Rock climber

If your business uses a Hosted Desktop system behind the scenes it will also be protected by a Hosted Desktop firewall. But what is a Hosted Desktop firewall, or put more plainly, what is a firewall?

In this blog post, we’ll give you a run through of what a firewall actually is and why it’s a critical component of your Hosted Desktop service.


What is a firewall?

Like many terms within the IT world, firewall was borrowed from an existing concept from within the building and vehicle construction industries. Within this context, the basic idea is that a fire resistant barrier is constructed that would prohibit the spread of fire for a prescribed period of time.

For example, in the unfortunate situation that a building caught fire, the adjoining building would have a period of time for the controlled evacuation of the occupants or extinguishing of the original blaze, before it caught fire itself.

So, back to the world of IT; a firewall device is similarly used putting in place a protective barrier. This barrier is what separates the public internet (untrusted!) and your IT system’s internal network (trusted!).

A firewall comes into the fray whenever you have your internal IT network connected to the public internet. It gets positioned exactly at the point where your sensitive internal IT network meets the big wide world of the public internet.


Why do you need a firewall?

The internet is a wonderful thing, so much so that we simply couldn’t imagine a world without it these days. Our social media, shopping, Sky TV – it all relies on the internet. But more than this, businesses of all shapes and sizes are utterly reliant on it, from email, to telephony to e-commerce.

That said, it’s not lost on the bad guys out there (the “dark web” if you will) quite how reliant businesses are on the internet and their IT systems in general. With so much at stake for the innocent business, the bad guys know the power they have, if they can penetrate your IT systems.

And how do they attempt to penetrate your IT systems… via the public internet to which your sensitive IT systems are connected.

And here is the reason you need a firewall – to keep the bad guys out!


So why not “hard” shut off the public internet completely from entering your IT system?

Surely it would make sense then to just disconnect the public internet from your IT system entirely? I.e. much the same as pulling out the cable that presents your IT system to the public internet. Just, close the door.

The answer to that question is quite simple, you (the good guys!) need to access your IT system.

Let’s say you are a Hosted Desktop customer that is using a provider such as Cloud2Me with our Hosted Desktop service. Physically speaking, your IT environment is located in a purpose-built data centre. Therefore the only method you have of accessing your cloud solution is via the public internet – which of course is the same channel that the bad guys also use to attempt to infiltrate your Hosted Desktop system.

Therefore, you need to have your IT solution (Hosted Desktop system) connected to the public internet. There’s no getting away from this.

However you need a method of keeping the bad guys out whilst at the same time letting the necessary information in, and this is where a Hosted Desktop firewall manages a delicate balancing act.


The bouncer at the door analogy

Imagine a prestigious London nightclub in the depths of Tottenham Court Road. The owners of the nightclub of course want to keep the delinquents of London out of their prized establishment. One sure-fire way they could achieve this is by not opening the doors at all! But then what good is the nightclub without legitimate, paying guests? 

There needs to be a filter, and in the example of the nightclub, this is of course the bouncer on the door. 

A good bouncer from a reputable agency will carry out a near-faultless job at being able to detect a great punter Vs a boozed-up troublemaker, with close to a 100% success rate.

Of course some nightclubs may be willing to invest less money in security and so receive a poorly performing bouncer. Such a poor-grade bouncer then goes about letting in all sorts of riff-raff, who then may go about causing irreparable damage to the nightclub, forcing shut its doors for good.

The concept is very similar to your Hosted Desktop firewall which is in place behind the scenes. It’s a crucial piece of your Hosted Desktop solution that has to be of high quality from the get go and maintained throughout, to combat the ever changing threat landscape.


How is a Hosted Desktop firewall configured?

A very simple explanation of how a Hosted Desktop firewall is configured: Your provider will purchase a firewall from one of the many firewall manufacturers. For example there are some excellent vendors out there such as SonicWALL, WatchGuard and Cisco to name but a few.

But in many cases a firewall is a physical appliance much like the router that you have in your office that terminates your internet connection. It has an internet connection that plugs into it (or possibly several) along with the IT network connected from the “inside”, i.e. the sensitive part of your IT network.

At this point, the firewall acts as a “middle man”, much like the bouncer mentioned earlier.

Your Hosted Desktop provider will then go about establishing “firewall rules”, which dictate (with great strictness!) who is allowed in – much like the same set of rules the bouncer on the door would have, i.e. dress code, group sizes, demeanour, and so on. In terms of Hosted Desktop systems your firewall will be configured for rules such as:

  1. Connections are only allowed from the UK
  2. Only one connection every 5 minutes allowed
  3. A two-factor authentication is required
  4. Only connections on a specific “port number” (frequency) are allowed
  5. Connections only from a specific model of computer device

Bring on the firewall witchcraft!

