Camera Phones Plaza

Ian Kilpatrick, chairman at Wick Hill Group, specialized in secure IT infrastructure systems, is known as a person with a strong vision of the future of Information Technology and he published a short study called What Firewall Do And What Firewalls Don't Do.
We read it and thought you might be interested in find out what exactly firewalls are able to do and what are their weak points.

As you already know, firewalls are meant to prevent unauthorized access to an Intranet, a private network, and it does this by analyzing all the incoming information in order to block what does not meet the security criteria.
This type of unauthorized data refers both at malicious users’ access as well as accidents from outside the network.

Let me give you a few firewall type examples:

- Packet layer: analyses network traffic at the transport protocol layer.
- Circuit level: validates that packets are either connection or data packets.
- Application layer: ensures valid data at the application level before connecting.
- Proxy server: intercepts all messages entering or leaving the network.

You can purchase packet only firewalls but these are not a secure solution for businesses and as threats evolved and come combined you would need a more powerful tool to face them.
Firewalls can protect the gateways, carry out defined security policies, segregate the activity between the secure network, the Internet and your DMZ (the protected zone midway between your network and the Internet, where you have the web or email server), hide internal network addresses NAT), and report threats and activity.

Now let’s take a look at the other aspect, what Ian Kilpatrick showed to be the negative aspects of firewalls.

The most threatening thing and most powerful is the combination of viruses, Trojan horses, worms, spyware/adware, phishing and pharming, which are activated with a simple click on an e-mail attachment or link.
There are powerful applications such as Fidjan that can protect against web sites containing malware and they check them before your click.
Specific DDoS software can guard against distributed denial of service attacks that flood with emails until the servers are overwhelmed.

The unauthorized access to a network can be prevented by strong authentication with tokens, while data encryption is the best solution when your laptop is lost or stolen.
It is complicated to implement so many prevention methods but a unified threat management device is the most recommended and is the right tool to keeps all malware outside the network.

The UTM consist of a firewall, VPN, anti-virus and intrusion detection/prevention.
In addition, the Super UTMs come with web filtering, SPAM blocking and spyware protection.
Compared with the costs of using several security options, a UTM is preferred because it is affordable, come with all the necessary ingredients in a single device, and one important aspect is that it is greener using less power.