As one of the partners in the firm sat on the other side of the polished conference table, I could tell he thought I was one brick shy of a full load. I had often seen that same look on my wife’s face. “I don’t think we need a firewall,” he said. “What we do here isn’t very interesting to anyone else.” I somehow managed not to spit my hazelnut decaf onto the table. I asked him who his biggest clients were and was amazed to hear a Who’s Who of the high-tech industry.
“Let me ask you this,” I said. “What if someone took all the work you were doing for those companies and posted it on a few public websites? What if they merely went in and erased everything you had done? Or, let’s say someone took control of your office computer and started sending pornography from you to everyone in your address list? Do you understand the legal and ethical responsibilities you have to protect client data?” I could see by the look on his face that the new reality of computer security had just dawned.
Am I just making this stuff up as I go along? Hardly. Remember the kid in junior high walking down the hall with the “kick me” sign on his back without him even knowing it? That could be you without a firewall. Think about it. There are myriads of hackers scanning the Internet with automated tools just looking for a vulnerable system. It doesn’t take them long to find you and even less time to exploit you. What’s worse is that you will never know you have been hacked until it is too late.
With that uplifting thought, let’s start asking some fundamental questions.
What is a firewall? Let me use an analogy that is very near and dear right now to those of us who live along the Front Range. Fire. When a forest fire gets too big to put out, the only solution is to try to stop its forward progress. Firefighters do that by creating a firebreak. The bigger the fire, the bigger the firebreak needs to be. When something valuable is at stake, like people’s homes, the firefighters do everything possible to stop the fire in its tracks. Even a massive firebreak is not guaranteed to stop the fire, but not building any break is a guarantee that the fire will sweep right over everything in its path. If you envision the hackers as the fire and a firewall as your firebreak, then you get the picture.
Where do I put the firewall? Where did the plumber put the main shutoff valve for the water in your house? Where the water first enters your house. The answer is the same. The firewall needs to be where the Internet enters your office, before it ever gets to a PC. Don’t even consider a firewall program for each computer. That would be like the firefighters not building a firebreak around the subdivision, but instead handing out fire extinguishers to each homeowner.
What kind of firewall should I buy? If you will allow me to be a bit simplistic, I will divide firewalls into either hardware or software solutions. A hardware firewall is a box you plug your Internet connection into. A software firewall is a program that runs on a PC with an operating system such as Linux or Windows. Such products are only as secure as the operating system they are running on. If you read the news at all, you know Windows has some serious security issues. As you may have heard, Linux is an open source. What this means to you is that every hacker out there already has the source code to the operating system you are depending on to run your firewall application. Ponder that one for a minute. It’s akin to installing a flimsy hollow core front door on your house and thinking you are secure because you used a one-inch deadbolt lock. I believe the only good solution is a hardware solution.
How much will it cost me? Ask yourself a few good questions here. If I get hacked, how much will it cost me to be down for a day? A week? How much would it cost to lose all my data? What would it cost me if the trust of my clients was destroyed? Just as no firebreak is guaranteed to stop every fire, no firewall will stop every hacker. The bottom line is you get what you pay for. At my home, I bought a Linksys router/firewall for about $100 at the local geek shop. I would, however, never dream of using it to protect multiple computers in a business environment. A small business with a handful of computers would do well with a sub $1000 firewall like the Cisco PIX 501. If you have a larger computer environment, then you will need to seriously consider investing more in your firewall. The truth is that you can always find a cheaper solution. Just be sure you hang on to the money you saved. You’ll need it to pay someone to mop up after the fire.
Why am I not picking up the phone right now to get a firewall? Sorry, but I don’t have a good answer for that one.
Kevin Feldotto is a sales engineer for IT Communications, Inc. IT Communications specializes in end-to-end IT solutions. Kevin can be reached at kfeldotto@IT-Comm.net.