The network firewall protects the hosted applications and data in the private cloud. They act as the core of network security, act as an access control point for all traffic, and eliminate the risk of unknown malicious traffic.
When considering which network firewall set to install, the following decisions need to be made:
Do you use a stand-alone firewall between the server (the server hosting applications and data) and the Internet, or do you use a firewall to protect each server, also known as a (distributed) host-based firewall? Or both?
1. Stand-alone or a conventional firewall setup
In essence, a traditional central firewall is a system of routers, agents, and gateways grouped together. It is located between a protected trusted internal network and an untrusted external network (such as the Internet). It cannot protect the systems on the internal network from attacks by other internal systems.
The firewall is designed to allow only traffic authorized by the internal policy set of the firewall to pass through. Since firewalls must support higher wire speeds and more computationally intensive protocols, central firewalls also tend to become congestion points.
Central hardware firewalls are expensive in many cases, especially when you increase the capacity that needs to pass through the firewall. However, firewalls can also be based on software devices. The benefit of a software firewall is of course that you can even install a free software firewall on a dedicated or virtual server and create a cost-effective firewall.
2. Distributed host-based firewall setup
The host-based firewall can filter external and internal traffic on each host system. This also helps prevent internal systems from being attacked by other internal systems. Generally, host-based firewalls are software firewalls.
The host-based firewall has a low cost per unit and can be implemented based on the firewall function in the server operating system or based on additional components (software). Benefits include the ability to tailor firewall policy rule sets for each host server.
The performance of a host-based firewall is easier to manage because it only needs to protect a part of the entire infrastructure.
Comparison for stand-alone and host-based firewalls
Stand-alone | Host-Based firewalls |
– Ease of central management – Redundancy is needed because the whole infrastructure is dependent on it – Price for central firewalls is higher due to the need for high performance and redundancy. | – Offers a lot of benefits for keeping servers protected – Provides much-improved protection of the system from other systems within the network – Easier to create tailored firewalling per system – Support high capacity |
Conclusion
Host-based software firewalling: If you want to keep your applications and data in your private cloud setup secure you can install this type on your dedicated and virtual servers
But for better performance and protection, you can have a combination of both host-based and central network-based solutions. But this type of combination prefers a software-based central firewall and will offer more cost-effective security, flexibility and performance.
Feel free to visit our Mondoze Global for more information about cloud. Please do not hesitate to contact us if you have any questions.