Who Needs a Firewall?

How to determine whether your organization needs a firewall for Internet security.

Charles Kelly, Philip Carden

November 1, 1996

2 Min Read
ITPro Today logo

To determine whether your organization needs a firewall for Internetsecurity, you must first assess the risks of your Internet connections. The fourmost common types of Internet connectivity in organizations are

  • dial-up Internet email connections using the UNIX-to-UNIX CoPy (UUCP)utility

  • individual dial-up accounts with online service providers (e.g., Prodigy,America Online, CompuServe)

  • individual dial-up PPP connections to an ISP

  • a full-time leased line (i.e., dedicated connection) to an ISP

Although all these connections represent a potential security hazard, themost risky are those that use TCP/IP as the end-to-end transport mechanism. Thisrisk results from TCP/IP transport mechanisms supporting a range of services,including services that hackers use. Full-time leased lines and dial-up PPPconnections use such TCP/IP connections. UUCP and online service providerconnections are generally safer because they use specialized transport protocolsfor part of the connection. Such specialized transport protocols usually supportonly the intended application and so limit the number of attacks possible overthe connection.

Note that individual accounts with online services can sometimes use TCP/IPas the end-to-end transport mechanism. If your organization uses such accountsfor Internet access, you can expose your internal network to significantthreats, even if your service provider implements security measures (e.g., afirewall between the service's system and the Internet). If online serviceprovider accounts or dial-up PPP accounts are starting to appear in yourorganization, the time has probably come to move to a dedicated Internetconnection that you can protect with a firewall.

Some ISPs provide a firewall service, which may be a cost-effective optionfor small companies. However, operating your own firewall lets you more easilymeet users' Internet-access needs so they won't be tempted to secretly installdangerous dial-up accounts. Any organization that's large enough to have aninternal IS staff and must provide Internet access beyond simple email needs afull, dedicated Internet connection that an onsite firewall controls. Inaddition, any organization that must tightly control access to or fromparticular departments or provide a dedicated network connection to an externalorganization over the Internet needs a firewall.

About the Author(s)

Charles Kelly

Charles Kelly

See more from Charles Kelly
Philip Carden

Philip Carden

See more from Philip Carden
Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.
Newsletter Sign-Up

You May Also Like

Editor's Choice

cloud-native
Cloud Native
How Cloud-Native Development Benefits SaaSHow Cloud-Native Development Benefits SaaS
byForrester Blog Network
Jun 28, 2024
3 Min Read
abstract string backgroud
PowerShell
Advanced String Manipulation Techniques in PowerShellAdvanced String Manipulation Techniques in PowerShell
byBrien Posey
Jun 28, 2024
3 Min Read
business person stamping a document
IT Operations
How to Get Executive Buy-In for IT ProjectsHow to Get Executive Buy-In for IT Projects
byChristopher Tozzi
May 28, 2024
6 Min Read