“Mr. Gorbachev, tear down this wall!” President Ronald Reagan’s June 12, 1987 speech came amid political and societal tensions between East and West Berlin, over the wall used to separate them. Though we are talking about a different kind of wall (network firewalls to be exact), we can still appreciate his wisdom!
Firewalls and routers perform many of the same basic functions. You’ve probably heard of both from either pop-culture or your local internet service provider. But what’s the difference? Why is having a firewall a must if you transmit or store sensitive data? And how can having a managed firewall increase your productivity?
In most cases, both firewalls and routers connect to your ISP and are issued the public IP address (or multiple addresses for some businesses). They then pass out local, private IP addresses to the devices within your network (read more on public via private IP addressing here). Both also have the ability to forward traffic on specific ports if you host a web server on your network for example, or need ports forwarded for a credit card machine or other devices. Both also are typically configured by default to drop any inbound traffic coming from the outside world, unless it was requested by a device on the inside. The biggest difference is a feature called Stateful Packet Inspection (SPI), or the ability to not only forward traffic or drop it, but actually look inside of the packets going in and out of your network and match them against malicious code or destinations in real-time. This type of in-depth review can catch viruses, malware, privacy violations, attempted breaches, and much more.
Because firewalls can look inside of the traffic and inspect it in real time if those features are enabled, it helps to block and shut down malicious content before it’s able to execute on the machines in your network. If a user clicks on a page that looks legitimate but it’s actually linked to a site infected with tracking scripts or malware, while a router will simply fulfill the request to visit the site a good SPI firewall will see the malicious portions of the traffic and terminate the connection. Also, some firewalls from Ubiquiti, Sophos, and Meraki can be configured to block specific types of traffic (like blocking social media access in a corporate office). These added layers of security intelligence are critical to protecting your network against attacks with the potential to leak data, steal user credentials, or compromise internal systems that store and transmit payment or customer data.
Having a managed firewall can also increase your productivity! By ensuring that only corporate data is accessible on the corporate network, you can increase focus and foster positive work habits. Utilizing remote-user VPNs, employees can securely use work resources from home (or anywhere with internet!). If you have multiple sites, you can use firewall systems to automatically create site to site VPN’s to link access to servers with little overhead. Integrating this with other enterprise features like automatic failover for your internet connection ensures your business remains protected and efficient without you needing to worry!
In conclusion, a router is good at many basic networking functions, and if you don’t deal with business-critical data, they can be a great low-cost alternative. But for a modern business that demands more features and prioritizes security, a solid firewall is an investment that will last and pay for itself many times over.