1

The

ULTIMATEGUIDEto Buying a

Firewall

2

For many businesses, the prospect of purchasing a firewall may

seem like a pointless exercise. Smaller companies often believe

they are an unlikely target for hackers and malicious software

due to their size, while large corporations can assume they are

already protected. Both of these assumptions are, of course,

incorrect.

If you’re looking to replace an existing network firewall, you’ll need to

consider whether the aim is to consolidate everything into a unified

solution or add next-generation features before making your purchase.

There are lots of other considerations too.

In this guide, we’ll take a closer look at firewalls, answering any questions

you may have about this important purchase.

Part 1:

Introduction

Image:Cisco ASA 5505 Security Appliance

3

WHAT IS A FIREWALL? Let’s start with the basics. A firewall is a software or hardware

device that checks information coming from the internet or through

a network and either blocks it or allows it to pass through to a

computer.

Depending on its settings, a firewall can help to prevent hackers or

malicious software from gaining access to a computer through a

network.

On top of this, a firewall can also help to stop a computer from

sending malicious software to other computers. When choosing your

next firewall, there are several important factors to consider. We

have outlined these below in more detail.

Firewall or Anti-Virus?

It is important for businesses to be

aware that a firewall is not the same

thing as an antivirus program.

So, in order to protect a computer, it is

necessary to have both a firewall and an

antivirus and anti-malware program.

Part 2:

Firewall Basics

Image: HPHP TippingPoint S1050F Next Generation Firewall

4

PERFORMANCE

One of the first points of comparison for businesses of all sizes

when it comes to choosing a firewall, or any other piece of IT

equipment for that matter, is performance. Whether you are

a smaller company looking for a unified solution, or a large

corporation on the search for the most innovative firewall features,

you need to ensure the solution you pick will deliver exactly what

you need.

Very often, vendors offer sizing guidelines that provide a much-

needed helping hand during the selection process. However, it is

always recommended that you also think about your individual

infrastructure, rather than comparing yourself to another

enterprise. To do this, take some time to see how your users work,

their typical usage patterns, which applications they use and the

servers you need to protect. Also, consider the specific features of a

firewall that you are likely to have switched on on a daily basis.

Try not to depend too heavily on any kind of online sizing tool,

as this can create confusion. One vendor may say you require 1

Mbps while the next says you require somewhere over 20 Mbps, so

ensure you do your own research instead. Choosing the wrong size

can lead to performance problems further down the line, whereas

oversizing may stretch your budget more than you need to.

The performance of a firewall is also influenced by the architecture

utilised in any hardware appliance, and how the software and

hardware work together. While an appliance with application-

specific integrated circuit (ASICs) chips can produce good

throughput results for a specific purpose, it places limits on

the potential for upgradeability and can sometimes require the

appliance to be connected in a particular way. It is also worth noting

that performance numbers for ASICs hardware differ greatly from

virtual installations from the same vendor.

Part 3:

Digging Deeper

Image: Juniper SRX300 Series Firewall

5

Tests performed by a third party give a more accurate picture of

the actual throughput you could see in your working environment.

However, it is best to be aware that there are a number of factors

that could influence test results.

These include:

The architecture used in the hardware

The number of ports on an appliance

The type of traffic measured - is it bi-directional or

uni-directional?

How comparable the tests are (ie. proxy-based antivirus

vs. flow-based)

DEPLOYMENT OPTIONS

Many vendors offer value in the shape of deployment flexibility

such as software, hardware, virtual environment or cloud-

based. If you were to choose a software and virtual installation,

it is important to check if it will run on any dedicated Intel X86-

compatible hardware, or if it requires purpose-built hardware

components. Generally, you will enjoy greater flexibility with

standard hardware, which can then be easily upgraded.

Also, depending on the architecture used by a vendor, you may

see considerable contrasts in performance between the firewall

appliance a vendor offers and a virtual installation from the same

vendor on standard hardware. On the other hand, you may choose

to deploy your network security in the cloud, which can be done

using Amazon Web Services or a data center of your choice.

Not all vendors offer deployment options, and therefore it is

essential to check before you make your purchase.

6

EASE OF USE If you have grown accustomed to configuring your firewall using a

command line interface, a security gateway product with a simple

looking GUI could be an attractive option in terms of usability. In

the past few years, network security has come on leaps and bounds,

and vendors are increasingly learning that those products that are

easier to use are also likely to be the most effective. While advanced

features may seem like an attractive prospect, they are of little value

if they are too complicated to actually use.

