A net for the Net

With corporate data exchange on the rise, network security is one of today's top concerns. Firewalls can be a company's first line of defense.
(Page 1 of 3)

With all of the Internet's vulnerability, the best defense is a good offense when it comes to network security. "I have a little bit of a hacking kind of background," says Phil Reed, network administrator at Libbey Inc., a glass manufacturer and china and tableware distributor based in Toledo, Ohio. "So when we had our network up for a little while, I started poking around."

Reed helped to install the company's 1,100-user network back in 1996. But when he began testing it for vulnerabilities he either knew of or had heard about, "I tested just a few of those before I said, 'Whoops!'" he recalls, noting that Libbey's network was full of security holes. "I went firewall shopping immediately," he says. In early 1997, Libbey chose the FireWall-1 product from Check Point Software Technologies Inc., a leading firewall vendor in Redwood City, Calif.

Products in this article...

Check Point Software Technologies

Raptor Firewall 6.0
Axent Technologies

PIX Firewall
Cisco Systems Inc.

Firewalls act as a buffer between a corporate network and the Internet at large. These devices (either software or a combination of software and hardware) define the privileges of who can go where inside a network. "It provides a network administrator with a tool to protect the corporate data resources and network resources," says Greg Smith, group manager of product marketing for Check Point. "It controls access to a network."


The company: Based in Toledo, Ohio, Libbey manufactures glassware and distributes china and tableware. The company employs 1,100 people.

The problem: Potential security exposure in its burgeoning Web presence.

The solution: Check Point's FireWall-1. The system currently accommodates 85,000 to 100,000 accesses per day. (Most of these hits are from internal users surfing the Web for business reasons.)

The IT infrastructure: FireWall-1 runs on a Windows NT-based 166MHz Pentium machine.

As such, firewalls are usually the first security option that corporations turn to. "Firewalls in and of themselves have become a piece of the enterprise security pie," says Scott Reamer, Internet analyst for New York-based investment bank SG Cowen Securities.

Firewall use on the rise

Over the past several years, the firewall market has grown rapidly, so rapidly in fact that it has even surprised analysts. In 1998, the worldwide firewall market was expected to reach $636 million, according to estimates from International Data Corp. (IDC), a Framingham, Mass.-based market research firm, up from only about $150 million two years ago.

Growth was fueled by several factors: Businesses have been upgrading their firewalls as Internet use has matured; companies have installed multiple firewalls to improve availability and throughput; and both intranets and extranets have required additional security.

Although the top players have stayed pretty steady in terms of market share--with Check Point in first place and San Jose-based Cisco Systems in second--the market is anything but stable.

"It took us 18 months to set up the firewall..."
Lessons learned about firewalls
Mergers, acquisitions, and IPOs have been the order of the day for a year or more: Raptor Systems was acquired by Axent Technologies, Global Internet Software Group and its firewall product, Centri Security Manager Windows NT firewall, is now owned by Cisco Systems. And Trusted Information Systems's Gauntlet firewall is now part of Network Associates. Of the half-dozen major firewall vendors, only Check Point Software remains independent.

Such consolidation can't continue indefinitely. Still, many industry insiders believe that another wave of acquisitions may occur as vendors realize firewall (and, in general, security) technology can best be leveraged through consulting companies with expertise in the area.

Doing the job and doing it well

Reliance on firewalls as the most ciritcal tool to securing a network is declining as encryption and authentication become easy to install and support.
But do firewalls actually do the job when it comes to network security? It depends on how you define the job.

Firewalls do a pretty good job of protecting networks from already recognized threats. "But it's a policy thing," explains Ray Suarez, Axent product marketing manager. "For FTP and Web access, it's extremely secure. But for more complicated, specific ports in the Net for proprietary applications, it can be more problematic."

Furthermore, firewalls are effective protection only from outside attacks, and more than 50% of network incursions come from within a company--or from one of its business partners with network access. "It's a perimeter defense. Firewalls keep people out," says Suarez. "It doesn't do much [to screen unauthorized] users already inside the network." Other security measures such as intrusion detection are needed for inside jobs, according to Suarez.

So what does it take to implement a firewall in the real world? Because most firewalls are not plug and play, each one has to be configured to the specific company, and it's no easy task.

"It took us 18 months to set up the firewall," says Sergio Cortez, director of resource management at Litton, a defense and commercial electronics company in Wilton Hills, Calif. "It wasn't the expense of the firewall; it was that our infrastructure was weak." The company had to implement proper frameworks in order to install firewall policies.

Because of this weakness, setting policy and standards and "making a clean installation is what took longest," he adds. "We had to invoke some standards at the division level," says Cortez. "There was some apprehension and pain, but divisions had to comply."

Page 1 of 3

1 2 3
Next Page

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.