Firewalls commonly use two types of technologies ~ packet filtering and proxy. A proxy based firewall is inherently more secure, since it does not allow any direct connection to be established between the internal network and the outside world. Rather it accepts the incoming data at the door and then itself establishes a separate connection to the internal resource to carry traffic to and fro. It is akin to stopping the courier company representative at your reception, taking the parcel from him and delivering it through your peon to the addressee. The courier agent never gets to meet anyone on your staff except the receptionist, who acts like a proxy firewall. Since this process slows down the traffic, proxy firewalls are used primarily where security is the main concern and speed of access is secondary. Packet filtering firewalls are used more where network performance is also of importance. Hybrid firewalls too have been developed which try to combine the advantages of both types of firewalls, while avoiding their downsides.

The complexity and cost of second generation firewalls made them eminently suitable for large enterprise networks. They often required a great deal of expertise to set up properly and manage. Small and medium sized companies (with upto a 1000 computers on their network) were looking for a simpler and cheaper alternative that would not compromise on security and third generation firewall appliances seem to be the answer.

These are stand-alone appliances that are "plug and play, all-in-one boxes". They are a combination of hardware, operating system(OS) and firewall software that can be installed by a network administrator in less than an hour without any outside assistance. There are a wide range of appliances available depending on the exact size and performance requirements of the network. They bring good news on the cost front too ~ the total cost of ownership is approximately one-third that of a second generation firewall, since no separate computer or OS needs to be purchased. A wide range of value added services such as anti-virus, content filtering (blocking access to undesirable web sites), Virtual Private Networks, Vulnerability Scanning, bandwidth usage monitoring etc are available as optional extras on these appliances.

So which firewall should you buy? If you are a large enterprise then a traditional software firewall is probably the best bet. For all other situations, the firewall appliance merits a careful look, for if it can meet your requirements, it is probably a very cost-effective option that does not compromise on security.

Network traffic is made up of "packets", each of which has a header containing vital information such as the source address, a destination address and the type of packet.

<< previous page

TATA INFOTECH - TOTAL SOLUTIONS TOTAL COMMITMENT