freshidea - Fotolia

Evaluate Weigh the pros and cons of technologies, products and projects you are considering.

Do enterprises need an internal firewall?

Internal firewalls are on the market, but how do they differ from traditional firewalls? Expert Kevin Beaver explains the benefits and drawbacks.

What is an internal network firewall, and how does it differ from other types of firewalls? What are the pros and...

cons of using an internal firewall versus traditional firewalls?

When you consider the ongoing research, internal threats exploiting all-too-common vulnerabilities are creating sizeable risks for businesses both large and small.

However, the concept of an internal firewall seems to be yet another vendor marketing gimmick à la "the cloud" and "cybersecurity," likely borne out of the hype around PCI DSS compliance.

A firewall is a firewall is a firewall -- the goal is to protect one network segment from another while letting in approved traffic and monitoring for anomalies. That said, you can tweak certain firewalls to work optimally in your internal environment, and that's what this internal firewall option is all about. For example, you might have an internal firewall that allows all traffic to pass through (i.e., any-any rules with no routing enabled), but you want intrusion prevention, application-layer monitoring or malware protection to still work.

Using internal firewalls for segmentation purposes would be a great way to minimize internal security risks. Many organizations do this for PCI, but that's arguably not enough. When anyone can plug into any port on an enterprise network and access dozens of network segments and thousands of network hosts -- and carry out exploits that no one will ever notice -- then something's amiss. I see this scenario quite often.

Ultimately, business functions, usability and convenience unfortunately trump most security controls, including any benefits offered up by firewalls used on the internal network. But using firewalls to reduce internal security risks is something every enterprise should consider.

Ask the Expert:
Have a question about network security? Send it via email today. (All questions are anonymous.)

Next Steps

Explore further about the placement of firewalls

This was last published in August 2015

Dig Deeper on Network device security: Appliances, firewalls and switches