|
Firewalls
can protect your network against unauthorized access
and intruders. Here are some guidelines for buying a
firewall for your organization. by Mahesh Rathod
As
enterprises expand its mission-critical networks with
newer applications, many have begun to view network
security technologies as the key to prevent intrusion
and exposure of critical data. Without protection, companies
can experience security breaches resulting in serious
damages. The security system that all enterprises should
seek to implement in such a situation is a firewall.
Firewalls are certainly becoming a critical part of
any secure network.
Roles that a firewall plays
A firewall can be a piece of hardware or software. A
network may use more than one type of firewall for extra
security. Usually, a firewall protects the company's
private network from the public or shared networks to
which it is connected.
Firewalls monitor all connections between two networks,
and determine which traffic should be allowed or disallowed
based on the security policy implemented by the security
administrator. A firewall may also screen internal traffic
on a network, separating different departments or branches
of a large company.
A firewall can be as simple as a router that filters
packets or as complex as a multi-computer, multi-router
solution that combines packet filtering and application-level
proxy services. It works by analyzing each network access
request against a list or database of approved source
IP addresses and other parameters.
Hardware or software- based firewall?
Software-based firewalls run on top of general purpose
OSs (Operating Systems) like Unix and Windows NT. Though
software firewalls
may be secure, the underlying
security holes in the OS can give a hacker entry into
a protected network.
Hardware-based firewalls are like appliances. They run
on a closed and compact proprietary OS which has been
written with security considerations in mind. Hardware
firewalls are sturdier in their ability to support a
larger number of connections simultaneously when compared
to software firewalls. It has been observed that the
number of attacks through software based firewalls are
five times higher than those through hardware-based
firewalls using
proprietary integrated software. However, they are more
difficult to
manage.
Firewall techniques
A firewall uses one or more of the following methods
to control traffic flowing in and out of the network.
Packet filtering: These look at each packet entering
or leaving the network and accept or reject it based
on user-defined rules. In addition, it is susceptible
to IP spoofing.
Application gateway: These apply security mechanisms
to specific applications, like FTP and Telnet servers.
This is effective, but can lead to performance degradation.
Circuit-level gateway: Here, a security mechanism is
applied when a TCP or UDP connection is established.
Once the connection has been made, packets can flow
between the hosts without further checking.
Proxy server: A proxy intercepts all messages entering
and leaving the network effectively hiding the true
network addresses.
Features to look out for
Some of the features to look out for before buying a
firewall are:
-
Good management features.
-
A well designed GUI to ease the administrative burden.
-
Remote-management capabilities.
-
Availability of training, support and documentation.
-
Scalability and availability of third-party complementary
products.
-
Performance and stability.
-
Implementation and other costs.
Vendor offerings
Various vendors offer a whole suite of firewalls and
security solutions. Here are some of them.
Computer Associates eTrust Firewall is an easy-to-manage
security solution providing both perimeter and internal
protection. The eTrust Firewall also has a unified console
for enterprise-class manageability which makes it easy
to deploy firewalls throughout the enterprise. The technology
also provides organizations with the most intuitive
firewall rule analyzer. Other features include packet
inspection and support for all application protocols.
The Cisco Secure PIX Firewall is a dedicated firewall
appliance in Cisco's firewall family. All four Cisco
Secure PIX Firewall models have IPSEC encryption built-in,
permitting both site-to-site and remote access VPN deployments.
They operate on a hardened OS focused on protecting
both the security of the device and the networks it
protects.
NetScreen offers a line of firewall and VPN solutions.
NetScreen's firewall uses technology based on stateful
inspection, securing a network against intrusion and
DoS (Denial of Service) attacks. NetScreen's custom-built
GigaScreen ASIC processes firewall access policies and
encryption algorithms in hardware providing significantly
higher performance than software-only products.
Network Associates, McAfee Desktop Firewall 7.5 helps
control outbreaks and attacks by letting you block vulnerable
connections. It has central management, deployment,
updates, and graphical reporting from a same ePolicy
Orchestrator console as its anti-virus software. It
protects remote and broadband users from attacks and
infections on desktops or Windows servers. It also helps
prevent use of vulnerable or unauthorized applications
and connections.
Nortel Networks, Alteon Switched Firewall is a multi-component
solution managed as a single system. The hardware is
a combination of the Alteon Switched Firewall Accelerator
and the Alteon Switched Firewall Director. The software
is a combination of a specific Web OS called the Alteon
Switched Firewall OS for the Alteon Switched Firewall
Accelerator and FireWall-1 next generation security
software from Check Point hosted by the Alteon Switched
Firewall Director.
Novell, BorderManager 3.7 is an access and security
solution that addresses internal and external security
threats. This solution seamlessly works with Novell
eDirectory letting it monitor, control and accelerate
your users' Internet activities.
Stonesoft, StoneGate firewall is a software-based firewall
and VPN solution with centralized management. The architecture
is three-tiered, and consists of a management GUI, management
server and the StoneGate firewall/VPN gateway. All connections
between components are secured with SSL. Management
server runs on Red Hat Linux, Solaris, and Windows 2000.
The Nokia Appliance firewall integrates Check Point
Software Technologies' VPN-1/Firewall-1 and allows an
organization to deploy a single solution for security
and network access control. Nokia offers intrusion detection
technology that minimizes online risks and provides
network surveillance to identify, signal, and respond
to suspicious activities.
|
Firewall
prices
|
|
Company
|
Firewall
Product
|
Indicative
Pricing in Rupees
|
|
Computer
Associates
|
eTrust
Firewall
|
Rs.
2 Lakhs (Depending on Server Class)
|
|
Cisco
Systems
|
Cisco
PIX Firewall 505
|
Rs.
1,36,000 (For SOHO segment)
|
| |
Cisco
PIX Firewall 515
|
Rs.
1,75,000 (For SME segment)
|
| |
Cisco
PIX Firewall 525
|
Rs.
2,80,000 (For Enterprise segment)
|
| |
Cisco
PIX Firewall 535
|
Rs.
8,75,000 (For Service Providers)
|
|
Network
Associates
|
McAfee
Desktop Firewall 7.5
|
Rs.
3000 (Per Desktop)
|
|
NetScreen
|
NetScreen-5XP
Elite
|
Rs.
1,04,650 (For Small Office)
|
| |
NetScreen-50
|
Rs.
6,27,445 (For Medium Enterprises)
|
| |
NetScreen-100a
|
Rs.
10,46,500 (For Large Enterprises)
|
|
Nortel
Networks
|
Alteon
Switched Firewall
|
Rs.
17,15,000 (For Service Providers)
|
|
Novell
|
BorderManager
3.7
|
Rs.
1840 (Per User)
|
|
Check
Point Software
|
Firewall
- 1
|
Rs.
1,50,000 (For 25 Nodes)
|
|
Nokia
|
Nokia
Appliance (IP 120 )
|
Rs.
2,00,000
|
|
Sparr
Electronics Limited
|
VisNetic
Firewall Workstation
|
Rs.
3,650 (Single User)
|
| |
VisNetic
Firewall Server
|
Rs.
31,200 (Single User)
|
| |
VisNetic
Firewall Network
|
Rs.
36,400 (3 Users)
|
|
Stonesoft
Corporation
|
StoneGate
firewall gateway with VPN
|
Rs.
2,72,500 (For 50 Nodes)
|
| |
StoneGate
2x firewall gateway with VPN
|
Rs.
5,45,000 (For 50 Nodes)
|
|
Mahesh
Rathod can be reached at rathodmp@hotmail.com
|
|| Feedback
|| Subscribe-