The user interface of any firewall solution will need clearly defined

workflows to avoid you having to repeat configuration steps for

different modules of the product. Also, with today’s distributed

workforces, the requirement to do any installation on the end

user clients is not a feasible prospect for many organisations. For

example, a firewall offering full transparent mode without having to

configure proxies or set up NAT rules can save any IT administrator a

lot of time.

In the same vein, setup for users in the office should be equally

simple for any staff you have working remotely. Web filtering

rules, for example, need to protect users outside the realms of the

corporate network. In order to support the different devices your

users have, authentication should provide the best, most seamless

user experience.

It is important to consider:

How quickly you get to the information you need to

troubleshoot user problems, for instance, on blocked websites

How easy it is to update the solution

How long it takes to do the most common tasks, such as create

web filtering policies

Whether the dashboard view can be tailored to suit your own

preferences

7

SECURITY FEATURES If you are looking to consolidate your existing infrastructure into

one single solution, it is likely you will be looking for something with

similar features to those you are used to. If you are considering a

unified threat management (UTM) solution for the protection of

emails, do not forfeit additional benefits such as email encryption,

anti-spam and data loss prevention.

If a vendor you have been looking at does not offer comparable

features to your email gateway, then it may not be worth considering

them at all - and the same applies to web protection. A unified

solution should offer equivalent features to a web security gateway.

Even if you don’t use every feature your chosen security product

offers, you still have the functionality you require to support and

enable your business operations.

Should you be looking to replace a retired product - such as Microsoft

Forefront Threat Management Gateway (TMG) - you can find a UTM

with superior features to your end-of-life solution. If your TMG

replacement can also provide network, web and email protection,

you can save money and administrative effort. While the majority of

vendors can offer almost all of the features, they can often only do so

with multiple appliances or security solutions. Also, many vendors do

not offer the full breadth of features on all appliances.

Therefore, for smaller businesses with a limited number of users, it

is best to purchase a solution that isn’t over-dimensioned for your

purpose just to get the features you require.

Part 4:

Security, Protection & Reporting

Image:Watchguard XTM 8 Series Firewall

8

PROTECTION When selecting your firewall solution, you need to look at the quality

of protection. Third-party endorsements can provide a great idea of

which vendors provide the best protection from various threats.

REPORTING Reporting offers visibility into what is happening within your network,

which allows you to make informed decisions to support your

business. In cases where a large amount of bandwidth is being used

by one specific application, it could slow down other operations.

However, with accurate reporting in place, you are provided with

visibility into any infections on your system.

It is important to have real-time data to make ad-hoc decisions,

and to ensure you are providing the quality of service your users

need. Reporting on web usage in real-time allows you to change

your solution dynamically, removing bottlenecks caused by

particular usage patterns. You can also free up resources for certain

departments in the event that certain peaks are expected. Solutions

that only offer reports in set intervals are not adequate for some

organisations, so this is worth keeping in mind. On top of this,

businesses may also want to access historical data to make more

informed decisions about the optimal setup, or to analyse particular

incidents.

Any reporting module should be adaptable to your needs, and

give you the data you want at a time that is convenient for you.

Consolidated reports, which span multiple features, can be beneficial

in some instances. Not all cyber attacks are necessarily just from

one designated source, so having a single view - for example for

command and control - can allow you to eradicate any problems

quickly.

If you are worried about the effect that reporting can have on your

business performance, consider a solution with an integrated solid-

state drive, rather than a conventional spinning disk. Having no

moving parts not only makes them robust, but also faster and with

minimum impact on your solution performance, even for complex

reporting.

9

EVALUATING SECURITY CAPABILITIES In this section of the buying guide, we will look in depth at the

different security features available. Here, you can gain a better

picture of the capabilities that are important to you.

Network protection

Your network security product should provide a solid security

foundation, even before the addition of network protection

subscriptions.

At the most basic level, it should offer the following:

IPS

Static routing

DNS proxy services

DHCP server options

NTP functionality

Stateful firewall

Network address translation

Basic remote access VPN

Local user authentication

Local logging and daily reports

Basic management functionality

Part 5:

Evaluating Security Capabilities

Image:Barracuda NG Firewall F300

10

Web protection

It is likely that you will need web protection that allows you to apply

terms and conditions to the manner in which users spend their time

online. Web protection also stops spyware and viruses before they

can enter the network.

