What is an internal network firewall, and how does it differ from other types of firewalls? What are the pros and...
By submitting your personal information, you agree that TechTarget and its partners may contact you regarding relevant content, products and special offers.
cons of using an internal firewall versus traditional firewalls?
When you consider the ongoing research, internal threats exploiting all-too-common vulnerabilities are creating sizeable risks for businesses both large and small.
However, the concept of an internal firewall seems to be yet another vendor marketing gimmick à la "the cloud" and "cybersecurity," likely borne out of the hype around PCI DSS compliance.
A firewall is a firewall is a firewall -- the goal is to protect one network segment from another while letting in approved traffic and monitoring for anomalies. That said, you can tweak certain firewalls to work optimally in your internal environment, and that's what this internal firewall option is all about. For example, you might have an internal firewall that allows all traffic to pass through (i.e., any-any rules with no routing enabled), but you want intrusion prevention, application-layer monitoring or malware protection to still work.
Using internal firewalls for segmentation purposes would be a great way to minimize internal security risks. Many organizations do this for PCI, but that's arguably not enough. When anyone can plug into any port on an enterprise network and access dozens of network segments and thousands of network hosts -- and carry out exploits that no one will ever notice -- then something's amiss. I see this scenario quite often.
Ultimately, business functions, usability and convenience unfortunately trump most security controls, including any benefits offered up by firewalls used on the internal network. But using firewalls to reduce internal security risks is something every enterprise should consider.
Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)
Explore further about the placement of firewalls
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Kevin Beaver
Knowing how to test for security flaws is vital, but it's a complicated and changing field. Expert Kevin Beaver offers security testing basics.continue reading
While there are numerous security benefits to a DNSSEC implementation, there are drawbacks as well. Expert Kevin Beaver explains.continue reading
The benefits of the ODL SDN platform are promising, but what about the recent Netdump flaw it experienced? Expert Kevin Beaver discusses why you may ...continue reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.