Small Business Network Security
Security is not a normal topic for the owner of a small home based business or the small business owner. These businesses are becoming a large segment of internet users that are connected 24 hours a day seven days a week. The overall security needs of this group of internet enabled businesses is no different than those of medium to large corporations, but the scale is much smaller. It is also apparent that the small business does not have the percentage of budget to expend on security that the larger companies do. In fact most small businesses do not budget for appropriate security for their internet connected systems at all. When it is discovered that some expenditure is needed, petty cash is often where the money comes from. The items purchased are usually from retail outlets and self installed. The issue is not the intent of the business but of the overall security coverage. The typical small business owner will go with the defaults or what is guessed by running an installation wizard. The end result is a personal firewall and retail anti-virus product which leaves the business exposed to malicious worms, viruses, spyware, hacking and system takeover. It is not the fault of the purchased products but the lack of knowledge of the installer and a few missing pieces. To start out personal firewalls are a good thing but they were never intended to be the complete solution for a network of business computers. For a single machine that is directly attached to the internet they are ok, but incomplete. The analogy would be a house that the owner left the front door unlocked but locks his home office door. Many of today’s gateway products include a gateway firewall. For instance Linksys cable/DSL router has a version of Zone Alarm Pro on it which is not activated until the user buys a key to unlock the product. This is the front door lock. Other products do not have the built in Firewall feature but include NAT (Network Address Translation) and use hype to say that this is protection. If you think about it, NAT is a translator, it really does not care about protection. Where NAT becomes important is when there is multiple computers and devices behind and ISP assigned single address. When any device that is hidden by NAT the address the Internet sees is the public address of the single address assigned by the ISP. This obfuscation is not impervious to attack. Many times when we ask a small business about their security they appear to be unconcerned. In fact some of them state that there is nothing worth stealing on their computers and if they catch a virus or a worm they would just reload the system from a recovery CD. In fact this approach is interesting as it does discourage hackers as it is not a challenge to them. However the trend in recent history is to take over an unprotected system and use it to do a distributed attack on other systems, for instance the Department of Defense or the Root Name Servers or a myriad of other internet critical services. Often the unsuspecting user will get a call from a very irate business or the government telling them to shut down their computer as it is attacking them. The question then becomes what is your liability when your equipment is used to damage some other organization due to your negligence.
The other area that is almost a security issue anymore is that of virus detection and removal. This is because many of today’s viruses are designed to wreck havoc on the internet services instead of destroy files. Some commercially available antivirus products are very poor at detecting what are termed worms. In fact some of these worms target systems that are protected by certain antivirus products and shut down the product so it can do it’s dirty work. After your machine is infected with one of these worms the machine becomes a liability to the internet.
So what is a decent security implementation? We feel that there is a three tiered approach. First lock down the internet gateway with a firewall product in either gateway software add on or a hardware firewall behind the gateway. We like CheckPoint, SonicWall, Fireguard, Netscreen, CISCO Pix, and Nokia. There are other very good appliances; we just have not got our hands on many of them. In most cases the small business is not serving any web pages or publicly available services. The firewall should allow traffic from the internal network out and drop all traffic trying to go in. Second level would be the computers themselves. In the desktop a personal firewall is a good idea (Trend Micro’s PC-Cillin, Zone Alarm Pro or Black Ice Defender). If you have a server personal firewalls can be a pain but we like Zone Alarm Pro. The third tier is a good antivirus product. We recommend Trend’s PC-Cillin, Panda AntiVirus Platinum, Kapersky Labs, Sophos. Why this list? We have found that in general all the commercially available antivirus software has decent to very good detection engines. The problem is that the issue is distribution of fast updates. If the client package can not check the distribution server in a frequency of one hour or less the effectiveness of the product is compromised. In fact many of the off the shelf or preinstalled anti-virus products update weekly or not at all. The default settings should be at the most frequent check for an update, not do not update. As a small business owner you need to have a product that you can install with good defaults that you do not need to hire an expert to make it work correctly. Avoid using any product that uses a push update. Push technology just is to unreliable in today’s world. Besides if you have a personal firewall it may break the push anyway. If you are interested we were quoted in techtarget about security headaches If you have questions on your small business security we are always glad to talk to you about what you feel you need to do. We will also work with you to make sure that your implantation works within your budget and minimizes your exposure to the threats that exist on the internet.
Lorimer Network Research, Inc. 970-901-9526 |