As enterprises lock down their networks with an ever-expanding arsenal of security technologies, hackers have moved on to easier pickings—smaller businesses. Historically, Internet security has been less of an issue for smaller companies, but thats changing. Securing a small- office network now requires several different technologies. Security expert Sanjaya Sood, during a speech at the Infosec Security Conference at the United Nations headquarters in September, likened the use of a traditional firewall alone to "using the Great Wall of China for modern warfare."
Still, a firewall remains the first line of defense. And the timing has never been better to buy these devices; their costs have dropped while their capabilities have increased significantly.
No longer just firewalls, most of the devices in the range of $400 to $900 are referred to as security appliances. This change in nomenclature was inspired by the addition of virtual private networks (VPNs) and other features.
Firewalls make use of Network Address Translation (NAT), a standard for translating a single public IP address into multiple private addresses. But their primary defense against hackers is Stateful Packet Inspection (SPI), which uses a predefined or editable rule set to determine whether packets will be forwarded or denied. Many firewalls also offer intrusion detection, content filtering, and intuitive Web interfaces.
Some companies can afford to spend more on firewalls—in the range of $2,000 to $3,000. They get devices with higher throughput, increased scalability, and application proxies, which go beyond rule-based SPI security by validating traffic based on an applications parameters for specific ports.