With all of the Internet's vulnerability, the best defense is a good offense when it comes to network security. "I have a little bit of a hacking kind of background," says Phil Reed, network administrator at Libbey Inc., a glass manufacturer and china and tableware distributor based in Toledo, Ohio. "So when we had our network up for a little while, I started poking around."
Reed helped to install the company's 1,100-user network back in 1996. But when he began testing it for vulnerabilities he either knew of or had heard about, "I tested just a few of those before I said, 'Whoops!'" he recalls, noting that Libbey's network was full of security holes. "I went firewall shopping immediately," he says. In early 1997, Libbey chose the FireWall-1 product from Check Point Software Technologies Inc., a leading firewall vendor in Redwood City, Calif.
Firewalls act as a buffer between a corporate network and the Internet at large. These devices (either software or a combination of software and hardware) define the privileges of who can go where inside a network. "It provides a network administrator with a tool to protect the corporate data resources and network resources," says Greg Smith, group manager of product marketing for Check Point. "It controls access to a network."
Firewall use on the rise
Over the past several years, the firewall market has grown rapidly, so rapidly in fact that it has even surprised analysts. In 1998, the worldwide firewall market was expected to reach $636 million, according to estimates from International Data Corp. (IDC), a Framingham, Mass.-based market research firm, up from only about $150 million two years ago.
Growth was fueled by several factors: Businesses have been upgrading their firewalls as Internet use has matured; companies have installed multiple firewalls to improve availability and throughput; and both intranets and extranets have required additional security.
Although the top players have stayed pretty steady in terms of market share--with Check Point in first place and San Jose-based Cisco Systems in second--the market is anything but stable.
Such consolidation can't continue indefinitely. Still, many industry insiders believe that another wave of acquisitions may occur as vendors realize firewall (and, in general, security) technology can best be leveraged through consulting companies with expertise in the area.
Doing the job and doing it well
Reliance on firewalls as the most ciritcal tool to securing a network is declining as encryption and authentication become easy to install and support.
Firewalls do a pretty good job of protecting networks from already recognized threats. "But it's a policy thing," explains Ray Suarez, Axent product marketing manager. "For FTP and Web access, it's extremely secure. But for more complicated, specific ports in the Net for proprietary applications, it can be more problematic."
Furthermore, firewalls are effective protection only from outside attacks, and more than 50% of network incursions come from within a company--or from one of its business partners with network access. "It's a perimeter defense. Firewalls keep people out," says Suarez. "It doesn't do much [to screen unauthorized] users already inside the network." Other security measures such as intrusion detection are needed for inside jobs, according to Suarez.
So what does it take to implement a firewall in the real world? Because most firewalls are not plug and play, each one has to be configured to the specific company, and it's no easy task.
"It took us 18 months to set up the firewall," says Sergio Cortez, director of resource management at Litton, a defense and commercial electronics company in Wilton Hills, Calif. "It wasn't the expense of the firewall; it was that our infrastructure was weak." The company had to implement proper frameworks in order to install firewall policies.
Because of this weakness, setting policy and standards and "making a clean installation is what took longest," he adds. "We had to invoke some standards at the division level," says Cortez. "There was some apprehension and pain, but divisions had to comply."