Q
Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Do enterprises need an internal firewall?

Internal firewalls are on the market, but how do they differ from traditional firewalls? Expert Kevin Beaver explains the benefits and drawbacks.

What is an internal network firewall, and how does it differ from other types of firewalls? What are the pros and...

cons of using an internal firewall versus traditional firewalls?

When you consider the ongoing research, internal threats exploiting all-too-common vulnerabilities are creating sizeable risks for businesses both large and small.

However, the concept of an internal firewall seems to be yet another vendor marketing gimmick à la "the cloud" and "cybersecurity," likely borne out of the hype around PCI DSS compliance.

A firewall is a firewall is a firewall -- the goal is to protect one network segment from another while letting in approved traffic and monitoring for anomalies. That said, you can tweak certain firewalls to work optimally in your internal environment, and that's what this internal firewall option is all about. For example, you might have an internal firewall that allows all traffic to pass through (i.e., any-any rules with no routing enabled), but you want intrusion prevention, application-layer monitoring or malware protection to still work.

Using internal firewalls for segmentation purposes would be a great way to minimize internal security risks. Many organizations do this for PCI, but that's arguably not enough. When anyone can plug into any port on an enterprise network and access dozens of network segments and thousands of network hosts -- and carry out exploits that no one will ever notice -- then something's amiss. I see this scenario quite often.

Ultimately, business functions, usability and convenience unfortunately trump most security controls, including any benefits offered up by firewalls used on the internal network. But using firewalls to reduce internal security risks is something every enterprise should consider.

Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)

Next Steps

Explore further about the placement of firewalls

This was last published in August 2015

Dig Deeper on Network device security: Appliances, firewalls and switches

PRO+

Content

Find more PRO+ content and other member only offers, here.

Have a question for an expert?

Please add a title for your question

Get answers from a TechTarget expert on whatever's puzzling you.

You will be able to add details on the next page.

Join the conversation

1 comment

Send me notifications when other members comment.

By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy

Please create a username to comment.

The most common 'internal firewall' I have seen is a firewall between the DMZ, which serves traffic to the public internet, and the company network, which is not expected to. Of course you need to create holes in that wall so the web servers can connect to the databases and middleware, etc, and that can be expensive.

Some of my clients have had some success with more fine-grained network segmentation. It likely makes sense for a fortune 100 structured as multiple business units.
Cancel

-ADS BY GOOGLE

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close