The lowdown on firewalls

Related Links

Internal security

What are they? Firewalls are network devices or a combination of hardware and software that control the flow of network traffic. They stop intruders and malevolent code, while allowing authorized users and applications to send data unmolested.

What's a virtual private network? A VPN is an encrypted network connection between two firewalls or a firewall and a client computer that provides a secure tunnel for network data to be passed back and forth. VPNs reduce the need for leased lines and dedicated dial-up numbers'and, as a result, reduce network operation costs. They also make e-government applications such as cross-agency collaborations and Web services easier to implement and more secure.

What is Network Address Translation? NAT is a technology within most firewalls that hides the network addresses of computers and other devices from the Internet'or the other networks on the other side of the firewall'behind a single IP address. It then routes specific types of network traffic to the appropriate servers connected to it. So, a response to a Web server request coming into a NAT firewall would appear to come from the address of the firewall, not the Web server.

What should you look for in a firewall? Three things: flexible security, support for VPNs and easy manageability.

Look for firewalls that can change how they screen network traffic based on new types of attacks and other threats, and integrate tightly with other security software such as intrusion detection systems, spam filters and virus checkers.

A firewall should also be able to support secure connections to the network from mobile users and remote offices. Make sure the firewall supports your network's chosen directory service and whatever public-key infrastructure you have in place for encryption and user authentication.

If you're managing a large network, look for firewalls that can be centrally managed with a single security policy or set of policies that can be sent out to and interpreted by all the firewalls in your network. Otherwise, just tweaking your firewall settings across the agency network may become a lifetime pursuit.

Related Articles

Reader Comments

Please post your comments here. Comments are moderated, so they may not appear immediately after submitting. We will not post comments that we consider abusive or off-topic.

Please type the letters/numbers you see above