Certifications / Security

How to Choose the Right Firewall

by Team Nuggets
How to Choose the Right Firewall picture: A
Follow us
Published on June 30, 2016

Whether you decide to use Cisco, CheckPointPalo Alto, o Juniper firewalls, we have plenty of vendor-specific network security training in our extensive training library. You might also want to pursue the CompTIA Security+, Certified Ethical Hacker, or ISC2 CISSP certifications.

The right firewall makes a difference between opening your critical data to the Internet-at-large and keeping your internal network and intellectual property safe. Your firewall is the virtual wall that separates the Internet from your network resources. The wrong one can cost you millions due to data breaches and unidentified malicious traffic. Firewalls stop denial of service (DoS) attacks, reject unauthorized access to the internal network, and filter network traffic and applications.

The following questions will help you narrow down the options you may be considering as you choose the firewall product that is right for you.

Do You Need Remote Access for Home-Based Users?

Midsize businesses usually have at least one home-based user. Even if employees work part-time from home or away from the office, you need VPN support. A firewall can handle much of the overhead including authorization and support for encrypted, tunneled traffic.

You can purchase a secondary system or VPN solution for your network, but a hardware firewall solution that incorporates VPN with its architecture is much more cost efficient.

How Secure are You from DoS/DDoS Attacks?

During the past couple of years, the security industry has seen some major Distributed Denial of Service (DDoS) attacks targeting big businesses. DDoS attacks have become bigger and more popular as attackers increase the number of zombies they attach to their botnet. You have no forewarning or notice when a DDoS attack is launched. The only alert is a sudden reduction in bandwidth and performance on public-facing servers and IT resources.

A firewall can help identify and stop these attacks. You can couple the router with other services such as intrusion detection systems to have more advanced solutions that target suspicious traffic. However, at a basic level a firewall can help stop an attack until it ends. Just remember that attackers will continue the attack if you don't configure your defenses correctly. Always choose a firewall solution that has DDoS detection and mitigation in place.

Do You Need Masquerade Ports for Critical Services?

Many services have a standard port, but you can use an alternative port to avoid attacks on a specific service. For instance, opening RDP (port 3389) is common for Windows administrators. It's also a common port that hackers probe for security flaws on the network. The solution (if administrators still need RDP from outside resources) is to change the port that connects to the servers. This change is done on the server and "allowed" by the firewall. This can be done with more ports than just RDP. If the service isn't critical and requires a standard port, then you can improve security by choosing an alternative port and configuring this port on the router.

The router will forward traffic to the alternative port and then filter any incoming requests for the old, standard port. Filtering traffic is one of the main advantages of a firewall.

How Do You Know When an Attack Occurred?

If your firewall blocks an incoming attack, how do you know it occurred? While you can rely on the firewall to stop an attack, it's just as important to know when one occurred or is in progress. The right firewall can send a list of administrators an alert that lets them know a critical attack is in progress.

Once the administrator is alerted, the firewall and router logs are useful to determine the method of the attack. With the right firewall in place, the administrator can quickly mitigate an attack before it turns into critical downtime for the business.

Does the Provider Offer Good Support?

Whether you have a question or need technical support, the firewall should have a contact number where you can get support. Since a firewall is a critical component in security, it must be set up properly. One mistake and your company could have a major breach on its hands. If you need to ask, the right firewall company offers support to ensure your security.

A firewall is a critical piece in your network topology. Make sure you do plenty of research, ask the right questions, and ensure that it fits well into your network infrastructure and security plans.

Not a subscriber? Start your free week.


Ultimate Security Cert Guide

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.


Don't miss out!Get great content
delivered to your inbox.

By submitting this form you agree to receive marketing emails from CBT Nuggets and that you have read, understood and are able to consent to our privacy policy.

Recommended Articles

Get CBT Nuggets IT training news and resources

I have read and understood the privacy policy and am able to consent to it.

© 2024 CBT Nuggets. All rights reserved.Terms | Privacy Policy | Accessibility | Sitemap | 2850 Crescent Avenue, Eugene, OR 97408 | 541-284-5522