Just about every business needs to use the Internet whether it is for web research, email, remote working or VOIP. But introducing a gateway from your internal LAN to the Internet also creates a potential gateway into to your network for any mischief maker or malcontent. This is particularly true for the increasingly popular “always on” connection services like ADSL and leased lines. Without a firewall to protect the gateway your network is a sitting duck.

Firewall solutions sit at the boundary of the network in line with the Internet gateway connection. All traffic to and from the Internet must go through the firewall and be “inspected” and checked against the set of rules that define what traffic flows are allowed or disallowed and what activity logging should be carried out for reporting purposes.

As such the firewall has to carry out a rapid assessment of the type and purpose of the traffic, its source and destination and its conformance with the security policy and the rules that define that policy. It is vital that the firewall is able to handle traffic at a fast rate so that the security system does not become a bottleneck that limits the service.

Early firewalls relied on high powered hardware platforms often based on the Unix operating systems. These were the only real option to maintain the throughput rates necessary on busy links. Today firewall systems can be run on a wider range of platforms including Windows and Linux as well as the tried and trusted Sun Solaris and HP-UX flavours of Unix.

The systems on offer can be divided into software and hardware or appliance based approaches.

The leading software firewall product is the FireWall-1 system from Check Point Software Technologies. The product uses patented traffic inspection technology called “stateful inspection” which enables systems to maintain high traffic rates with extremely rigorous security. This stateful inspection technique has proved so effective that several of Check Point’s rivals license it for their own firewall products. FireWall-1 offers a range of solutions suitable for small networks through to vast global distributed WANs with hundreds of connections to the Internet. The system excels in its manageability with an excellent Windows-based management console that provides centralised control of every enforcement point across the entire network and automated replication of policy changes to each firewall. This sophisticated management service coupled with bullet-proof reliability and its inherent performance and security have led to a dominant market position for FireWall-1. Check Point FireWall-1 is available for Unix, Linux and Windows machines.

Click above to find out more about Check Point solutions

The hardware firewall market has grown enormously over the last few years with the availability of low cost Linux based appliances. These firewall appliances vary in sophistication from simple network address translation devices to rack-mountable devices capable of handling the demands of large data centres or ISP networks. Major hardware vendors have entered the market and some have had a significant impact. Pre-eminent in this group is Nokia which has carved out a large slice of the market with a range of appliances suitable for SOHO (small office/home office) environments to high end, high availability systems for large scale, mission critical deployments. Nokia firewall appliances use Check Point FireWall-1 and VPN-1 software running on hardened versions of the Linux operating system.

Click above to find out more about Nokia solutions

For less demanding applications Presence offers the Sonicwall range of firewall appliances. Sonicwall use the same stateful inspection packet analysis technology as the Nokia appliances under license from Check Point. The management and configuration systems for the Sonicwall devices are less sophisticated than the FireWall-1 management console but the level of security afforded by Sonicwall firewall appliances is comparable with the more expensive systems. These systems are ideal for stable network environments where the firewall is largely a “fit and forget” component with only infrequent reconfigurations or changes to the rulebase.

Click above to find out more about SonicWALL solutions

It is important not to forget that potential threats exist within the organisation too. Most networks hold commercially sensitive or personal information and a duty of care exists to protect these assets and data. Almost all networks rely on straightforward “user name and password” logins but this approach has limitations. It is common for our audits to show that many users on a network will know the identities and passwords for several of their colleagues. In many instances this might not be a problem but where sensitive information needs to be kept secure this simple method is insufficient.

Click above to find out more about ActivCard solutions

For these applications Presence provides strong authentication systems that provide a much higher level of login security. To address this need Presence offers the ActivCard token-based authentication system. ActivCard offers a combination of hardware and software that provides extremely secure login control for demanding environments. The hardware component is a small code generating device. When the user’s PIN number is entered into the code generator, the device responds by creating an authentication code which is required as the user logs in to the system. The PIN number will only work with the code generator allocated to the user and the authentication code changes each time the PIN is entered.

ActivCard delivers integrated solutions for strong authentication and trusted digital identities that extend existing identity management platforms, focus on reducing your costs and satisfy compliance regulations by increasing IT security administration and operations capabilities. ActivCard Secure Remote Access, Single Sign-On, and Enterprise Access Card solutions can be deployed as point solutions to meet a specific and immediate need, and they also seamlessly integrate together to bring a superior administrative and cost efficient experience to customers that exists no where else.