Host-Based vs Network-Based Firewalls
Whether you’re a small business or a large corporation, if you’re migrating your business data and applications to the cloud a firewall is essential to protect it from viruses and malicious attacks. Firewalls log activity for inspection, warn about harmful activity and prevent malware from attacking your network devices.
If you transfer money or sensitive information online you are open to theft and identity theft. It can be a good idea to use anti-malware software in conjunction with your firewall because firewalls do not remove malware that has already infected your system and they do not guarantee your system will not be attacked. This can happen if you accidentally install malicious software yourself.
What is a firewall?
Firewalls use different types of filtering mechanisms; they analyse information packets which make up the data flow, they act as a proxy recipient for data and they can mark key features of outgoing requests and establish whether incoming data matches this.
Firewall ‘rules’ can be customised to block particular IP addresses, domain names, protocols, ports and keywords, but most commercially available firewalls come with already established settings. The need for customisation can come into play if your firewall is preventing you from accessing information.
There are different types of firewalls which can be located in different places or control activity differently. The two main firewall options available are host-based and network-based firewalls. Here we look at both and the reasons why a network-based firewall offers a more secure alternative than individual host-based firewalls. It’s important to understand the pros and cons of each option before making a decision about what type of firewall to use, so that you can pick the best option for your business.
What is a host-based firewall?
A host-based firewall is a firewall installed on each individual server that controls incoming and outgoing network traffic and determines whether to allow it into a particular device (i.e. the Microsoft firewall that comes with a Windows-based computer).
What is a network-based firewall?
A network-based firewall is a firewall that is built into the infrastructure of the cloud (i.e. Amazon’s firewall in AWS environments) or a virtual firewall service such as those offered by Cisco, VMware and Check Point.
Host-based firewall advantages
Host-based firewalls do offer some advantages over network-based firewalls including;
- Flexibility – applications and VMs (virtual machines) can be moved between cloud environments, taking their host-based firewalls along with them.
- Customisation – a single device can be configured for individual circumstances using custom firewall rules.
- Mobility – a laptop or mobile device with a firewall provides security for the device in different physical locations.
- Internal protection – a customised host-based firewall can prevent attack from within an organisation by only allowing authorised employee access to particular devices.
Network-based firewall advantages
However, network-based firewalls offer a number of significant advantages over host-based firewalls which include;
- Greater security – if an attacker circumvents a host-based firewall, they can gain direct access to the host (i.e. via a Trojan) and could then use administrator privileges to turn off the firewall or install malicious code undetected by the IT department. However, the detection and prevention systems operating on a network-based firewall would be more likely to notice suspicious traffic generated by a Trojan as it crosses the network barrier.
- Scalability – unlike host-based firewalls that must be replaced when bandwidth exceeds firewall throughput, network-based firewalls can be scaled up as client bandwidth demands increase.
- Availability – network-based firewall providers offer high availability (uptime) through fully redundant power, HVAC, and network services, while host-based firewalls are only as reliable as your existing IT infrastructure.
- Reach – thanks to interconnection agreements between network-based firewall providers, protection can extend well beyond the boundaries of a single service provider network.
- Affordability – network-based firewalls offer much better value for money as they do not require the labour-intensive IT involvement of host-based firewalls, such as individual installation and maintenance on every server.
The ultimate protection
Because host-based firewalls offer customised protection they can be advantageous, particularly for individuals and small business with fewer devices to protect. But if you are an SME or organisation with a large network, then a network-based firewall offers all-encompassing protection for your entire business network.
The ultimate protection would be provided by a combination of both host-based and network-based solutions. With such a system in place, even if an attacker was able to breach the security at the network level, they would then have to try and circumvent the host-based firewall around each individual server as well.
Obviously the cost would be much greater to have both types of firewall protection in place. Therefore, this option might be more attractive to large organisations with complex networks to protect and a higher perceived threat level, such as those with sensitive data to protect and strict compliance requirements to meet.