Filter
Top Products
VPN
Issue 6 January 2008 301
Firewall technologies
To reduce security risks, appropriate network access policies should be defined as part of
business strategy. Firewalls can be used to enforce such policies. A firewall is a network
interconnection element that polices traffic the flows between internal (protected) networks and
external (public) networks such as the Internet. Firewalls can also be used to “segment” internal
networks.
The application of firewall technologies only represents a portion of an overall security strategy.
Firewall solutions do not guarantee 100% security by themselves. These technologies must be
complemented with other security measures, such as user authentication and encryption, to
achieve a complete solution.
The three technologies that are most commonly used in firewall products are packet filtering,
proxy servers, and hybrid. These technologies operate at different levels of detail, and thus they
provide varying degrees of network access protection. That means that these technologies are
not mutually exclusive. A firewall product may implement several of these technologies
simultaneously.
Network management and outsourcing models
While enterprises acknowledge the critical role that the Internet and IP VPNs can play in their
strategic eBusiness initiatives, they face a range of choices for implementing their VPNs. The
options range from enterprise-based or “do-it-yourself” VPNs that are fully built, owned, and
operated by the enterprise, to VPNs that are fully outsourced to a carrier or other partner. In the
near term, it is generally believed that enterprise-operated and managed VPN services will
hover around a 50/50 split, including hybrid approaches.
Increasingly, enterprises are assessing their VPN implementation options across a spectrum of
enterprise-based, carrier-based/outsourced, or hybrid models. Each approach offers a unique
business advantage.
● Enterprise based. This option operates over a public network facility (most commonly the
Internet) using equipment that is owned and operated by the enterprise. Its greatest
benefit to the enterprise is the degree of flexibility and control it offers over VPN
deployment, administration, and adaptability or change.
● Fully outsourced. This managed service could be implemented by a collection of
partners, including an ISP and a security integration partner. Its advantages include quick
deployment, easy global scalability, and freedom from overhead network management.
● Shared management. With this hybrid approach, a partner can take responsibility for
major elements of infrastructure deployment and management, but the enterprise retains
control over key aspects of policy definition and security management.