How to Set Up a Firewall
It seems like every day we hear of a computer security breach in the news: A hacker who has stolen records from one company or another; an ex-employee who remotely accessed a supposedly "off limit" company network and stole or destroyed data--and this is only the incidents we hear about. But like the more general crime news we hear, see or read about in the media, there's much more that happens that we don't hear about.
Your business is no exception when it comes to online security, and as we speak, I'm sure hackers are testing your network or that of your competitor or partner for security weaknesses. How can you protect your business? How can you be secure? Unfortunately, you can never be 100% secure, but there is something you can do to ensure your computers and network are as secure as possible.
A firewall is one of the best security roadblocks you can have and will help protect your computer from the malicious threats of the online world. In addition to a firewall, it's important to always back up your data and have an anti-virus program installed on your computers and network as well (e.g., e-mail, file server and other entry points).
Firewalls carefully scan each port on your computer to ensure the packets of data going through them comply with the specifications you have set. For example, maybe you don't allow instant messaging (IM). Your firewall will ensure that no instant messages go in or out of your computer system. Why would you want to block IM? Maybe you want to prevent employees from using it to chat with friends and family instead of working. Furthermore, many online attacks happen through IM, so blocking IM is one way to bolster security.
Firewalls act like security guards at a big building. There are many people going in and out of the building, but not each person is treated the same. Some people have full access to the building, while others need to be escorted by a staff member. Others might have to deliver certain packages to the back of the building. In the same way, a firewall can be configured to block (or allow) access to certain websites, "protocols" (the language different computer services use to speak to one another) or even certain words or phrases.
There are two kinds of firewalls: software and hardware appliances.
Software firewalls are installed on your computer system and are ideal for ensuring that every computer (including your in-office staff and remote employees) has a basic level of protection against threats when they're online.
A hardware appliance is best for installing at each entry point to your corporate network (such as your cable or DSL connection). Since it's an appliance, it's always on, isn't dependent on a computer being turned on or off, won't crash due to your operating system not working right, and is often more robust and powerful than software-based firewalls.
Windows XP comes with a free Windows firewall (software based). If you have an older version of Windows or if you want to use a different firewall than what Microsoft provides, you can download a free firewall program from Download.com (a great resource for a lot of free or trial software) or purchase one from a number of vendors. (Type "Firewall" into any search engine and you'll be given a list of many software and hardware firewall vendors). While Microsoft's built-in firewall is "good," there are more robust firewalls (usually that blend anti-virus, anti-phishing and other technologies) that you can purchase for better protection.
When installing a firewall, keep these things in mind:
- It's best to have a security expert configure your hardware firewalls to harden your network as much as possible. The configuration of your firewall is what will make it strong or weak.
- If your firewall is too secure, you might inhibit users from doing their work, so there must be a careful blend of being very secure but not too secure.
- Software or firewall? There's a debate as to which one is best, and it's best to use a mix of both. Have a software firewall on every computer. Have a hardware firewall on each main internet connection (such as your DSL line), or if you have several servers and want to boost protection even more, have one on each server.