Building Block 2

Product Aplication
Boffins Building Blocks to a 21st Century Business – Block 2

If establishing a first class link into the Internet is the first block in building your 21st Century Business, then protecting your network with a suitable firewall is the second. The Internet provides the backbone that will connect your people to Customers, suppliers, managers and staff, in the office, on the road, at home, and abroad.

The Internet is a major resource for research, marketing, entertainment, and social networking. Whereas research and marketing are positive things for you business, the latter can be big time wasters for your staff. Unfortunately the Internet is also where all the bad guys hang out and you can be sure they will be trying to attack your private network and disrupt your business through that same connection!

We all know that a firewall is a must have, but there are many types offering varying degrees of protection, sometimes with an impact on cost and utility. What are the key features?

Network Address Translation and Port Blocking

Communication with other devices on the Internet requires that each end knows the address of the other. The first important feature of the firewall is to ‘hide’ your computers by presenting itself as the only end point in your organisation. In its simplest form this means that communication can only be initiated by computers within your network disallowing unsolicited communication from the outside. The firewall keeps track of each open channel in order to route the traffic correctly.

Some inbound communication is however necessary e.g. incoming email. The firewall will therefore open a port and forward incoming traffic to the appropriate point in your network e.g. port 25 to your email server. It will block everything else that is not specified in this way.

Stateful Inspection of IP Packets

Previously this was enough to protect your network and many suppliers still ship routers and firewalls like this. Unfortunately these will no longer provide sufficient protection for your network. You can now be vulnerable on communications initiated from within your network by worms and viruses (or even unsuspecting users) and through the inbound channels which allow outsiders to connect to email and web servers.

The better firewalls now inspect each packet to establish whether the data being sent is consistent with its expected use, is in order, and well formed. This allows malicious traffic to be detected and blocked

Outbound Connection Filtering

Not all traffic initiated from inside your network should be allowed. Broadband bandwidth and volumes are always limited and often charged by usage. Peer-to-peer networking, social networking, music and video streaming, all use enormous quantities of both as well as wasting staff time. Policy based rules can allow or block such traffic by type, source, and destination, or by time of day e.g. if you wanted to allow certain activity during lunch but not otherwise.

Protection from Denial of Service Attack

Your connected network is not only under attack from SPAM (see later) but also many other forms of Denial of Service attack. Flooding of unsolicited traffic, of any kind, can overwhelm a firewall and effectively stop your valid communications from getting through. A firewall needs to be able to detect and reject these attacks effectively. The report below is not untypical!

Perimeter Protection from Viruses and Spam

As the firewall is located at the perimeter of your private network it can be used to prevent unwanted viruses and unsolicited mail from entering your network at all. As the firewall inspects every packet that passes through it can compare these to known threats using signature files downloaded every few minutes, reducing the threat to your systems and reducing the workload on those systems and users. Some firewall vendors offer
this service.

Virtual Private Networking

Another form of allowed traffic will be incoming connections from the Customers, suppliers, and staff that you expressly want to allow. This is typically done using encrypted tunnels providing secure networking between authorised endpoints and your private network, thereby extending your network out onto the Internet in a safe and controlled way - a VPN.

Being at the perimeter it is useful for the firewall to provide this authentication and encryption service. Better still when it can refer to your own Active Directory of users for password and authentication detail.

VPN’s can also be permanently established between offices using multiple VPN capable firewalls to allow easy and secure voice and data communication.

Wireless Networking and Guest Access

Placing your wireless access through your firewall ensures that laptop and guest access to your private network is controlled and authenticated. Many company networks are unnecessarily exposed to hackers through unprotected access points. This is a common vulnerability that can be easily closed by utilising the security features of a firewall.

Quality of Service Traffic Shaping

Finally your 21st Century firewall will be asked to carry and forward data of several types and prioritise accordingly. Voice and video traffic, for example, is significantly degraded by delays in transmission and you may wish to throttle non time critical traffic such as email. It is essential, therefore that your chosen firewall supports Quality of Service.

Conclusion

A comprehensive firewall is a fundamental building block in the 21st Century Business. It must protect the business from Internet borne threats and attacks, prevent inappropriate use of the Internet and unauthorised wireless access to business data, whilst allowing appropriate and authenticated incoming connections for voice, email, key business applications, and data sharing.

Boffins recommends the Checkpoint Safe@Office range of firewalls: Checkpoint is the largest firewall vendor with the most experience. The devices pack all of the features discussed above that facilitate the building of your 21st Century business. These features can be included on installation or added as and when required. The devices are reliable, easy to configure, upgrade, maintain, and manage, and provide a wealth of logs and reports.

Links to previous articles:
21st Century Business
http://news.boffins.co.uk/product-information/21st-century-business/

Boffins Broadband
http://news.boffins.co.uk/product-information/boffins-broadband/