Detailed reports will show you how effective your policy is, allowing

you to make adjustments as necessary.

The following features are recommended:

URL filtering - controls employee web usage to keep

inappropriate content off the network

Spyware protection - prevents malicious software from

downloading onto computers within the network, consuming

bandwidth and sending sensitive data out of the network

Antivirus scanning - scans content before it enters the

network to prevent viruses

HTTPS scanning - provides visibility to how employees are

using the web, and controls which applications they can use

Interactive web reporting - provides flexible reporting

capabilities to allow administrators to build their own reports

11

Email protection

The protection of emails against spam and viruses is one that is

particularly important. Unfortunately, this type of security threat

continues to evolve, making email protection an ongoing issue.

Businesses require email protection to ensure that common

problems like spam and the leaking of confidential information do

not affect the business.

Capabilities to look for include:

Anti-spam - stops spam and other unwanted emails from being

delivered to inboxes within the network

Antivirus scanning - scans for malicious content at the

gateway to stop viruses and other malware from infecting

computers

Email encryption - renders email illegal to prevent spies

and other unintended incidents from obtaining confidential

information

Data Loss Prevention - prevents sensitive data from being sent

by email, whether intentionally or not

User portal - gives employees control over their email,

including spam quarantine and message activity

12

Webserver protection

Webserver protection stops cyber criminals from stealing information

such as credit card details and personal health data. Having this

should help businesses to achieve regulatory compliance when a web

application firewall is required.

A web application firewall scans activity and identifies attempts to

exploit web applications to prevent network probes and attacks.

Capabilities to look for include:

Form hardening - inspects and validates information

submitted by visitors through website forms. It prevents invalid

data from damaging your server as it is processed

Reverse proxy authentication - provides exploit free

authentication for users by integrating with backend DMZ

services

Antivirus scanning - scans and blocks harmful content at the

gateway to stop viruses from infecting computers

URL hardening - prevents your website visitors from accessing

content they are not allowed to see

Cookie protection - protects from tampering the cookies given

to website visitors

13

Wireless protection

Wireless networks need the same security policies and protection

as the main corporate network. They can be operated by network

administrators as two separate networks. Wireless protection from

your network security vendor should alleviate the issue of enforcing

consistent security policies across your organisation. For this reason,

make sure your wireless protection extends your network security

features to your wireless networks. This solution should provide a

way for you to centrally manage the wireless network.

Capabilities to look for include:

Plug-and-play deployment - provides fast and simple setup

Central management - simplifies management of the

wireless network by centralising configuration, logging and

troubleshooting within a single console

Integrated security - provides instant protection to all wireless

clients

WPA/WPA 2 encryption options - enterprise-level encryption

that prevents data loss and theft by rendering data illegible to

unauthorised recipients

Guest internet access - protects wireless zones, each with

different authentication and privacy settings. Enables and

supports wireless hotspots

Detailed reporting - provides information about connected

wireless clients and network usage

14

Endpoint protection

In order to ensure your network stays secure, there needs to be

some endpoint protection in place to check connecting devices

for current updates and security policies. This protection needs to

protect company-owned devices on and off the network.

You can reduce management effort, and also save money, by

integrating your endpoints directly into your network security

appliance. This will also help to achieve regulatory compliance when

different antivirus engines are running at the gateway and on the

endpoint.

Capabilities to look for include:

Ease of deployment - gives the organisation the ability to

easily deploy and manage endpoint clients to prevent malware

and data loss

Antivirus scanning - scans the endpoint for viruses and other

malware

Device control - Allows the organisation to prevent the use of

modems, Bluetooth, USB ports, CD/DVD drives, etc.

Real-time reporting - provides visibility into endpoints with

up-to-date statistics

Support for remote workers - provides the same protection

for workers whether on or off the corporate network

15

CONCLUSIONThe decision to purchase a new firewall is a big one, and should not be

treated lightly. There is an awful lot to consider, but it is vital that you

also think about your future business needs, as well as those in the

here and now.

At King of Servers, we are always happy to help, and will gladly provide

support and advice at every stage during the purchase process. So

whether you are currently in research mode, or looking to buy a product,

get in touch with us to discuss your options.

Contact us by calling

0845 611 8696

or visit our website where you can fill out an online enquiry form, or use

the Live Chat function

www.kingofservers.com

16

Contact Details:

www.kingofservers.com

info@kingofservers.com

0845 611 8696

Social Media: