At the heart of all security policies lies the firewall. And as networks grow more complex, more and more reliance is being placed on firewalls to supply the intelligence needed to manage sophisticated online services.
Having a network without a firewall is the equivalent of filling an office building with hi-tech kit and then leaving all the windows wide open and the door on the latch: even the most inept kiddy-scripter will find a way in. And given that your corporate data is usually the most valuable part of your company's inventory, it is clear this is a door that must be guarded very carefully.
Determining factors
But it is a little more complicated than just bolting it. The need for companies to access the internet means that there must be two-way traffic through this door. And how that traffic is managed - and whether the method of managing it is suitable for your particular business - will determine the best firewall for your network. This Group Test looks at a selection of firewall appliances: heavy-duty equipment for heavy-duty networks. But what should you be looking for?
It is worth making the point that most organizations will have several firewalls positioned to guard different sections of their networks, and they will need to be able to manage them all from a central point, perhaps through a management system such as Tivoli or Openview.
Very few companies can afford to have a dedicated network administrator spending the entire working day monitoring and maintaining the various firewalls. In today's business environment, multi-tasking is the norm, and the firewall will almost certainly be a part-time responsibility for an employee. Because of this, a number of factors become paramount: firstly, ease of installation. It is almost certain that the employee charged with the maintenance of the firewall will simply be handed the box and told to get on with it; therefore installation and configuration must be as simple as possible.
Making things simple
Not only that, the configuration must be both intuitive and comprehensive. One of the greatest dangers is that of a false sense of security - if everyone assumes that they are secure behind the firewall, but incorrect configuration has led to gaping holes in your network edge, the consequences can be even worse than having no firewall at all.
This is equally true of integration: will the firewall appliance work seamlessly with the rest of the kit in your network, or will you have to reconfigure your existing network to support it? Lack of integration can lead to a 'security gap,' where different products do not talk to one another and leave your network wide open, while network reconfiguration is an expensive and time-consuming luxury that few businesses can afford.
Ease of use is another important factor to consider. Part-time administrators do not want to (and cannot afford to) spend a large proportion of their day maintaining the firewall. As companies change - and in today's business environment, that is virtually a daily occurrence - the firewall will have to be reconfigured on a regular basis, as different employees require different access rights.
This process must be made as simple as possible - if not, you can end up with the situation where ex-employees, or employees who have changed job roles, have access rights that can be exploited. Remember the majority of security violations are internal, not external. Whether these are deliberate or simply inadvertent is irrelevant: maintaining your security policy must be as simple as possible. An easy-to-follow GUI (and good documentation, of course) is vital.
You should also consider how thorough an audit trail your firewall provides. This is not simply a case of covering your back, although it is obviously important to ensure that you have as much information as possible, in case any of your employees get your company into any sort of legal trouble.
It is increasingly common for some companies to demand this sort of protection before they do business with you, especially when dealing with government agencies. The quality and depth of reporting options is therefore very important, and a good firewall should have the ability to offer tailored reports that are suited to your business needs.
The bottom line
While having a firewall is vital, you must ensure that it is the right firewall for your organization - just plugging a box into your network and hoping for the best is probably worse than no protection at all. After reading this series of tests, you should have a better idea of what you should be looking for, and whether the firewalls in question are what your business needs.
This month we deliver a total of 12 reviews so you can discover how the products differ and which are recommended and best buy, helping you to make the right choice.