In days of old, sometimes advancing armies would come across a castle they meant to conquer and find the drawbridge up and a moat filled with nasty beasts standing between them and their destination. They’d cross it eventually, using siege weapons and such, but on rare occasions they’d get the drawbridge down and find … another moat with another drawbridge.
Extra layers of protection were a great idea in medieval times, and they’re not too shabby a thought either when you’re protecting your computer against the advancing armies of adware, spyware, and malware that tend to lurk all over the Internet these days.
Anti-malware solutions are a great thing to protect against the most common forms of attack, but if you’re running an enterprise you usually need more firepower than the stuff they sell down at your local computer store. One such solution is the installation of a firewall. If the antimalware solutions are designed to catch all the tiny intruders trying to sneak through your defenses, you can envision the firewall as the big net that keeps the monsters from barging their way in. When hackers and cybercriminals go after bigger prizes like your company’s financial records, they often hit with a big opening punch first – such as a distributed denial of service (DDoS) attack to shut down your website while they try and swipe your records.
A firewall can pick up on a DDoS in many instances and act like that proverbial net to keep the big attack at bay.
More than One Firewall?
Like our friends with the multiple drawbridges at their castle, we must ask: If one firewall does so well, shouldn’t we use more than one to be that much more safe? It might seem a bit like putting a bandage on top of a bandage, but there is quite a bit of truth to the theory depending on what sort of setup your company is using.
Multiple firewalls can be used to protect infrastructures where there are different networks with different levels of sensitivity. For instance, your data center should have only one way in or out and that way should be carefully guarded at all times. But an employee intranet message board will have users coming from all over and will need a less sensitive setting to keep the system from gumming up and stalling every time someone uploads a funny video or a new avatar.
Firewalls on the outside of an organization are often called border firewalls in that they’re more keeping an eye on the in-and-out traffic than specifically denying access to any one part of the organization.
In order to identify the correct number of firewalls for your business, consider multiple variables such as how homogeneous the users are and what type of information is handled by the systems that make up the network. The more variations in users and the more variation in levels of sensitivity that are being kept under one “roof,” the more firewalls you will need to employ to maximize its security measures.