A firewall is a set of components that stands between your network and the Internet and acts as a gatekeeper, allowing in trusted friends and keeping out known or suspected enemies. A firewall can be a single device, such as a router, computer, or dedicated hardware appliance, which has software capable of making the decisions needed to monitor the flow of data to and from the corporate network and the outside world. A firewall also can be composed of more than one router, computer, or network appliance, each performing a specific function. For small offices/home offices (SOHO) ” especially those using a broadband, always-on connection ”a simple firewall appliance that you can purchase at the local computer store might be all you need. Just about every device that is called a broadband router/switch supports such basic functions as Network Address Translation (NAT), which is covered in this chapter. These inexpensive router/switches do provide some measure of security, but they do not prevent attacks that originate from emails or other locally executed viruses or exploits, especially prevalent in the Windows environment. If you are a home user with a broadband connection, you should install some kind of network appliance between your cable or DSL modem and your computer. Even so, the best protection for SOHO networks is to disconnect your network from your broadband connection when you are not using it. Additionally, as with every computer connected to the Internet, you should be using an antivirus software package on a regular basis, and using the service offered by the manufacturer to keep the virus database up-to-date.
Several kinds of firewall technologies are used, and they generally can be classified into the following categories:
Although many vendors offer firewall products (implemented in both hardware and software products), the technology used is so diverse that it's difficult to make direct comparisons between products. The best you can do is carefully review each product and ask a lot of questions before deciding whether it will offer the protection you need for your network. Also remember that even though new security holes are always popping up for firewall products, networks, and computer operating systems (OSs), many times a security breach occurs simply because a particular router or computer is not properly configured from a security standpoint. This chapter covers the basic concepts used for firewall technology. However, as this field continues to adapt and grow, you should be careful when choosing a solution for your network. Evaluate products from many vendors before making a purchase.
|