posted on Aug, 6 2011 @ 03:57 AM
I can think of many reasons why a stand-alone hardware firewall is an absolute necessity for protecting even the smallest business network but five
reasons stand out against the rest.
First, from personal experience, it is too easy for hackers today to circumvent the software firewalls now standard in computer operating systems.
Second, without a stand-alone hardware firewall it will be impossible to ensure TCP port stealth against a port scan from the internet. The best
security is to appear to be invisible and when an unsolicited packet is sent to any device on the network, nothing should be sent back to the hacker.
It would be a maintenance nightmare to ensure that every network device independently show stealth properties.
Third, a stand-alone hardware firewall easily accommodates reassignment of your external IP address one or more times per day. Regular changing of
the external IP address combined with port stealth will thwart most external threats. Without a firewall the “keep alive” features in Windows
prevents dropping of the internet connection and will lock your network into the same external IP address day after day greatly reducing your
security.
Fourth, a stand-alone hardware firewall makes implementation of a private/public key authentication protocol, such as LDAP, easy to implement. LDAP
makes your network easier to maintain and greatly improves overall security. Private/public key authentication is required for computer networks
governed by the Sarbane Oxley Act.
Finally, the fifth reason is that a good hardware firewall is available for less than $200. IMO no business can justify not using a hardware
firewall.
Best regards,
Z
Note: If a fixed IP address is needed to accept customers uploads, for example, I suggest this computer be physically separate from the general
office hardware.