With the nature of VoIP and Hosted PBX services being so simple to implement, security can often become an afterthought when establishing a network for a small or medium business. On the Enterprise level, network security is of a much higher concern, and for good reason. When it comes to VoIP, a vulnerable network will make your business susceptible to foreign attacks, whether a DDoS attack designed to take down your means of communication, or those looking to listen in on your conversations and learn more about the inner workings of the business. From hackers, disgruntled employees or even just script kiddies trying to get their laughs from attacking a business or holding a network for ransom, the threat of malicious attacks is higher than you think.
Even worse than a lack of security is the false sense of security. However, if your team is looking to establish their own network, while most of the heavy lifting and even security measures should and will be taken by your chosen VoIP provider, it can be incredibly beneficial to understand what's going on behind the scenes to either take your businesses' security into your own hands, or dive deeper into what your provider has to offer. Armed with the proper understanding and knowledge can make it the decision of which provider to adopt will help a more secure and robust network.
Software vs Hardware Firewalls
One of the easiest and most cost effective ways to secure a network is through the use of a firewall. Many will be familiar with the term, and the basic operations of a firewall. The concept is not too difficult, as a firewall is essentially a gatekeeper for your network. Depending on your setup, provisions and configurations a firewall will allow or deny access to your network. This will keep the good traffic flowing, while blocking out any potential malicious attacks. However, the subject starts to get a little more complicated when you introduce the idea of a software or hardware firewall.
One of the more common implementations, software firewalls are simply just that - software installed on each and every machine in your office that needs to be protected. These applications will then filter out the traffic based on the specific user's configuration, and will require more direct action of each specific user to operate to their full capacity. A software firewall can be easier to implement, but could also be costlier, requiring multiple purchases, time consuming to install on each machine and requires actual participation from the end user of each and every machine the firewall is installed on.
Software firewalls are also considered to be much weaker, and easier to for hackers to break through and avoid or take down. The best practice in network security is common sense - understanding what connections are legitimate and useful, and filtering out the bad before a firewall is even necessary. This will put a strain on unfamiliar end users, unsure of what and when to filter out malicious connections.
- Software firewalls must be installed on each and every machine that needs to be protected
- The necessity to install on each computer could require multiple license purchasing, can be costly, as well as maintenance intensive - each computer will need to be serviced independently
- Stand-alone software firewalls might not be secure enough and can easily be worked around
- Users without much computer/security experience may be uncomfortable handling the requests and alerts which could lead to locking out important connections, or allow malicious ones
Taking the level of security, a step further, beyond a simple software firewall installed on each machine in the office, users can adopt and establish a hardware based firewall. Unlike a software firewall which would be installed on each individual machine, a hardware firewall is a physical device accompanied with software, and connected directly to your office's network. Provisioning, configuration, monitoring and maintenance can then be performed all from one machine in control of the network, allowing for a quicker implementation, and far less action taken by individual users.
With the ability to configure a hardware firewall as necessary for each specific implementation, traffic can be prioritized for VoIP communications, or video data for web conferences, to avoid any form of packet loss. While a hardware firewall will require less action from each individual user on their own machine, the initial setup, as well as maintenance and monitoring would need to be carried out by an IT professional, or someone on the team more familiar and experienced with networking and security. Hardware firewalls can also include a VPN, Virtual Private Network, for encrypted connections.
- A hardware firewall will be installed on-premises, and connected to the office's network to allow total protection over every machine on the same network
- While the initial installation could be a bit more complicated, far less effort is required than a software firewall which requires installation and provisioning on every single machine
- VoIP and Video data can be prioritized to allow for a jitter free, smooth and protected connection for all of your office's communications
- Hardware firewalls remove the burden on the individual users, and acts more behind the scenes so less familiar workers don't need to be make constant decisions to restrict or allow network access
Cloud Managed Firewalls - A Happy Medium
While a hardware firewall comes with a massive list of benefits, including overall efficiency and stronger protection, than a software firewall - the task in purchasing, installing and maintaining such a system can be very daunting to many without the proper experience. However, the option of a managed firewall exists to help relieve the negative experience of operating a hardware firewall. A managed firewall can be delivered as a premises, network or cloud-based service and helps allows for a quicker, simpler installation without the heavy lifting on the business' end.
A managed firewall will normally include hardware that needs to be connected to the network, but the maintenance, provisioning and monitoring will be handled through a cloud network by a service provider. This will combine the benefits of a hardware firewall, without the headaches that come along when a non IT professional attempts to implemented what can be a rather complicated setup. These managed firewalls will generally provide 24x7 firewall administration, monitoring, as well as quick response to any threats to your network or malicious attacks.
Managed Firewalls can be made available through many of the more common networking names, such as Cisco, Dell Security or even Verizon Enterprise Solutions, but can also be provided by more direct competitors with a narrower focus, such as SecureWorks or SimpleWAN.