Firewalls: How to Choose the Right One for Your Small Business

In All by Mike Abbott

The word firewall is a rather dire one. It conjures contrasting images of cities ablaze, filled with chaos and destruction held at bay only by the saving grace of the firewall, which stands resolute and proud as it preserves a measure of peace and stability in the face of overwhelming mayhem. In the context of this medieval notion of the firewall, things were fairly simple. Should it be made out of stone or sand? Does the firewall need a ditch on one side, both sides or will the wall itself be sufficient to impede the spread of flames without such embellishments? Likewise, the first network firewalls that came into being were relatively simple devices. However, network security has quickly developed into an incredibly complex and nuanced topic, so selecting a firewall for your small or medium-sized business is without doubt an intimidating proposition if you aren’t an expert on the subject. The following guide will help you better understand the important features that you need to look for, and how to determine the firewall that is best suited for your business’s network.
The first thing to look at when you are shopping for a firewall is the size and speed of your network. As a firewall runs data through various filters and processes to ensure that there is nothing malicious in or about the traffic it is monitoring, it limits the speed with which data is able to move through the network i.e. throughput. This creates two potential pitfalls: you can spend way too much money on an enterprise class firewall that has the capacity to support the movement of a tremendous volume of data, or you can purchase one that creates a permanent bottleneck on your network’s speed, limiting throughput to something well below what you are paying your internet service provider to deliver. This one criterion allows you to eliminate the vast majority of potential options from the selection process.
When Firewalls first came to be, they performed one relatively simple task, packet filtering. Essentially, this involves the firewall being programmed with a set of rules that determine the appropriate protocols for the transfer of different data packets. If a particular attribute in the header of a data packet is incongruent with the firewall’s filtering rules, that packet is not allowed through the firewall and is discarded. While packet filtering is certainly still an important part of maintaining a secure network, it is a static process that does nothing to adapt to the various new security threats that are developed on a daily basis and evolve continuously. To be truly effective, a modern firewall must be constantly updated with information that allows it to defend against threats that recently came to be. To ensure that your network is safe, it is important that your firewall supports some form of content filtering, malware filtering and an intrusion prevention system. These services are typically delivered in the form of subscriptions because they must be updated regularly to prevent against threats that have only just been conceived.
Given that you are paying a subscription for what is essentially software that is able to detect and defend against various threats to your network’s security, it makes sense to adopt solutions that are provided by reputable vendors. Cisco is the clear industry leader in the network security space; not only do they produce superior hardware, but they have the best team of security experts and programmers researching new security threats and creating advanced software to respond to them. More often than not, we end up recommending that our clients purchase the Cisco 5505 ASA (Adaptive Security Appliance) for networks with speeds capped at 150 Mbps down, Cisco ASA 5506-X for networks capped at 300 Mbps down, Cisco ASA 5508-X or Cisco ASA 5512-X for networks capped at 500 Mbps down, and the Cisco ASA 5525-X for networks capped at 1 Gbps down. We recommend these devices in conjunction with a set of Cisco’s Firepower services, specifically Advanced Malware Protection (AMP), URL Content Filtering, and Intrusion Protection Services (IPS).
If this all seems a little complex, that’s because it is. In addition to the primary criteria for selecting firewalls discussed above, there are hundreds of minor, nuanced characteristics and features that may impact your final decision. For example, how many simultaneous Cisco AnyConnect VPN connections can the ASA 5506-X with FirePOWER Services support, and how does one determine if that number is sufficient to meet the needs of their business? Before you purchase, install and configure a firewall to keep your network secure, it definitely makes sense to consult with someone who is an expert on the subject. At First Service, we specialize in building secure networks for small and medium sized businesses and we would be more than happy to send one of our experienced network engineers your way to perform a network assessment and make recommendations that are tailored to the needs of your businesses network. Even if you just have questions about the content of this article, we would love the opportunity to walk you through the information covered here and answer any additional questions you might have on the subject. Don’t hesitate to give us a call at 919.832.5553