Is a firewall necessary when we have a Business Livebox?
brupala Posted messages 111985 Registration date Status Membre Last intervention -
Hello,
I am a student and I work during the summer at a metalworking company, doing IT maintenance.
Recently, Orange has offered the company a subscription for €70/month to benefit from a Stormshield firewall.
I find the offer quite expensive, considering there are much cheaper firewalls available on LDLC. Moreover, the Business Livebox that the company has already seems to include an integrated firewall.
Should we accept Orange's offer?
Thank you in advance for your answers.
4 réponses
Good day,
In my opinion, it will depend on how you use the Firewall as well as the size of the company.
There are two schools of thought. On one hand, there are those who believe in putting as much protection as possible (multiple antivirus programs, multiple Firewalls, etc.), and on the other hand, there are those who believe in using only one solid solution (which would ultimately make the network schema simpler).
It should also be noted that there are open-source Firewalls (like PFSense) which are admittedly less effective but are perfectly suitable for small organizations with limited IT budgets.
I think the best approach is to compare their offering (as services should be provided alongside) with the offerings of other IT service companies (like SonicWall, for example) and see which one is the most interesting.
Best regards,
Hello,
it all depends on what it's for, but a firewall generally isolates the company's network while using the internet for communication.
They often also serve as VPN servers for users who need to access the company's internal network from outside, which a LBX does not allow.
A UTM firewall is relatively easy to manage, because it’s good to set up a firewall, but managing it efficiently and securely is another matter.
Doing it on a simple firewall is possible, but it's real specialist work that is often not found in a company, so it needs to be paid extra for.
Also, one must consider the risks of backdoors in these products; everyone knows what the Americans, Russians, or Chinese are capable of in this domain.
For all these reasons, many companies prefer advanced turnkey solutions, a kind of security insurance policy that guarantees them compensation in case of an incident.
The price of the hardware is one thing, but the most important thing is the software licenses, which are often subscription-based, so they have to be paid annually if one wants to keep up with updates.
After all, indeed Stormshield is still very high-end European, perhaps a bit too much for a SME that has little to protect or a vital use of the internet; their needs are not the same as a bank or an administration.
Hello,
I had already seen pfSense, which seemed like a good solution. The issue is that I only work in the company for the summer, so if pfSense is not autonomous enough, it won't be a viable long-term solution. Indeed, the company does not have an IT department, but rather relies on service providers.
Do you know if the firewall integrated into the Business Livebox is sufficient for the company, considering that the network consists of 4 Windows computers and 2 Android tablets (it's a small company)?
If there is no specialist on site, I don't think so, no one will be able to address it properly for needs that can change.
4 Windows workstations, but is the server on site or in a more protected environment?
If there is no server on site and the Windows workstations are up to date, basic protection may be sufficient, yes.
But if there are client databases or accounting on site, you need to protect yourself more than that; a ransomware attack can happen quickly and is more daunting than a network intrusion. In any case, a security policy must be comprehensive.
So, if I understood correctly: according to you, with the network I described above, I don't need a firewall, unless, in this network, I have a server that needs to be accessible from the outside (and in that case, I would need a firewall)?
Hello,
That's not exactly what I said, but it is true that if you configure the box's firewall to prevent any incoming connections, that's already a big step forward.
However, a tool like Stormshield offers many other security measures; I'll let you visit their website to see for yourself.
I think that €70 a month for good protection is not expensive, even for a small business that can't afford to hire an IT professional even temporarily; you still need someone to keep an eye on the Windows updates for everything connected to the internet.
If the accounting and client database are on machines isolated from the network or the internet, it's manageable.
An incident would cost more than that if a user clicked on a link or an infected attachment with a nice little ransomware behind it.
Even with incoming connections blocked, it would be a disaster; we would need to hope that backups are done correctly every day.
The functions of a UTM firewall help to limit this risk for machines that need to be connected to the internet.