Many small businesses and nonprofit organizations, especially those without consistent IT budgets, find themselves purchasing IT hardware from their local office supply store. On the surface this appears to be a great solution as equipment is readily available, and it fits neatly within the available budget. Unfortunately this convenience comes at a steep price. Most often these items are designed for home use, and are inadequate for the greater demands of a business. One particular item of concern is your network firewall. An off-the-shelf firewall may be perfectly suited for the demands of a home environment, but have significant shortcomings when challenged with securely protecting a business and its associated network.
For example, let’s consider a generic retail firewall product. Typically this class of firewall will handle data throughput at about 10 Mbps. That sounds great until one learns that an entry-level business-class firewall will handle data at 150 Mbps. That’s not saying that it would be exactly 15 times faster, but it’s this data processing & inspection part of the firewall where the retail units simply don’t have the horsepower to handle a lot of data. A more powerful firewall would definitely be faster.
Support is another important issue. The retail unit may work fine, but if a problem does occur, support can be spotty at best – with long hold times to talk to someone likely located in another country, reading canned support tactics from a manual. Open the user manual for a retail unit and you’ll find limited help and then a page directing you to an internet site for additional information. That can work fine – until you realize that if the firewall is broken or not-yet-installed you likely can’t reach the Internet. Time to visit your friend’s house or hack onto your neighbor’s wireless hotspot (ok – don’t do that!).
Companies manufacturing business-class firewalls offer 24/7 phone support, and for network-down type emergencies you’ll quickly find yourself talking with a well-trained engineer who’s ready and able to get your network back up and running. If the underlying hardware has failed (don’t mention the coffee stains) you’ll find that hardware support varies from next-business day replacements to four-hour on-site replacement.
Firewall manufacturers release upgraded firmware for their products to ensure that bugs are fixed and newly-discovered security holes are closed. Retail units typically get firmware updates once every year or two while business products are updated much more frequently. As with most technology, newer is better so this is again a clear advantage for a business-class firewall.
Retail units do provide the basic firewall functions, but business firewalls have more of the features and functionality necessary for defending a business network, including: VPN, more granular NAT/PAT control (Network Address Translation and Port Address Translation), and the ability to work with blocks of IP addresses. These features are needed to provide secure remote access, and to support servers handling such critical functions as email and web sites. Business units generally have some kind of threat detection intelligence that looks for potential attacks and stops them -retail units do not.
It is quite possible to “get by” with a retail class firewall, and it may work fine for years without failure. But if Internet, email, and/or remote access are a vital part of your business, then you risk putting all your eggs in one cheap basket and potential point of failure. We’ve seen plenty of retail units fail or start acting flakey in short order, but business-class units generally will last for years without a hiccup. A business-class firewall gives much better performance, better security and reliability, more features and functionality, and much better support if there ever is a problem.
Seitel Systems provides network, server, telecommunications, and desktop services that include system design, implementation and support. Seitel Systems has been serving Puget Sound businesses, government agencies, and non-profit organizations since 1990. Contact us at http://www.seitelsystems.com.