What kind of Firewall should i use for our small business? Hardware, router, or both?

[SamAishi]

Hello, 

I am in the process of upgrading our router that is now getting very old, and i am trying to get better security/better firewall for our 10ish employees in the process. I have however, very limited knowledge in that field.

So here's the deal, from my understanding, you can get either a ''hardware firewall'' that connects between the modem and router (something like the ones from sonicwall.com), or you can get a beefed up router that has a good firewall already integraded within the unit.

So my question is, would a ''good'' router be adequate for security or should i look for something else? Any recommendation?

 

fyi, all of our computers have bitdefender security installed on them.

 

Thanks,

[Electronics Wizardy]

What devices do you have on your network? Do you have any services your hosting from this network?

 

The firewall probably won't matter here, but Id probably get one of the small buiness firewalls. They also work as a router, so you don't need a separate router.

[wseaton]

Firewalls, at least in terms of todays security threats, are over-rated. The vast majority of baddies that cause problems with small business are layer 7 things that attach to E-mails or users click on. Malware syndicates don't waste their time with small business. Your main security threat is users clicking. Firewalls in their basic function won't stop that because by core function they are layer 4 devices.

 

Don't bother me with worthless Firewall gimmicks like Geo blocking or DNS filtering. The bad guys are long beyond that.

 

Every business I've done consulting for that has been hit with Ransomware ranging from home office to half billion dollar entities had a Firewall in place, and getting a "better" Firewall wouldn't have prevented the problem.

 

Some Firewalls come with competent content filters (Fortigate, etc), but they require some active administration to monitor. My strong opinion is if you are Windows based is to focus on end client security, which is AV software that you *pay* for. Robust E-mail scanning is the first thing you want because E-mail is 75% of the industry conduit for security problems.. Combine this having solid backup and recovery practices of your company data. Last, for the sake of everything holy limit data editing priveledge to people who need it. Don't give a temp full access to eveythinrg on your data shares.

 

Main feature I find worthwhile on a Firewall is a VPN. This of course if you want to access your company data remotely and it's not in the cloud.

[SamAishi]

We do not have much on our network to be honest, the usual, computers, printers, wifi connected devices such as phones and tablets.

So this is very interesting, our emails are hosted on G-suite, the google servers basically, and combined that with bitdefender, would you say that an e-mail scanning service is necessary?

You couldnt be more right about the ransomwares, we've been there unfortunately.

Our files are also stored on G-suite (google drive), so back-up wise, should be good.

And so, from what i understand from you guys, a small business router, or a consumer router is pretty much the same? Therefore getting anything thats well rated should be fine?

 

Thanks!