Very likely yes. Ideally yes.

Chances are very good that you’ve at least heard of a firewall.  But just like any other product in the information security industry, why exactly would you want a firewall and what does it provide you?  First lets examine what a firewall does.  A firewall selectively filters traffic between networks.  In this case traffic (packets of data) is coming from some outside network into your office’s network or vice versa; data is leaving your network and going to some other network.  It’s as simple as that, the firewall monitors the traffic, also known as packet filtering, and then it may or may not take action on a single packet of data or multiple packets of data.

This device has a basic definition but its capabilities are far more advanced.  It can block or allow traffic entering or exiting networks based on numerous rules, support encryption, allow for user authentication, and so much more.  In fact the firewall is one of the most important devices in your network.  So by now you get the idea, it’s important.  You may still wonder what exactly it can do for you.  Let’s use the following example.

Imagine you’re a receptionist and your boss has told you they don’t want to be interrupted with a phone call unless it’s their spouse or doctor.  You now have your rules, no one gets through to the boss on the phone unless it’s the spouse or doctor.  What happens if you patch someone through to your boss that isn’t approved?  You get fired on the spot.

So how do you, as the receptionist, know when the spouse or doctor is calling?  Caller ID is an option, you could ask them a challenge question to verify they are who they say they are, maybe they have a secret password to give you, maybe they only have a certain number to call, etc.  The point is, you as the receptionist, have a way to verify if it’s the spouse or doctor before they are connected to the boss.  And if someone is pretending to be either the spouse or the doctor, you can hopefully be confident that you’ve spotted an imposture and can hang up the phone.

Now let’s make the connections.  A firewall’s rules are just like the instructions from your boss.  A firewall can be configured to only allow traffic that comes from a certain network, and if traffic comes from any other networks it gets blocked.  If the firewall is configured incorrectly and bad traffic enters, such as malware, then the network administrator could get fired.

Firewalls come in many flavors and the more capability it provides, certainly the more expensive it’ll be.  Small businesses don’t need the same types of firewalls that large corporations employ.  A good possibility exists that if you have a router, it has a built-in firewall, and for many small businesses it will be sufficient when used in conjunction with other information security best practices.

Whether it’s a hardware, software, web-application, or some other type of firewall, be sure that it has been properly configured and that you are utilizing it in the proper location of your network infrastructure.  You can’t simply put a firewall on your desk and declare “We are protected by a firewall!”.