Task Solutions of Enterprise Firewall Comparison- ITC292

Preview text

1
Ente rprise Fire wall Comparison
Students Name
University Name
Author Note
2
Table of Contents
Exec utive S ummary ………………………….. ………………………….. ………………………….. …………………… 3
Introd uc tio n ………………………….. ………………………….. ………………………….. ………………………….. ….. 3
Criteria fo r se le cting firewa lls ………………………….. ………………………….. ………………………….. ……… 4
Compa riso n o f firewa ll p rod ucts for e nterprise ………………………….. ………………………….. ………….. 5
Future tre nds in e nterp rise firewa lls ………………………….. ………………………….. ………………………….. 8
Reco mme ndatio n ………………………….. ………………………….. ………………………….. ………………………. 9
Conc lusio ns ………………………….. ………………………….. ………………………….. ………………………….. … 10
Re fe re nces ………………………….. ………………………….. ………………………….. ………………………….. ….. 11
3
Executive Summary
All organi za tio ns are concerned about data security. When a company creates an inte rne t
presence must require a network firewa ll . Using a network firewa ll, both channels of traffic on
such a network are protected. Customers are increasingly using virtua l equipment, virtua lize d
firewalls from Cloud services, and firewa ll as a service product h osted directly by manufacture rs,
despite the fact that these firewalls are typically imple me nted as hardware appliances. Network
firewalls have the following capabilities: Management and awareness of the applicatio n , Preve nt
the occurrence of intrusio ns De tection of advanced forms of malware (Ma et al., 2019) . Firewa lls
are often separated into two types: network -leve l firewalls that filte r traffic going through and
applicatio n -le ve l firewa lls that evaluate sent data and resend it as needed. A firewa ll migh t be one
kind or a combinatio n of both, depending on the needs of an organi zatio n.
Introduction
A firewa ll is a system of software that protects a network. Its main job is to look at
incoming and outgoing traffic and decide whether to allow or prohibit it based on rules. It is
intended to be used in conjunctio n with existing firewa lls on the network to provide additio na l
security against oncoming vehicle s from outside sources. It keeps potentially dangerous data off
the local network, even though it origin ates through the Internet (Saba et al., 2021) . This discussio n
examines the criteria for choosing firewalls, comparisons, and future developments in firewalls in
this study. Firewalls have been an important part of the very first line of defence against po ssib le
attacks since the dawn of informa tio n security. They might be actual hardware, softwa re
applicatio ns, or both.
4
Criteria for selecting firewalls
The firewall is an important part of any IT system. The firewall performs the functio n of a
barrier betw een the internal computer network and the public Internet. They provide administra t io n
of the network with total control placed above a white just who may enter and leave the network
and over what can be brought into the network (Thapa & Mailewa, 2020) . In this way, it offe rs
protection against threats origina ting from the outside and inside. To defend Organizatio n Tech’ s
network, it is suggested that firewa lls meet the following criteria :
Size of the Business
Every company is differe nt. When c hoosing whether or not to acquire a firewall, consider the
firm’s size . No matter how big or small a company is, it needs a mechanism to protect its systems.
Businesses with less than 50 employees may usually get by with SOHO firewalls (Vartouni, Kashi
& Teshnehla b, 2018) . For large organi zatio ns, an entrepreneuria l firewall may be a wise
investme nt.
Network accessibility
Companies r isk preventing critical communica tio ns from getting through if consumers restric t
their network mobility. This is a danger that come s with limiting one’s mobility. Comple x
informatio n received over the Internet need s an Internet infrastructure to handle that sort of traffic .
BYOD policies
The BYOD (bring your device) policy for working remotely Allowing workers to work from any
locati on is becoming increasingly common. Corporations provide computers to their workers more
often, making this task simpler. Many vulnerab le locations, such as public Wi -Fi hotspots, railwa y
stations, airports, and even at home, are being exploited by cybercr imina ls, even places where only
5
members of the user’s immed ia te family have access. The corporation owns all its assets (Varto uni,
Kashi & Teshnehlab, 2018) . All of these variables put the computer in greater danger.
The threat is always changing, so offer ing cybersecurity services is not a good idea . The grea t
majority of businesses lack the time and resources to stay abreast of current threats. This is
particularly useful for small businesses with limited IT resources. If a user first considers what the
firm requires and how reliable the provider is in this area, selecting the correct firewall for a loc a l
company with low IT abilities is not diffic ult.
