Whether you are a provider of general IT services, an MSP, or if you specialize in managed security services also known as an MSSP (which sounds cool but unfortunately doesn’t mean you are managing MI6 like M in a Bond movie), one of the major components of the security system you manage for your clients is going to be firewalls of one kind or another.
To quote Wikipedia, a firewall is a:
“software or hardware-based network security system that controls the incoming and outgoing network traffic by analyzing the data packets and determining whether they should be allowed through or not, based on applied rule set.”
Which means when you are managing a firewall you could be doing anything from fiddling with arcane configuration settings in a text file or command line, to clicking some big shiny buttons on a fancy interface with a smart wizard to make it all automagically work for you. These firewalls can be installed on a server or desktop PC, or can be dedicated appliances protecting your network in the office or datacenter.
Those which are typically installed on a desktop computer include apps like ZoneAlarm, Avast and AVG while commonly on a server running Linux for example you would likely be dealing with IPtables which is a whole lot of fun! Fortunately there are some wrappers for IPtables which aim to make it just a tiny bit less complex, for example CSF which is popular on CPanel servers (but doesn’t require it) and UFW which is widely used on Ubuntu and others of that ilk.
On the hardware side there is of course the big names you’d expect in this space such as Cisco as well as Checkpoint which does a nice line in firewalls for small to medium sized businesses, and Fortigate which also has a nice range from the entry level 100 series and on up to the big and expensive enterprise systems. I’m quite partial to the Fortigate solution and use it with a number of clients where suitable, for example in the datacenter protecting their servers or in their office protecting the corporate network. It’s easy to remotely manage with a web based interface as well as command line (ssh) and a VPN.
These days as with other aspects of computing, “The Cloud” has moved into the firewall arena as well in the form of Cloud Based Security Services such as that provided by CheckPoint and others and for a monthly fee your network security is handled for you or of course for your clients if security is not your area of expertise. If it is your area then the many MSSP tools around these days will be right up your alley.
With the prevalence of ever more advanced (while also easier to use) security scanning tools it is something of an arms race in the computer security world so you have to stay up to date with the latest happenings in order to fully protect your own systems and those you manage for your customers, from malicious hackers and script kiddies, not to mention a widening array of three letter agencies as well!