Firewalls Are Still Must-Haves In Today's Network Defenses


There have been articles circulating questioning the demise of firewalls. I’ll come right out and say that the accusations about these network security staples are ludicrous and dangerous. Statements like this, while sparking intriguing debate, may encourage security professionals to do-away with a tried and true firewall solution that has continuously proven to be effective.

The argument is more a play on semantics than anything else.  While it is true that a bare-bones firewall (block and allow ports only) is less than adequate for total network protection in even the most cookie-cutter network topologies, the term “firewall” has grown to encompass what is most commonly referred to as the layering concept of unified threat management. 

Windstream's Rob Anderson discusses firewalls and the complexities of today's security landscape.
Want to know more, contact us! 

The shortsightedness of this argument revels in the fact that firewalls are not especially effective at protecting against malware picked up via HTTP or HTTPS access—Ports 80 and 443. This is true, but the volume of other ports protected by a firewall need this security measure or else the floodgates are opened to all sorts of danger.

Look at large networks managed by enterprises. As more Web applications are relied upon for operations, so go the number of firewalls needed to protect these apps. This is because more apps equates to higher levels of bandwidth required to run them. This need for more bandwidth means it is necessary to have more firewalls to provide complete protection for the increased data traffic.

This growth in the need for more bandwidth is actually a call for organizations to install additional firewalls across their networks. To address bandwidth issues, implementing independent firewalls across your LAN and WAN networks, and internal servers has been used as a successful strategy because it reduces access risk and prevents any additional latency caused by network traffic jams.

What this strategy of mass firewall installations shows is that the volume needed to combat external attacks on a large network has increased dramatically—and it is needed. The following stats surrounding network security are alarming:

  • 98% of breaches in 2011 stemmed from external agents, with 69% of all breaches incorporating some form of malware (2011 DBIR Report).
  • 4,989 new vulnerabilities were discovered in 2011 (Symantec).

It’s clear that network security will continue to be a growing concern well into the future. This is unsurprising as malicious agents become smarter and more stealth.

The issue that must be raised in today’s Internet-driven society isn’t whether a firewall will protect a network (we know it does), but what are the additional security measures that must be added to effectively complement the firewalls’ capabilities? Security professionals must know the ports that the firewall doesn’t effectively protect, and what solutions work best to address those issues, with one of the solutions being the mainframe.

In 2011, 5.5 billion Web attacks were stopped—a 55% increase to 2010’s statistics (Symantec). With 4,595 attacks happening daily, network security professionals must be on top of their game. This includes being in the know about today’s top-of-line firewall solutions, as well as the additional security measures used to build upon the firewalls. Knowledge is power when it comes to network security. Those who stay informed have the best shot at staying ahead of the threats.