Choosing the right Firewall

Part of good network is proper hardware like router/firewall.  Using cheap and basic equipment may work for home users, but it is not perfect for business applications.  In a business, it is important to protect information and data access is paramount.  This is why it is recommended to invest in a security system to prevent cyber-attacks, and ensure network up-time and access to you data and applications.

Systems security is not just made of one thing. There are many links in the chain: user account and password security, anti-virus system on computers, gateway filtering and virus scanning on the network gateway, etc. Most businesses are content using the most basic router/firewall, not realizing that network security is only as strong as the weakest link in the chain. It is more common for employees to have remote access for telecommuting. Business-class routers like Sonicwall or Cisco Small Business Series offer gateway virus and malware protection. And here is the good part, these routers cost less than $250.

The Sonicwall TZ100 and TZ100W (wireless) is the leader in small and medium business router. It comes at the top of the price range, around $250. With your purchase comes 3 months of free tech support from Sonicwall. The TZ100 has features like Content Filtering, and Gateway Security Services, each a $90 annual subscription. This may seem unnecessary, but the business will see quick return on the money with increased employee productivity. The content filtering is broken down into 56 categories of objectionable or inappropriate Web content, providing a high level of transparent control, ease of administration and granular policy enforcement. Company-wide and user-based restrictions are easy to set up, and there are granular reports to summarize Internet access details. Inappropriate websites are often a vector for downloading malware and trojans onto user’s computers, so it only makes sense to block them.

Accompanying Content Filtering is Gateway Security Services. Today, Trojans, spyware, viruses and other malware threats become more sophisticated, and many of these threats are blended, originating from multiple sources, operating at multiple layers, utilizing multiple protocols. They are delivered via Instant Messaging (IM), peer-to-peer (P2P), file sharing, games or other seemingly benign applications that are not scanned by traditional client anti-virus solutions. The SonicWALL Gateway Anti-Virus and Anti-Spyware service inspects all email file attachments, ftp downloads, and real-time applications such as IM and P2P for total file-based threat control. Unlike other solutions, SonicWALL RFDPI analyzes all files in real time—regardless of file size or compression—and generates proactive alerts that notify administrators whenever a threat is detected.

There are many included features in the TZ100. Network segmentation via different interfaces and VLANs, DNS and DHCP servers, PPTP and user VPN server, VOIP support, and granular firewall rules. Even without the additional services, the router has rock solid performance and speed to support tens and even a hundred users. The TZ100W wireless model includes a very strong radio for maximum reach. Wireless security controls are granular and powerful, you can have multiple separate user and guest networks, encrypted access and communication. For business-critical connectivity and redundancy, multiple Internet providers can be connected to the TZ100.

One step below is Cisco Small Business Series RV042, costing around $175. The RV042 has dual WAN ports for redundancy, flexible firewall rules, DNS and DHCP servers, and PPTP and user VPN server. There is a Gateway anti-virus and Content Filtering subscription via Cisco ProtectLink subscription. This hosted service is delivered in partnership with TrendMicro and costs $135 per year. The Web Content filter has 83 flexible content categories to control different types of traffic. The RV042 firewall also has the ability to create a white list of websites for those you want permanently approved and not subject to filtering. Similarly, you can create a list of “trusted” host IP addresses on the LAN that will not be subjected to filtering. Overall, this service works well for smaller networks and users, but it is not as flexible as Sonicwall, which is better suited for medium businesses with varied access levels.

The RV042 has up to 50 site-to-site VPN tunnels, and remote users can connect using the built-in PPTP server. It takes some to set up a VPN connection on a Windows computer, but once it’s configured, users have access to company data, programs and other resources. There are easy-to-use firewall rules for remote application connectivity and port forwarding. The firewall software is a ‘true’ firewall: it blocks all ports, and only whitelisted traffic is allowed through. Unlike the cheaper firewalls, this puts a real barrier for port-scanning and pint attacks. This device is less expensive and also less flexible than the Sonicwall TZ100. The RV042 is a great entry-level router for most small businesses requiring solid firewall rules, VPN connectivity and gateway content scanning.