C omparison of firewall products for enterprise
1. Fortinet FortiGate
It is the option with the lowest c ost. Next -generatio n firewa lls are becoming more popular amo ng
large and medium enterprises (Singh, Chugh & Kathuria, 2019) . These firewalls incorporate a
variety of functio ns, such as web filtering and vulnerab ility assessment.
Advantages : Organizatio ns o f all sizes may use Fortinet since it is less expensive than its
competitors and has a wider customer base, includ ing smaller -sca le businesses. A cheaper
alternative is often considered to be Fortinet. FortiGate’s user interface has been lauded for its
sim plic ity , making it more accessible to newcomers.
Disadvanta ge : Customers who use FortiGate’s graphical user interface (GUI) claim it is less user –
friend ly than the firewall’s command -line interface (CLI) (Griffiths, 2021) .
2 Cisco ASA
6
Customers who want little maintena nce will find this is the most convenie nt choice. Whe n
discussing the market for firewa lls, Cisco is a necessary component to include (Widianto &
Sulistyo, 2021) .
Advantages: To ensure a smooth installa tio n, evaluators often highlight ASA li ne s. Establis h in g
and mainta ining VPN connections over a firewall is a straightforward process. Other products’
VPN services are more diffic ult to use than the one included with the ASA series.
Disadvanta ges: Although ASA is an effective conventio na l netwo rk firewall, it lacks next –
generatio n features. Complaints from customers have shown that Cisco’s applicatio n firewall has
a few shortcomings. Online forms, such as websites or computer portals, need these capabilities if
a company intends to do business.
3. Palo Alto Network s
The Next -Generation firewalls offered by Palo Alto Networks are created to offer layered security
(Vengatesan et al., 2020) .
Advantages : The additiona l capability that Palo Alto provides is a major selling point for the
company’s commercia l clients. In particular, the applicant’s capacity to filter, analy ze, and identify
dangerous content sets it apart from its rivals in this market.
Disadvanta ge : Palo Alto’s prosperity has resulted in a rise in complexity. Many users find it
diffi c ult to use because of the complexity of VPN setup and manageme nt .
4. Zscaler Internet Access
Remote and scattered teams will have the option of using a cloud -based firewall that offers the
latest in cybersecurity with this technology.
7
Advantages : Users often raise concerns about the network’s confidentia lity and DNS security
(Chkirbene et al., 2021) . Real -time compression helps keep speeds high while allowing for fine –
grained control of both throughp ut and content.
Disadvanta ge : Because of limited adapti on, users of Linux and macOS have a diffic ult time
automating their authentica tio n procedures.
5. Merak i MX from Cisco
Cisco’s Meraki firewalls compleme nt the base product, meant to service remote locations and sma ll
enterprises. Features like remote admin istratio n and SD -WAN capabilities are emphasized while
looking at this category.
Advantages : Meraki is easy to set up. This is crucial if users set up the network and firewa ll in
many locations . Meraki’s ability to serve remote users and manage them easi ly makes this muc h
more stunning .
Disadvanta ge : Cisco’s Meraki cannot handle certain circumsta nces and conditions. For examp le ,
firewalls have had issues with complex software issues and vulnerab ilities.
6. OPNSense
SonicWALL has made a name for itself in the security sector by providing everything fro m
firewalls to anti -spam systems.
Advantages
OPNsense seems to be stronger at adding new features and has a more appealing user interfa c e
than its competitor.
Disadvanta ges
8
There was nothing that liked about the concept that users had to customize everything via the GUI.
Other programmab le firewa lls, such as FortiGate, have served well. OPNsense is not a simp le
system to set up and mainta in.
7. SonicWall
Advantages
SonicWALL, Inc. is a market leader in various data protection, secure remote access, and
sophisticated network security technologie s (Chkirbene et al., 2021) .
Disadvanta ges
Network administrato rs can use SonicWall’s Content Filtering Service (CFS), enabling them to
block websites in categories that t hey find undesirable or unsuitab le (Haerens & Mannaert, 2020) .
