Network security can be a thorny issue for small businesses because they generally lack pricey equipment and dedicated IT people who have the expertise to lock down a local area network. But addressing security is nevertheless essential: Just one customer data breach could easily wipe out a small business, and constantly battling viruses, spyware, and spam can sap employee productivity.
Threats may come from wireless deployments, too--Wi-Fi is a great convenience but also a serious weak point in most networks--as well as from Web site breaches and from employee downloads of illegitimate material. (Since you are responsible for employees' use of your network, that last vulnerability can have serious consequences.) And that list doesn't even count bandwidth wasted when employees visit sites like MySpace and Facebook, or watch YouTube videos, on company time. How can you secure your small business against so many disparate threats, constrained as you are by limited resources? The task is actually not as difficult as it may sound, thanks to enterprise-grade security technology that has been trickling down to the small-business level. So-called UTM (unified threat management) security appliances offer one-stop "security-in-a-box" protection that even part-time network administrators can deploy.
Basically, UTM appliances are firewall routers supplemented with powerful features such as antivirus and antispyware capabilities, intrusion detection and/or prevention, spam filtering, and Web content filtering (for blocking traffic such as porn sites and software downloads). These appliances may have other useful features as well, such as the ability to wall off a guest wireless network from the rest of the LAN, an array of secondary wide-area-network ports for redundancy or failover, and extensive logging and reporting systems.
Formerly the domain of network pros with deep pockets, UTM appliances for networks of 8 to 25 users now sell for as little as US$400, including a year's subscription to product updates and virus and malware definition services. I found many vendors offering full-featured UTM products for less than $1000. All of them market higher-priced products for larger businesses, too. Some UTM appliances are more user-friendly than others, but all can be installed by a third-party reseller and then maintained fairly easily
Key UTM features explained
Unlike standard firewall routers, UTM appliances vary widely in their features and capabilities--and for the most part, you get what you pay for. Here are the major features to look for when choosing a network security package for your small business.
Antivirus, antispyware, and antiphishing tools
By stopping viruses and malware at the Internet gateway, you can reduce the burden on individual computers and prevent most threats from reaching your network. Antivirus tools also provide a second layer of protection beyond your individual PCs' virus checkers, which frustrated users may disable and negligent users may update too infrequently. Gateway checkers can't find every piece of malware, however, because they lack the horsepower needed to emulate the programs on each computer. Thus you should retain the virus and spyware tools on each PC.
It's also worth finding out the brand of virus or malware checker that the UTM appliances you are considering use. Some devices work with their own software, but most rely on third-party tools from companies such as McAfee, Kaspersky, or even ClamAV (the open-source option). You should make sure that ongoing support will be available.
Content and keyword filtering
With content and keyword filtering, you can block access to specific IP addresses, domains, and URLs by invoking the vendor's database of inappropriate Web sites and keywords in various categories, as well as by adding or subtracting your own. Content filtering isn't just for porn. You could block Web mail sites, for example, or video-streaming services. You can use filtering on outgoing data as well as incoming data, so you could prevent people within your network from sending explicit e-mail or instant messages. Check to confirm that the UTM appliances you're considering have the content-filtering capabilities you need.
Spam filteringA few UTM appliances have antispam filters, but most offer it only as an extra-cost option (if at all). Because spam filtering can have a major effect on firewall throughput, many IT experts prefer to use a separate spam filter at the mail server. Your ISP probably can perform this task at little or no extra charge if you use its e-mail services. If you run your own e-mail server behind your firewall, UTM appliance-based spam filtering may be appropriate.
Intrusion detection and prevention
Intrusion detection goes beyond the simple packet header inspection that all firewalls perform, actually examining the packets' contents as well. Together with deep-packet inspection, intrusion detection and prevention systems use ever-evolving rules and behavioral algorithms to block suspected attacks, much as antivirus software does.
Data-leakage prevention
Less commonly available--but important to some small businesses--is data-leakage prevention. "Data leakage" refers to the loss of proprietary information and documents from the network via e-mail, e-mail attachments, instant messaging, Web site uploads, and so on. Law and medical offices especially need to prevent transmittal of client or patient data; they can be sued if such information leaks out.
DLP software uses content filtering or simply blocks e-mail attachments and file transfers. You may be able to simulate DLP by using regular content and port filtering tools, but you'll need to anticipate some of the ways data can leak, and some expertise in security configuration is extremely valuable. A security consultant can be a big help here.
Article:http://www.networkworld.com
No comments:
Post a Comment