Managed Firewall – Cedar Rapids, IAAdam2017-09-05T08:11:05-05:00
IT Pro Care Managed Firewall Cedar Rapids, IA
Many small businesses start with a consumer grade router with some basic firewall functionality. The problem with this is consumer grade equipment offers very little protection to networks. They are designed to be plugged in and easy to use. The difficulty with security is finding the balance between usability and security. These days basic routers are not enough to protect your network as they only block unsolicited external connections. For home use this is typically okay.
However most malware these days are triggered by the user unknowingly making an outbound connection (such as clicking a bad link on a website) to a malware server which allows the malware to penetrate the network easily since you created the outbound connection, which will allow the malware into your network.
Networks now require much more sophisticated routers/firewalls. The term for the new security oriented firewalls is Next Generation Firewall “NGFW” or Unified Threat Management “UTM” These terms can be used interchangeably. We will use UTM for the remainder of this article. UTM’s are firewalls that have much more to offer in the security aspect such as:
This allows blocking of content based on categories such as porn, gambling, social networks, videos, shopping sites, and other work inappropriate content at the firewall or edge of the network. Allowing access to inappropriate content can reduce productivity, create distractions or even lead to legal action. Content Filtering is a fast, easy, and effective way to ensure that your users are not abusing your network use policies.
Secure Remote Access/VPN
Remote access is becoming more and more of a requirement for businesses whether for connecting multiple offices for file and resource sharing or for “road warriors” to connect to the office for backups, applications, software updates or file access. The old way of using Remote Desktop Protocol “RDP” is very insecure and is strongly advised against as it’s fairly easy to gain access for malicious activity. Using a VPN is much more secure as it requires a user and server certificate as well as a username and password to be able to connect, all while being fairly easy to configure.
We all know that anti-virus is required on end user machines and servers, but adding another layer of anti-virus at the firewall level greatly reduces the chance of malware getting to the end user machines and therefore makes the network much safer.
Many banking scams are done via a phishing scam, where you receive a legitimate looking email asking for personal or confidential information. They hackers then use that information to access bank accounts or use the information to request money transfers to foreign accounts. Phishing Blockers will block emails that appear to be phishing emails by scanning for senders domains as well as email contents so that the scam emails are blocked before they get to your inbox. This is a good addition to hosted email filtering.
80% of all email is either spam, phishing or email fraud, causing each of your users to waste an average of 100 hours per year cleaning out their inbox. For even a single user, a spam filter quickly pays for itself in reclaimed productivity, not to mention reduced frustration and actual financial losses. Arm yourself against the criminals who are filling your inboxes and wasting your time. This goes hand in hand with the phishing blocker as another layer of protection.
Application Control allows you to block certain applications on the network by protocol and deep packet inspection “DPI” rather than by URL for a much better effectiveness, enabling it to accurately identify thousands of common applications such as social networking, P2P, instant messaging, video streaming, file sharing, enterprise applications and much more. This works in conjunction with the content filter function.
We install an ad blocker on all of our managed client computers for various reasons such as increased browser performance, and increased security by blocking malicious banner ads and decreasing network traffic per end point. Using an ad blocker at the firewall level ads another layer of filtering and further decreases bandwidth usage, end user computer resources and increases security.
Internet users download the same web content (images, pages, embedded content, text, etc.) over and over again. Web caching speeds browsing performance by caching these static elements and serving them locally. Web browsers all use local web caches to accelerate browsing performance. Firewall web caching works the same way across your network, enabling cached elements to be shared by all users on your network. Reduced bandwidth is nice, but faster page loading—resulting in happier users—is the real reason you should use web caching.
Competing traffic impacts the quality of your network . Managing the priority of business, recreational and inappropriate traffic before it impacts the network experience of your users allows for a better experience. Video, streaming media, gaming, and file sharing can quickly use up your bandwidth, bringing your network performance to a crawl. Bandwidth control puts you in charge of your bandwidth allocation. It starts with tracking and monitoring bandwidth usage, enabling you to pinpoint the problem applications, websites or users and prioritizing traffic.
If you have two or more WAN “internet” connections you can use WAN balancing to split the load across all of your internet connections. This allows you to bond multiple connections and use them as a single connection. This is great for when you can only get a low speed connection for example 5 Mbps, however you are allowed to purchase two 5 Mbps connections and use WAN balancing to provide a 10 Mbps effectively doubling your internet speed.
What happens when your Internet connection goes down? Does your business grind to a halt as angry users call on you asking what the problem is and when it will be fixed? Do you call your ISP and complain, but they give you an estimate in hours? We’ve been there too! That’s why a WAN failover solution is the best way to deliver the best Internet connection up-time and user productivity. With WAN failover you can have a high speed connection from one provider and a slower, lower cost connection as a backup. When the high speed connection goes down, the firewall will automatically switch to using the lower speed connection so that your employees can continue to do their jobs. Depending on your needs you can use two high speed connections for failover as well, this is dependent on your needs.
Reporting is a huge part of many compliance requirements, whether PCI-DSS, HIPAA, SOX, etc. Consumer level routers/firewalls do not even come close to meeting the reporting requirements for these compliance regulations. Also reporting allows you to get a good understanding of what is really going on, on your network such as what devices/users are using all of your bandwidth and what sites are most visited as well as reporting on all of the various modules mentioned above which really helps track down malware infections and nefarious network traffic which helps resolve any network issues.
Intrusion Detection and Prevention
Intrusion detection and prevention blocks hacking attempts before they reach internal servers and desktops. Our signature-based intrusion detection and prevention allows us to provide 24/7 network protection from hackers.