Best Practices in any IT realm refer to what you should do. Best practices are always rained in by budgets and circumstances though so let's talk about real-world best practices regarding your choice in a firewall.
Best practices for a minimum standard
- Have some kind of network firewall in place that goes beyond simple network address translation
- Enable built-in firewall software on your client systems, whether mac, windows, or Linux
Table of Contents
When to use your ISP’s firewall
- If you have zero money or time
- At a minimum, change the default admin username and password
- Turn the firewall feature on if present, and configure basic rules to deny incoming traffic
- Change the default Wi-Fi SSID and password
At a bare minimum, turn on the firewall you have already. If that is the ISP's device so be it but turn it on. Also, enable the built-in firewall on your Mac OS, Windows, or Linux based computers. The software's free and sometimes as easy to enable as a single checkbox. If you plan to use the ISP's router or any network equipment you didn't personally configure please change the default administrator user name and password. These defaults are well known and documented for use by literally anyone who cares to try. Turn on the firewall feature in your ISP's router if present change the network name and the admin name and password and if you've enabled the wireless network feature on the ISP's equipment, change the Wi-Fi access password and SSID.
Document everything in real-time as you're making changes and find a way to document case sensitivity, spaces, and anything else that may not be clear in your documentation.
When to Move at a home security appliance
- You have around $200 to spend at home on data security
- You have a day available to spend setting this up
- You are familiar with technology and willing to troubleshoot with tech support
It's time for you to move to a home security appliance if you have about $200 extra to spend at home on data security and you have about a day available to spend setting things up. You have to be familiar with technology at a minimum and be willing to troubleshoot with tech support on the phone if things don't go exactly the way they described in the documentation. This option is for the mom or dad who wants to protect the home front. These options have great tools, easy to read reporting, real-time notifications, and things like parental controls and child screen time schedulers that make this a no brainer for this use case.
When to go pro at home or business
- Your internet connection speed exceeds the capacity of lower-cost firewall and router options
- You have the money to pay a professional for setup and admin
- You require an SLA from your security vendors
- You need pro-only features
If you're a home or small business network of down speed or perhaps 75 total devices with IP addresses. That would include the printers, video cameras, DVR's, and streaming music devices. Well, an enterprise-class router and firewall will better meet your needs. When planning which device to get remember that the firewall should be capable of handling slightly more speed up and down that you have from your internet connection.
When to go Open Source Firewalls
- Prioritize high value and low cost
- Like new challenges and learning something with a vibrant community, accessible support options, and great documentation
- You know you can, and you will push through frustration to achieve
Going open-source enables you to get an enterprise-class device at a fraction of the price of the big firewall manufacturers. All of this comes at a cost measured in the perception of risk while pfSense once such open source firewall platform may be potentially every bit as good as options from the top five network security vendors. Your success depends largely upon your learning and effectively deploying the device with the support of great documentation a friendly community of like-minded administrators and solid tech support. However, there is also some other open-source software available that you can find out by search online.
When to install distributed firewall
- If you believe your network firewall could be compromised
- If you believe attacks could come from your user, or if you believe physical access to your network is easily compromised
- If your user leaves your network with devices contains sensitive data
If you're a large organization with the budget to handle it, a distributed firewall is for your period. Zero trust networking is a concept every network admin should learn. Zero trusts assume that no network is safe because any network can be compromised and will be so eventually. A distributed firewall can mitigate that threat so if you can afford the cost I recommend deploying a distributed firewall in conjunction with other compatible security measures like a traditional network firewall comprehensive intrusion prevention and detection at the edge of the network as well as artificial intelligence-based network analysis.
Make a choice and take action
- The biggest danger is staying exposed
- Act quickly
- Update firewall frequently, and if you aren’t a full-time firewall admin, set your firewall to receive updates and apply them automatically
The greatest danger is not doing anything. Staying exposed. Make a choice on how to proceed. Act quickly and then update and maintain your network security once it's up and running it's only as good as the latest security patch you applied. So be sure updates are installed as soon as they're available.