Depending on your security needs, the next line of defense to consider is a good firewall. A firewall consists of software or hardware that lets you decide who is allowed into your system. Firewalls, also called proxy firewalls, prevent direct connections from Internet hosts to internal hosts (you). Proxies in the security software intercept each Internet data packet, analyze the source and destination of data, then decide whether to pass it forward or block it. Firewalls are a good idea for companies with network connections to the Internet, which make them more vulnerable to intrusion.
When Digital Magic Inc., a Cleveland-based pre-press shop, began offering clients remote access to annual reports and other confidential information on its servers, owner Mark Goren, 42, and MIS manager Jordan Levy, 32, decided to invest in a firewall. "Before, none of our servers were accessible through the Internet, but now they are," explains Levy. "We wanted to give our clients a sense that their data was going to be secure."
The solution: Firebox II (starting at $4,995) from WatchGuard Technologies Inc. Firebox II, a bright red box that plugs in to and resides between your router and LAN, offers an integrated security solution that includes access control and user authentication. It also has features for data encryption. The Virtual Private Networking feature lets you use the Internet as your own private network for transferring sensitive information between sites.
Levy was particularly impressed with the product's ease of use. Its graphical user interface (GUI) makes it easy to add new security proxies and set up user access. "Because everything's done through the GUI, it's really easy to manage," Levy says.
Many firewalls offer advanced solutions that require some knowledge of network security and come with features you may not need. Levy, for instance, doesn't use some of Firebox II's features for blocking employee access to certain Internet sites and for tracking areas they visit. For companies with less complicated security needs, consider SonicWALL from Sonic Systems (starting at $499). This product, formerly known as Interpol, delivers high security at an affordable price. SonicWALL offers basic packet inspection to determine if data is allowed through the firewall, and a version called SonicWALL Plus DMZ offers protection from "denial of service attacks," which occur when hackers flood your network with spam.
Network-based firewall solutions that run on an operating system such as Windows NT are another option. Novell's BorderManager Authentication Service for operation with Novell's NetWare network software has single-point administration for easy access-privilege setup. BorderManager offers advanced firewall protection that includes packet filtering and other kinds of high-level checks and balances.
To take the hassle out of installing and maintaining a firewall, consider a managed firewall service. Managed services are convenient, but they're also fairly pricey and generally targeted at large companies. For several thousand dollars per year, Sprint, AT&T and GTE (among others) will provide complete managed firewall services that include installation, configuration and remote management.
No matter what solution you choose, experts strongly advise selecting a firewall with plug-and-play features that simplify use. Misconfigured firewalls with gaping holes for perpetrators to enter can be as dangerous as not having one at all.