Saturday, April 5, 2008

Using Both Hardware and Software Firewalls

Although the Windows Firewall built into Windows XP starting with Service Pack 2 provides stateful packet inspection, it only protects against inbound threats. Consequently, you should not count on it as the only protection between your computer and the Internet.

To provide a greater deal of security, you might want to use both a hardware and a software solution. Use the hardware firewall appliance as the front end of the network by attaching it to your broadband connection. Note that most SOHO and small office firewall appliances include multiport Ethernet switches, and some also include a Wi-Fi AP. Then use a software firewall package on computer(s) in your network.

Internet 2010

Whichever you choose, keep in mind that no firewall can provide a complete solution to protect a network from outsiders. New viruses, Trojan horse programs, and the like are being created every day. All antivirus and firewall devices/software should have an update feature that you can use to download new software and virus definitions on a frequent basis. This type of service typically comes free for the first year, and then you can pay a small fee for following years.

How Do You Know That the Firewall Is Secure?

The problem with security is that the environment, either internal or external, is always changing. As soon as a bug in an OS or network application is found and exploited by mischievous persons, someone comes out with a fix. As soon as the fix is applied, something else crops up. When you set up a firewall to protect yourself from those who might do harm to your network, you must perform tests to be sure that it does what you think it does.

The problem with testing, however, is that you already know what you are looking for when you create and execute the test. It's what you don't know that can cause problems. To keep on top of things, you should continue to monitor the data collected by any auditing or logging functions the firewall provides to make sure that it is working as you expect. Look for attempts to breach the firewall and watch for unusual activity. You might find that you can stop an attack before it succeeds. Using other tools, such as Tracert, you might be able to locate the perpetrator and handle the matter using legal means.

No RFCs define what a firewall must do or how it should do it. You can contact several organizations on the Internet to get information about current firewall and security software. Appendix C, "Internet Resources for Network Administrators," contains a list of some interesting sites related to network security and firewalls that might help you decide what kind of protection you need.

No comments:

Internet Blogosphere