Yes, I Have A Firewall…Or Do I Have Swiss Cheese?
Today, almost everybody has super, extra special, high speed Internet access. People are also up to speed on, what used to be, the secret language of IT geeks. We all know what an IP address is and what an Ethernet cable looks like. We have heard the terms router, switch, server and firewall. Most people have at least a small grasp on what these terms mean in the secret underworld of IT, computers and networking.
When the cable guy comes in, we know that they install a router, that usually has wireless or “WiFi” capability and we know that it needs to be locked down with a super-secret passphrase. We know we need to do this to keep others from being able to intrude into our home or business network. We also have a fairly decent understanding of the firewall that is included in the routers they install, or the routers you buy yourself from your favorite geek store.
But, what if I was to tell you that those are not true firewall devices? So, what, you say – my router says it has a built-in firewall. I’m safe! Okay, that’s a fair statement, but what if I was to tell you that instead of guarding the White House with armed guards, we instead replace them with a big Mexican-border style wall all the way around the White House? Okay, okay, insert your own political statement here. Great, we built this big strong wall now but, how would anybody get in or out (assuming we can’t all afford a helicopter)? Easy, just cut out a big hole in the wall that will let people in and out. Great, I have a hole for people to walk in and out of, but now I need a hole for the staff and their cars. Perfect, oh crap, I forgot about the delivery trucks, so let’s cut another, bigger hole in the back for them. Now remember, we decided we don’t need the armed guards anymore, because we have this huge fancy wall to protect us. Okay, problem solved – we now have a big nice strong wall to protect the people inside and ways for people to get in and out...but, wait – we sent the guards home so, who’s watching the holes?
That is what you have in almost every consumer and small business class router. The so-called firewall included in the firmware on those devices are actually considered Security Gateways and not a true firewall. We like to refer to security gateways as Swiss cheese. They provide a way to let Internet traffic in and out of your network through holes or “ports”. Each different service like HTTP (web) traffic, email traffic, etc., all travel through those specific holes/ ports in your router. Ok, fine, so what, you say. Yes, you need to let that traffic in and out, otherwise, what’s the point? The point is that security gateways do not inspect the traffic going through those holes into your network. It is the same as building that wall, cutting out holes in the wall and removing any guards from checking to see who or what is coming and going through that wall.
The difference between a security gateway and a true firewall is that a firewall inspects all the traffic going through it. Firewalls work the same as security gateways in the way ports are opened to allow specific traffic in and out. However, in a true firewall, all the traffic going through those individual ports is checked by an armed guard for any type of threat – viruses, exploits, intrusion attempts, etc.
Firewalls are almost always more expensive, but the cost of cleaning up after even one network intrusion far outweighs the cost. Most firewall updates work similar to the way antivirus software is updated. You will typically pay for an annual or multi-year subscription to receive updates against known threats. The software inside the firewall device is constantly in touch with the manufacturer’s servers and updating itself with any new threat information. It’s the same as all the armed guards communicating with headquarters.
So, you may ask, what’s the point of all this. The point is that everybody, especially businesses, need to consider moving to a true firewall appliance instead of relying on Swiss cheese to protect their important business and financial information.
Firewalls, should be installed, setup and monitored by an IT professional. Miller Technologies has over 20 years of experience selecting, installing and managing true firewall devices and managing corporate networks. We have the expertise to help you select the correct firewall for your network and get it setup securely.