Bring on the firewall witchcraft

As firewalls have evolved over the years, inputting the basic set of firewall rules (such as the set mentioned above) has remained super important. However the “next generation” series of firewalls have brought about many advances which allow the firewall filtering to go from the proverbial analogue, to digital.

Some examples of the fantastic new features that are available on today’s next-gen firewalls:

IP reputation

This is where the Hosted Desktop firewall is looking at the source IP addresses from the inbound connections. The firewall contains an ever evolving address book of known, bad IP addresses. Then on every connection attempt of internet traffic into the firewall, it looks at the source IP address. If it happens to match an IP address on its blacklist database, the connection is dropped before it even gets to the door.

Deep packet inspection (DPI)

This is a technology whereby the raw internet data stream is inspected at a granular “packet” level. Breaking down the incoming information into its component parts, the firewall is able to carry out inspections as if the inbound data stream was under a microscope. If the firewall detects malware such as a virus, the transmission is immediately halted from entering your IT environment and reported.

Real-time threat definitions (also known as zero-day updates)

This is a malware identification database which is continuously updated throughout the day, of the world’s ever changing threat landscape. Would you believe, for example, that thousands of new viruses are created daily! Fortunately, a good Hosted Desktop firewall will have capability to match, meaning it is continuously kept up to date with the “zero-day” threats, ensuring any inbound issues are identified and stopped in their tracks.

Sand boxing

One of the newer firewall concepts, this is a technology that has the ability to stop new malware attacks before the firewall even has the relevant threat definition update (antidote). It does this by utilising deep packet inspection, and if it notices a connection stream with packets it doesn’t recognise, it will “capture it” and send it into a quarantined area. Once it’s within this quarantine area, tests will be carried out, where it will be guilty until proven innocent! I.e. it will only continue its onward journey through the firewall once the firewall has completely proven its legitimacy – otherwise it gets quarantined then disbanded.

I’m sure you will agree that this is some pretty cool functionality, and the good news is that features such as these are ever evolving to keep businesses, such as yours, safe from internet-borne threats.


Summary

Many customers use a Hosted Desktop service but are blissfully unaware of the unsung hero that keeps their business protected, that hero being the firewall.

It’s that ‘bouncer’, that filter, that keeper of the peace, that ensures we are protected from the many evils that may wish to do us harm.

However, nightclub owners just want their guests to have a great time; they don’t expect their guests to pay homage to the security, after all the guests have paid for the privilege of enjoying a safe service.

This is very much the same with good Hosted Desktop providers. They don’t wish for customers to be concerned with the technology keeping them safe, such as the firewall. The provider should see it as just one of their many responsibilities to their customers.

But it doesn’t do any harm to be mindful of it and even a little curious. In fact, many customers find it comforting to know of the high tech, comprehensive technology guarding their precious business data and IT systems.

We hope you have enjoyed this article. Of course if you would like to hear more about our firewalls or Hosted Desktop service, please do contact us.

Older
Newer
  • “When I was looking for a hosted desktop solution, I wanted something that was reliable, secure and affordable. I shopped around the market place and Cloud2Me came up highly on all accounts.”

    Peter Bradley – Director
    Integral Talent

  • “We would certainly recommend the services Cloud2Me supply. Much less hassle than building our own cabled network, and Cloud2Me are very quick and helpful when responding to any questions.”

    Tristan Haines - Director
    Zepho Enterprises

  • “I was amazed at how quick the hosted desktop works, faster than my laptop! I love that I can have a pure business desktop which I can access from my windows desktop, home MAC and iPad. Cloud2Me has been a perfect solution provider. ”

    Graham Forbes - Director
    Interesting Apps

  • “I would highly recommend services from Cloud2Me. They’re good value, but most of all the service is excellent. There’s always support available at the end of the phone and Cloud2Me always go that extra mile to help out.”

    Charles Cridland – Director
    Your Parking Space

  • “We were initially cautious and uncertain of the security of working like this – this is something we have swiftly put behind us, the system is completely secure and reliable. Based on our experience I would highly recommend this service to anyone considering an ‘office in the cloud’ with Cloud2Me.”

    Bryn Towns - Director
    RoqSolid

  • “The technical support provided by Cloud2Me is great. Furthermore, I find the service offered by them to be very flexible and tailored to meet our individual needs… The way we are able to access our server wherever we are has transformed the way we work.”

    Dwain Coward
    Coward & Co Solicitors - Senior Partner

  • “I have not had any hitches and any maintenance they carry out never disrupts the services. The customer service is fantastic, even when I email late on an evening I still get a quick response that night, or first thing the next morning. I highly recommend Cloud2Me and their services.”

    Jody Nicholl
    Boolas Bakery

Ready to embrace the Cloud? Request a no obligation, 14 day free trial today.