8. Sophos Firewall
Advantages
The Sophos Firewall provides the highest level of security against the most recent cyberattac k s
and hacks (Haerens & Mannaert, 2020) .
Disadvanta ges
Managing a number of differe nt authentica tio n service providers are very diffic ult .
Future trends in enterprise firewalls
Firewalls can be impleme nted as both hardware and software appliances, but they must be
able to conduct real -time internet traffic inspection wi thout reducing throughp ut from the
9
perspective of a system administra tor (Alqahtani et al., 2020) . Due to the enormous number of
rules that continua lly filter data packages, network speed is negative ly impacted.
The f uture firewa ll had to be able to distin guish between legal and illegitima te traffic automatic a l ly
to find and block previously unknown threats (Gaudet et al., 2020) . Even though firewalls can scan
for anti -malware threats, the current network classificatio n performance needs to be tackled befor e
imple me nting this technology .
Multifunctio na l firewalls that are capable of performing other functio ns in addition to intrus io n
detection will gradually come to include other threat -preventio n technologies. One thing is clea r
in light of the widespread u se of high -speed Internet at this time: Powerful firewa lls, regardless of
whether they are software or hardware, will need to be able to filter data at a rate of at least 10
gigabytes per second within the next couple of years (Alqahtani et al., 2020) . It is unavoidab le tha t
the breadth and depth of firewa lls’ capabilitie s and functio ns will increase with time , and this trend
is likely to continue.
Recommendation
The most effective firewalls for small size companies are –
1. Fortinet Firewall
2. Palo Alto Networks
3. OPNSense
4. SonicWall
5. Meraki MX from Cisco
The most effective firewalls for medium size companies are –
1. Palo Alto
10
2. FortiGate
3. Cisco ASA
4. SonicWall
5. Sophos Firewall
The most effective firewalls for large size companies are –
1. Palo Alto Networks
2. Fortinet FortiGate
3. Cisco ASA
4. Zscaler Internet Access
5. SonicWALL
Conclusions
In Conclusio n, Firewalls have become an increasingly significa nt component of an
organiza tio n’s overall network security strategy as the Online world becomes more integrated into
corporate operations. Modern firewa lls are usually software programmes connected to the
comp uter or are already built into the operating system. This is meant to let certain items get
through one network to another while filtering out others depending on particular “rule s ”
established by the network’s creator or an administrator. Individ ua ls’ capacity to create rule s
enables a firewa ll to fulfil various functio ns. This enables for differe nt cybersecurity requireme nts
for different networks.
11
References
Akbar, M., & Ridha, M. A. F. (2018). Sql injectio n and cross sit e scripting preventio n using owasp
modsecurity web applicatio n firewall. JOIV: International Journal on Informatics
Visualization , 2(4), 286 -292. http://dx.do i.o rg/10.30630 /jo iv.2.4.107
ALHARBI, A. S. Web Applicatio n firewa ll: From Problem Statement to System Design.
https://www.researc hgate. ne t/pro file/Abd ulla h -Alha rb i –
47/publicatio n/347905307_Web_ App licatio n_ fire wa ll_Fro m_Prob le m_S tate me nt_to_S y
stem_Design/links/5 fe6694a299b f140884402d5/Web -App li ca tio n -firewa ll -Fro m –
Problem -Stateme nt -to-Syste m -Design.pd f
Alqahtani, H., Sarker, I. H., Kalim, A., Hossain, M., Md, S., Ikhlaq, S., & Hossain, S. (2020,
March). Cyber intrusio n detection using machine learning classificatio n techniq ue s.
In International Conference on Computing Science, Communication and Security (pp.
121 -131). Springer, Singapore. https://link.springer.co m/c hap ter/10.1007/978 -981 -15 –
6648 -6_10
Chandel, S., Jingji, Z., Yunnan, Y., Jingyao, S., & Zhipeng, Z. (2019, October). The golden shie ld
project of china: A decade later — an in -depth study of the great firewall. In 2019
International Conference on Cyber -Enabled Distributed Computing and Knowledge
Discov ery (CyberC) (pp. 111 -119). IEEE. DOI 10.1109/CyberC.2019.00027
Chkirbene, Z., Hamila, R., Erbad, A., Kiranyaz, S., Al -Emadi, N., & Hamdi, M. (2021, June).
