"They" are out there.  "They" will attempt to crack your online systems, sometimes for profit, revenge, or just for the fun of it.  "They" are the cyber-criminals.

Business communication needs dictate that you must connect yourself to the Internet, but you can’t leave yourself unprotected – You need a firewall.

A Firewall is a device that sits between your network and the Internet.  It makes sure that "They" don’t get in, while allowing you access to fulfill your business needs.

There are a number of firewall products on the market. They fall into two basic categories – Stateful Packet Inspection and basic NAT.  Either type can be implemented in software on a server or as a hardware "appliance" solution.

A NAT router is your basic, less than $100, firewall.  It works by translating a single Internet IP address into multiple local IP addresses, and is sufficient for many businesses and home users.  The idea behind it is that it only traffic from the Internet that has been "solicited" from a machine on your network, a cyber-criminal cannot get through it and compromise your internal network.  If a packet of data was solicited by a machine, then the router sends the packet back to that machine without even inspecting the packet to see what it is.  While effective against most attacks, if you host any services locally such as remote access, web server, or Email then the effectiveness becomes very limited.  It will also not protect you against "backdoor" programs commonly installed as components of "spyware" or peer-to-peer sharing software such as Kazaa of Napster.  If one of your employees installs such software on a machine on your internal network, then the effectiveness of a NAT router is extremely diminished.

A "real" firewall looks inside of a packet, compares it against a list of rules that you establish, and then decides whether to allow it through or not.  In addition to doing a much better job protecting you against outside attack, it also protects you from inside carelessness.  For example a stateful packet inspection firewall can be configured to filter the files your employees download to limit your exposure to viruses or completely prevent them from using file-sharing software without your permission.

A number of companies make good stateful packet inspection firewall appliances, such as Cisco (PIX) and Watchguard.  On the software side Microsoft has their ISA server, Novell has BorderManager, and Nokia has Checkpoint.

We often combine Firewall and VPN functionality into the same appliance, and usually recommend something from the Cisco or Watchguard product lines.

SHEERConnection is the Internet Services Group of Technology Specialists.  For more information on how SHEERConnection or Technology Specialists can be of service to you and your organization, please send a message to or call 260-422-5835. Powered by Technology Specialists