Who Needs a Firewall?

How to determine whether your organization needs a firewall for Internet security.

2 Min Read
ITPro Today logo in a gray background | ITPro Today

To determine whether your organization needs a firewall for Internetsecurity, you must first assess the risks of your Internet connections. The fourmost common types of Internet connectivity in organizations are

  • dial-up Internet email connections using the UNIX-to-UNIX CoPy (UUCP)utility

  • individual dial-up accounts with online service providers (e.g., Prodigy,America Online, CompuServe)

  • individual dial-up PPP connections to an ISP

  • a full-time leased line (i.e., dedicated connection) to an ISP

Although all these connections represent a potential security hazard, themost risky are those that use TCP/IP as the end-to-end transport mechanism. Thisrisk results from TCP/IP transport mechanisms supporting a range of services,including services that hackers use. Full-time leased lines and dial-up PPPconnections use such TCP/IP connections. UUCP and online service providerconnections are generally safer because they use specialized transport protocolsfor part of the connection. Such specialized transport protocols usually supportonly the intended application and so limit the number of attacks possible overthe connection.

Note that individual accounts with online services can sometimes use TCP/IPas the end-to-end transport mechanism. If your organization uses such accountsfor Internet access, you can expose your internal network to significantthreats, even if your service provider implements security measures (e.g., afirewall between the service's system and the Internet). If online serviceprovider accounts or dial-up PPP accounts are starting to appear in yourorganization, the time has probably come to move to a dedicated Internetconnection that you can protect with a firewall.

Some ISPs provide a firewall service, which may be a cost-effective optionfor small companies. However, operating your own firewall lets you more easilymeet users' Internet-access needs so they won't be tempted to secretly installdangerous dial-up accounts. Any organization that's large enough to have aninternal IS staff and must provide Internet access beyond simple email needs afull, dedicated Internet connection that an onsite firewall controls. Inaddition, any organization that must tightly control access to or fromparticular departments or provide a dedicated network connection to an externalorganization over the Internet needs a firewall.

Sign up for the ITPro Today newsletter
Stay on top of the IT universe with commentary, news analysis, how-to's, and tips delivered to your inbox daily.

You May Also Like