What is a Managed Firewall?
A managed firewall is a service provided by a responsible IT security provider that performs firewall and IDS/IPS functions for your organization’s IT environment. In addition to the functions performed by a firewall and IDS/IPS, a managed firewall typically includes application control, where applications or specific features can be limited or blocked. It also usually includes web content filtering, which can block access to objectionable web sites. Most beneficial of all is ongoing maintenance, where the security provider regularly updates the managed firewall with the latest threat profiles to ensure your network defense systems are the newest possible.
What is a Firewall?
A firewall is an element in an organization’s IT environment that is designed to secure a network from outside threats. Firewalls enforce rules about what data packets (units of information, such as emails or Web pages) are allowed to enter or leave an organization’s network. Modern firewalls typically examine packets looking for such questionable items as origination from a blocked web location, protocols that would allow unauthorized users an element of control within the network (such as Telnet, or File Transfer Protocol [FTP] requests), or malicious code and malware embedded in a packet. A firewall is typically a combination of dedicated hardware and a software application where the IT professional can set the firewall rules. The IT professional typically places the firewall at the virtual edge of a network. The firewall then functions as a gatekeeper between an organization’s network and the Internet, or other networks. Operationally, firewalls have only two functions, although the level of complexity in performing these functions may vary greatly. First, firewalls log all the traffic that passes through the firewall. Second, they accept or reject data packets for passage through the firewall, based on the filter settings.
What are IDS/IPS and how do they differ from a firewall?
Intrusion Detection Systems (IDS) and Intrusion Prevention Systems (IPS) are security applications that look for security threats originating both from outside and inside an organization’s IT environment. IDS/IPS differ from firewalls in three major ways: 1) IDS/IPS can function within a network to detect threats, not just to traffic passing in and out of the network, 2) IDS/IPS are “smarter” than firewalls in that they can learn threat profiles and adapt based on network traffic anomalies or distinct attack patterns, and 3) IDS/IPS are more active than a firewall. An IDS sounds an alarm whenever it detects a threat. In contrast, an IPS will actually take some predetermined action to neutralize the potential threat. To provide an IT environment with optimal security, it should include both firewalls and IDS/IPS.