We are running an extranet, and our small LAN is connected to the main server via a VPN connection. I would like to install a firewall (hardware/software) to protect our LAN from Internet hacking attempts, as well as other viruses and other malware. What criteria should I use when buying a firewall for this type of environment?
You should always use a firewall to protect any connection to the Internet. In the case of a small network, you probably don't need anything complicated. Here are a few simple ideas you can follow:
- Look for a firewall that provides stateful inspection. Most have this capability. Representative of an advanced firewall architecture, it keeps track of communication packets and ensures that you can easily allow return traffic corresponding to your outbound requests. Only incoming packets that constitute a proper response are allowed through the firewall.
- Consider if you need content filtering. Do you want to take measures to protect users on the network from accidentally (or intentionally!) browsing websites that contain malicious or offensive content? Some firewalls offer content-filtering capabilities.
- How long can you be down? If the firewall fails, what's your backup plan? More expensive firewalls have high-availability configurations that allow the use of two devices. If the primary one fails, the secondary firewall automatically takes over. For those making do with a less expensive product, consider purchasing a second device that can be kept on the shelf for use in the event of a failure.
- Firewall management is critical in today's regulatory climate, and companies looking to streamline firewall management will look to tools from several vendors. (Login required)
- Get the latest news and expert advice on network firewalls.
Dig Deeper on Network device security: Appliances, firewalls and switches
Related Q&A from Mike Chapple
Choosing to encrypt confidential data with AES or DES encryption is an important cybersecurity matter. Learn about the important differences between ... Continue Reading
It's not possible to eradicate the risk of DoS attacks, but there are steps infosec pros can take to reduce their impact. Mike Chapple shares ... Continue Reading
The HHS OCR ruled that healthcare ransomware attacks are HIPAA violations, so these covered entities need to react according to the HHS's guidance. ... Continue Reading
Have a question for an expert?
Please add a title for your question
Get answers from a TechTarget expert on whatever's puzzling you.