- Acronis
- Aruba Networks
- Assuria
- Boldon James
- C2C
- Celestix
- Check Point
- Credant
- Cryptocard
- DESlock
- Exinda
- Extricom WLAN
- ForeScout NAC & IPS
- Imprivata SSO
- InfoGov
- IronKey
- Juniper Networks
- Loglogic
- Lumension
- McAfee
- Mimecast
- Netasq EAL4
- Palo Alto Networks
- Safend
- SecurEnvoy
- Sourcefire
- Stonesoft
- Swivel
- Symantec
- Titus Labs
- Trend Micro
- Vasco
- Verity Systems CESG Degausser
- Wallix
- Watchguard
- 1st Responder Services
- Business Support
- Database Security
- Forensics
- Information Systems Security Assessment
- ISO27001 GAP Analysis
- IT Security Awareness
- IT Security Consultancy
- IT Security Standards Compliance Assessment Service
- Penetration Testing
- Physical Security
- Service Management
- Social Engineering
- Wireless Security
- Web Application Test
Firewalls
Firewalls are usually seen as a requirement if you are going to attach your network to other networks, especially the Internet. Unfortunately, some network administrators and managers do not understand the strengths a firewall can offer, resulting in poor product choice, deployment, configuration and management. Like any security technology, firewalls are only effective if the implementation is done properly and there is proper maintenance and response to security events.
We often come across customers that just want to buy a hardware firewall and not the support license that comes with it. Firewalls need updates to protect themselves against new vulnerabilities much in the same way that Antivirus and Operating systems need updates.
Additionally, with the proper deployment of firewalls other security strategies are often much easier to integrate, such as VPNs and IDS systems.
Perimeter Defense
One of firewalls' weaknesses is also one of their strengths. Firewalls are typically deployed as a perimeter defense, usually intersecting network links that connect your network to others. If the firewall is properly deployed on all paths into your network, you can control what enters and leaves your network.
Of course, as with any form of perimeter defense, if an attack is launched from inside, firewalls are not too effective. However, this deployment on your network perimeter allows you to prevent certain kinds of data from entering your network, such as scans and probes, or even malicious attacks against services you run.
What we'll need to know in order to help select a Firewall for you?
- How many internet connections do you have and what type of connection types (e.g. ADSL, SDSL etc)
- Do you have a router before the firewall that converts the ISP connection to an RJ45 format? (Some SMB firewalls have integrated ADSL modems if this was needed).
- Do you require any wireless connectivity or is wired acceptable?
- What firewall are you currently using?
- Do you currently sit any internet facing hardware in a DMZ on the existing firewall and is the DMZ ability important to the requirement?
- Do you have any additional sites that may need connectivity? If so what firewalls are used at those sites as some firewalls are registered in VPNC and are certified to show they can connect together.
- How many people are likely to be using the firewall for remote access?
- Who will be managing the firewall and have they had much experience with security appliances in the past?
- Do you require any high availability options or do you have any plans to cluster firewalls?
- Do you require any UTM style functionality such as gateway AV, web filtering or email protection from your firewall? If so which?
- Do you require your firewall to act as a proxy?
Castleforce Firewall Partners
At Castleforce we are partnered with several leading firewall vendors and we can provide pre and post technical assistance with all the products listed.
Stonesoft specialise in High Availability Security Appliances including Firewalls, IDS/IPS and SSL VPN in both hardware and virtual appliances. EAL4 Certified firewalls.
NETASQ is best known for designing and building the NETASQ EAL4 certified UTM Firewalls. Key features include intrusion prevention, firewall, antivirus, antispyware, antispam, content filtering, VPN and SSL-VPN access. EAL4 Certified on all Netasq firewalls.
Networking and security solutions from Juniper Networks helps consolidate network security issues for small, medium and large enterprises. EAL4 Certified firewalls.
Check Point is a leader in network security software, firewall solutions, VPN solutions, endpoint security, network protection, security management, data protection and Pointsec data encryption technologies. Check Point provides leading enterprise, small business and consumer network security solutions. R65 ends EAL4 certification on 31/03/2011 R70 going through certification and should be passed in November 2011.
Palo Alto Networks’ next-generation firewalls provide network security by enabling enterprises to see and control applications, users, and content – not just ports, IP addresses, and packets – using three unique identification technologies: App-ID, User-ID, and Content-ID. These identification technologies, found in Palo Alto Networks' enterprise firewalls, enable enterprises to create business-relevant security policies – safely enabling organizations to adopt new applications, instead of the traditional “all-or-nothing” approach offered by traditional port-blocking firewalls used in many security infrastructures.
SonicWALL provides firewall products with unified threat management services such as network anti-virus, anti-spyware, virtual private networking (VPN), content filtering and other security services. EAL4 Certified firewalls.
The XTM family of network security appliances is a new class of performance-driven solutions. Blazing fast throughput combines with advanced networking features to handle high-volume traffic securely - and at an affordable price. Includes a suite of flexible management tools that allows IT administrators to manage security through an intuitive centralized console, command line interface, and web UI.
The MSA security appliance from Celestix is specifically designed for network security, running a hardened version of Microsoft ISA Server 2006.
Firewall Connections
Hardware firewalls tend to have a number of interfaces and these are typically for
- External WAN connection
- Failover WAN Connection
- Internal LAN Connection
- High Availability Connection to another Firewall
- DMZ Connection
Some firewalls allow muliple roles for interfaces where are others limit to a specific job function. So if you believe you will require more than one or two external WAN connections it is worth checking to see if the firewall can allow this.
WAN Connectivity
It is important that your Perimter firewall has good external WAN connectivity. Most firewalls will allow two external WAN connections to be added to the firewall. Some firewalls such as Stonesoft allow many external WAN connections and these can be load balanced to help with business continuity.
Firewall Failover
As Firewalls tend to be the main protection point between the Internet and the company network it would seem appropriate to have some form of failover - just in case there were a problem with the first firewall.
How long could your business suvive without Internet connectivity?
If your firewall were to fail it means that a replacement would have to be added very quickly to reduce down time and for this reason many organisations choose to have failover hardware.
Virtual Private Network Consortium (VPNC)
Better known as VPNC. VPNC is the international trade association for manufacturers in the VPN market.
VPNC issues logos for interoperability to VPNC member products which have successfully completed the testing.
Check Point, Stonesoft, Sonicwall and Secure Computing all reach the VPNC Certified list for Firewalls.
© Copyright Castleforce 2007-2012. Web design by Theme Group