Archives ||  About Us ||  Advertise ||  Feedback ||  Subscribe-
-
-
  -  
 
 Home > Buying Tips - Firewalls
 Print Friendly Page ||  Email this story
Defenseless without a firewall

Firewalls can protect your network against unauthorized access and intruders. Here are some guidelines for buying a firewall for your organization. by Mahesh Rathod

As enterprises expand its mission-critical networks with newer applications, many have begun to view network security technologies as the key to prevent intrusion and exposure of critical data. Without protection, companies can experience security breaches resulting in serious damages. The security system that all enterprises should seek to implement in such a situation is a firewall. Firewalls are certainly becoming a critical part of any secure network.

Roles that a firewall plays

A firewall can be a piece of hardware or software. A network may use more than one type of firewall for extra security. Usually, a firewall protects the company's private network from the public or shared networks to which it is connected.

Firewalls monitor all connections between two networks, and determine which traffic should be allowed or disallowed based on the security policy implemented by the security administrator. A firewall may also screen internal traffic on a network, separating different departments or branches of a large company.

A firewall can be as simple as a router that filters packets or as complex as a multi-computer, multi-router solution that combines packet filtering and application-level proxy services. It works by analyzing each network access request against a list or database of approved source IP addresses and other parameters.

Hardware or software- based firewall?

Software-based firewalls run on top of general purpose OSs (Operating Systems) like Unix and Windows NT. Though software firewalls may be secure, the underlying security holes in the OS can give a hacker entry into a protected network.

Hardware-based firewalls are like appliances. They run on a closed and compact proprietary OS which has been written with security considerations in mind. Hardware firewalls are sturdier in their ability to support a larger number of connections simultaneously when compared to software firewalls. It has been observed that the number of attacks through software based firewalls are five times higher than those through hardware-based firewalls using

proprietary integrated software. However, they are more difficult to manage.

Firewall techniques

A firewall uses one or more of the following methods to control traffic flowing in and out of the network.

Packet filtering: These look at each packet entering or leaving the network and accept or reject it based on user-defined rules. In addition, it is susceptible to IP spoofing.

Application gateway: These apply security mechanisms to specific applications, like FTP and Telnet servers. This is effective, but can lead to performance degradation.

Circuit-level gateway: Here, a security mechanism is applied when a TCP or UDP connection is established. Once the connection has been made, packets can flow between the hosts without further checking.

Proxy server: A proxy intercepts all messages entering and leaving the network effectively hiding the true network addresses.

Features to look out for

Some of the features to look out for before buying a firewall are:

  • Good management features.
  • A well designed GUI to ease the administrative burden.
  • Remote-management capabilities.
  • Availability of training, support and documentation.
  • Scalability and availability of third-party complementary products.
  • Performance and stability.
  • Implementation and other costs.

Vendor offerings

Various vendors offer a whole suite of firewalls and security solutions. Here are some of them.

Computer Associates eTrust Firewall is an easy-to-manage security solution providing both perimeter and internal protection. The eTrust Firewall also has a unified console for enterprise-class manageability which makes it easy to deploy firewalls throughout the enterprise. The technology also provides organizations with the most intuitive firewall rule analyzer. Other features include packet inspection and support for all application protocols.

The Cisco Secure PIX Firewall is a dedicated firewall appliance in Cisco's firewall family. All four Cisco Secure PIX Firewall models have IPSEC encryption built-in, permitting both site-to-site and remote access VPN deployments. They operate on a hardened OS focused on protecting both the security of the device and the networks it protects.

NetScreen offers a line of firewall and VPN solutions. NetScreen's firewall uses technology based on stateful inspection, securing a network against intrusion and DoS (Denial of Service) attacks. NetScreen's custom-built GigaScreen ASIC processes firewall access policies and encryption algorithms in hardware providing significantly higher performance than software-only products.

Network Associates, McAfee Desktop Firewall 7.5 helps control outbreaks and attacks by letting you block vulnerable connections. It has central management, deployment, updates, and graphical reporting from a same ePolicy Orchestrator console as its anti-virus software. It protects remote and broadband users from attacks and infections on desktops or Windows servers. It also helps prevent use of vulnerable or unauthorized applications and connections.

Nortel Networks, Alteon Switched Firewall is a multi-component solution managed as a single system. The hardware is a combination of the Alteon Switched Firewall Accelerator and the Alteon Switched Firewall Director. The software is a combination of a specific Web OS called the Alteon Switched Firewall OS for the Alteon Switched Firewall Accelerator and FireWall-1 next generation security software from Check Point hosted by the Alteon Switched Firewall Director.

Novell, BorderManager 3.7 is an access and security solution that addresses internal and external security threats. This solution seamlessly works with Novell eDirectory letting it monitor, control and accelerate your users' Internet activities.

Stonesoft, StoneGate firewall is a software-based firewall and VPN solution with centralized management. The architecture is three-tiered, and consists of a management GUI, management server and the StoneGate firewall/VPN gateway. All connections between components are secured with SSL. Management server runs on Red Hat Linux, Solaris, and Windows 2000.

The Nokia Appliance firewall integrates Check Point Software Technologies' VPN-1/Firewall-1 and allows an organization to deploy a single solution for security and network access control. Nokia offers intrusion detection technology that minimizes online risks and provides network surveillance to identify, signal, and respond to suspicious activities.

Firewall prices

Company

Firewall Product

Indicative Pricing in Rupees

Computer Associates

eTrust Firewall

Rs. 2 Lakhs (Depending on Server Class)

Cisco Systems

Cisco PIX Firewall 505

Rs. 1,36,000 (For SOHO segment)

 

Cisco PIX Firewall 515

Rs. 1,75,000 (For SME segment)

 

Cisco PIX Firewall 525

Rs. 2,80,000 (For Enterprise segment)

 

Cisco PIX Firewall 535

Rs. 8,75,000 (For Service Providers)

Network Associates

McAfee Desktop Firewall 7.5

Rs. 3000 (Per Desktop)

NetScreen

NetScreen-5XP Elite

Rs. 1,04,650 (For Small Office)

 

NetScreen-50

Rs. 6,27,445 (For Medium Enterprises)

 

NetScreen-100a

Rs. 10,46,500 (For Large Enterprises)

Nortel Networks

Alteon Switched Firewall

Rs. 17,15,000 (For Service Providers)

Novell

BorderManager 3.7

Rs. 1840 (Per User)

Check Point Software

Firewall - 1

Rs. 1,50,000 (For 25 Nodes)

Nokia

Nokia Appliance (IP 120 )

Rs. 2,00,000

Sparr Electronics Limited

VisNetic Firewall Workstation

Rs. 3,650 (Single User)

 

VisNetic Firewall Server

Rs. 31,200 (Single User)

 

VisNetic Firewall Network

Rs. 36,400 (3 Users)

Stonesoft Corporation

StoneGate firewall gateway with VPN

Rs. 2,72,500 (For 50 Nodes)

 

StoneGate 2x firewall gateway with VPN

Rs. 5,45,000 (For 50 Nodes)

Mahesh Rathod can be reached at rathodmp@hotmail.com

 
     
- <Back to Top>-  

Copyright 2001: Indian Express Group (Mumbai, India). All rights reserved throughout the world. This entire site is compiled in Mumbai by The Business Publications Division of the Indian Express Group of Newspapers. Site managed by BPD