a problem considering most services have standard ports. If there are critical services that you especially want to protect from an attack, you can you use alternative ports, also known as masquerade ports. How do they work?
Remote Desktop Protocol (port 3389) is a commonly used port, which attackers frequently target in an attempt to attack a network. To prevent hackers from exploiting this port, you could change the RDP port that the firewall makes available to the end user, and configure the firewall to translate that port to the standard RDP port. This process is called port forwarding.
Do you need remote access?
Working remote is all the rage these days, especially within the IT sector. However, allowing employees to remotely access your company’s network presents security risks. That’s why it’s crucial to use solutions such as a virtual private network (VPN). Firewalls can handle many of the mundane, day-to-day tasks associated with VPNs, such authorization and support.
While you can purchase a secondary system or VPN solution, a hardware firewall solution that integrates VPNs within its architecture will likely be more cost efficient.
How strong is the vendor’s customer support?
It’s important that you have proper support when it comes to your firewall. Improper firewall configuration and setup can lead to major issues. If you have a question or are unsure about something in regard to your firewall, there needs to be an easy way to contact the vendor. A strong vendor provides the necessary support and resources to help ensure the security of your network.
Firewalls are a crucial part of network topologies and network protection. So take the time to diligently research your options, ask the right questions, and identify the solution that best fits your network infrastructure and security needs.