Cooperative Machine Learning Technique s for Cloud Intrusio n Detection. In 2021
International Wireless Co mmunications and Mobile Computing (IWCMC) (pp. 837 -842).
IEEE. https://jo urna lo fb igda ta.sp ringerop e n.co m/artic les/10.1186 /s40537 -021 -00448 -4
12
Gaudet, N., Sahu, A., Goulart, A. E., Rogers, E., & Davis, K. (2020, May). Firewall configura t io n
and path analysis for smartgrid networks. In 2020 IEEE International Work shop Technical
Committee on Communications Quality and Reliability (CQR) (pp. 1 -6). IEEE.
https://c ypres.e ngr.ta mu.ed u/wp -conte nt/up load s/sites/229/2020 /10/Appe nd ix -3-
IEEECQR_paper1_fire wa lls.pd f
Griffiths, J. (2021). The great firewall of China: How to build and control an alternativ e v ersion
of the Internet . Bloomsbury Publishing. ISBN:9781350257931, 1350257931
Haerens, G., & Mannaert, H. (2020). Investiga ting the creation of an evolvable firewall rule base
and guida nce for network firewa ll architecture, using the normalized syste ms
theory. International Journal on Adv ances in Security , 13 (1&2), 1 -16.
http://72.52.166.99/artic les/sec_ v13_ n12_2020_1.pd f
Ma, X., Fu, X., Luo, B., Du, X., & Guizani, M. (2019, December). A design of firewall based on
feedback of intrusio n detection system in cloud environme nt. In 2019 IEEE Global
Communications Conference (GLOBECOM) (pp. 1 -6). IEEE.
https://do i.org/10.1109/GLOBECOM38437.2019.9013771
Saba, T., Sadad, T., Rehman, A., Mehmood, Z., & Javaid, Q. (2021). Intrusio n detection syste m
through advance machine learning for the Internet of things networks. IT
Professional , 23 (2), 58 -64. https://do i.org/10.1109/MITP.2020.2992710
Singh, P. B., Chugh, U., & Kathuria, M. (2019). A review on intrusio n detection system. Int. Res.
J. Eng. Technol.( IRJET) , 6, 1351 -1358. https://ijsret.co m/ wp –
content/up loads/2022/01 /IJS RET_ V8_ issue1_128.pd f
13
Thapa, S., & Mailewa, A. (2020, April). The role of intrusio n detection/prev e ntio n systems in
modern computer networks: A review. In Conference: Midwest Instruction and Computing
Symposium (MICS) (Vol. 53, pp. 1 -14).
https://wvvw.easyc ha ir.org/p ub licati o ns/preprint_do wnload /jMT5
Vartouni, A. M., Kashi, S. S., & Teshnehlab, M. (2018, February). An anomaly detection metho d
to detect web attacks using stacked auto -encoder. In 2018 6th Iranian Joint Congress on
Fuzzy and Intelligent Systems (CFIS) (pp. 131 -134). IEEE.
https://do i.org/10.1109/CFIS.2018.8336654
Vengatesan, K., Kumar, A., Eknath, K. H., Samee, S., Vincent, R., & Ambeth Kumar, V. D.
(2020). Intrusio n detection framework using effic ie nt spe ctral cluste rin g
technique. Adv ances in Parallel Computing , 37 , 98 -103.
https://ebooks. io spress. nl/pd f/do i/10.3233/APC200125
Widianto, T. K., & Sulistyo, W. (2021). Impleme ntasi Iptables Firewall dan Intrusio n Detectio n
System Untuk Mencegah Serangan DDoS Pada Linux Server. MEANS (Media Informasi
Analisa dan Sistem) , 19 -23.
http://103.76.21.184/inde x.p h p /Jurna l_Mea ns/artic le/vie w/1231
Wu, M., & Moon, Y. B. (2019). Intrusio n detection system for cyber -manufac tur in g
system. Journal of Manufacturing Science and Engineering , 141 (3).
https://www.researc hgate. ne t/pro file/Mingta o -Wu –
7/publicatio n/329201675_Intrusio n_De tec tio n_ fo r_Cybe rMa nufact uring_S yste m/link s/5 f
acb66ca6fdcc9389ab3552/Intrusio n -De tectio n -for -CyberMa nufac turing -S yste m.pd f