J.P. Schwartz - Click to go home
Advanced Options
Custom Network Design
www.jpschwartz.com home About J.P. Schwartz IT Consulting Custom Network Design Services IT Consulting and Network Design Resources Contact J.P. Schwartz
Tech Tips ‹ back

Firewall Overview

Defining what constitutes a firewall is confusing in part because the definition is so broad. Firewalls are simply a barrier between computer systems. In other words, just about anything that connects or monitors a connection between two or more computers can be called a firewall. Since not all firewalls are created equal, understanding the different features can help you decide what is best for your business.

Desktop or Personal Firewalls
Desktop or personal firewalls install on individual computers. The strength of desktop firewalls is that they are inexpensive, can evaluate which program is attempting to transfer data, and can protect a system from other internal computers. The trade off is that the computer hardware they are installed on may not be secure, it can slow the computer down, and maintaining a large number of individual computers with desktop firewalls may be difficult to manage.

Firewall Appliances
A firewall appliance sits between groups of computers, usually the internal computers and the internet, but it may also separate departments or public-access computers from internal-access only systems. These are usually thought of as network or hardware firewalls. The advantages are that firewall appliances are designed from the ground up as a firewall and tend to be a bit more secure. They have their own processors so their inspections don’t tend to slow down your computers, one device can protect hundreds of individual computers, and they tend to have more features than desktop firewalls. Some of the additional features include address translation, VPN abilities, VoIP traffic prioritization, and bandwidth control. The downside is they cost a bit more and they can’t protect internal computers from each other.

Network Security
A firewall can also be a group of systems that work together to provide network security. For example, on a large, high-security network, a main appliance may do address translation and stateful packet inspection, but it then passes all traffic to another box for virus scanning. That box sends email to be checked for spam and trade secrets, while web traffic is checked for content; secure web traffic is sent to a proxy for scanning and forwarding, and all traffic is sent through an application filter and intrusion prevention system to verify the traffic is what it claims to be. As a final step, internet traffic is sent through a device that manages bandwidth and provides detailed logs for the organization. All seven of these separate devices, when grouped together, could be considered a firewall.

For additional information or support please contact us at 303-482-1242.
Home | About | Services | Resources | Contact
Denver Computer Consulting | Custom Network Design | Network Services | Security Services | Server/Workstation Services
J.P. Schwartz, Inc. | PO Box 270429 | Louisville, Colorado 80027
303 482 1242 | 303 317 8830 Fax
©Copyright 2007, J.P. Schwartz, Inc. | Terms & Policies | Sitemap
Design by Tool Studios®
 tell a friend