A recent assignment saw Pc Doctor Westchester involved in setting up a corporate firewall for a user located in New York. Firewalls have more security features than home routers and should be a requirement in business networks. The firewall replaced an existing home router and these are the features we have been looking at before installing it:
- Numbers of Users: this is a tricky question. How many users are in the network? Users do not mean connections because a user can have multiple connections at the same time as he/she carries multiple devices. It is always helpful to shop for a firewall which allows more users than the actual users’ number located in the office.
- Wireless: Does the firewall has wireless capabilities? If it does not have a wireless module, it is recommended to get access points from the same brand that can integrate with the firewall. The WiFi specs need to blend with the security embedded in the firewall itself and should contemplate the possibility of creating Virtual Local Area Networks (VLAN) to avoid intruders sneaking into the main corporate network.
- Firewall Zones: this feature is very important because it allows zones to talk to each other. Fore example if we want the traffic from the WAN go to the LAN and vice versa, we need to create these zone with specific rules for the incoming and outgoing traffic. The zone can be further customized by specifying what type of traffic or services are allowed to flow back and forth between these two zone.
- Web Filtering: this feature allows users to be blocked when they attempt to access categories of websites that are blacklisted by the network administrators. The categories range from spyware, nudity, sexually explicit content etc etc etc and can be also customized by adding more blacklisted urls to the categories of websites blocked. On the other hand, a specific web filtering rule can be created to allow certain type of websites to be visited but this is a case to case basis and requires the network administrator to examine one by one the urls that are allowed to be displayed on the users browser.
- General Interface and Firmware: the firewall appliance should have a friendly interface and does not require a huge learning curve. Software updates should be easy to do as well the backup of the entire configuration file is paramount if we want to restore the latest configuration.
- Malware Scans: a good firewall keeps up with the most recent trends in malware: it’s a good thing if it can scan urls but it will be even better if the firewall has an embedded protection against ransomware viruses.
- Email protection: as all the infections come through the internet and through the opening of infected email attachments, it is recommended that the domain of the company is protected by the antivirus engine of the firewall. Although today most of the companies are migrating towards Office 365, it would be an added layer of security to have users emails protected by the firewall as well.
The firewall should be also able to generate PDF reports related to the attacks stopped and to the threats that affect single users. By having granular control on each user, the firewall can lead the network administrator to remove or further investigate a computer that may be a real risk for the entire network.