Upcoming Events

Executive conference

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

More Events »

Vendor Newsfeed

More Vendor Newsfeed »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up
Column - Security Watch
C O L U M N  
Of No Small Concern

  September 2, 2002
  By Robert Moskowitz


TOC Issue TOC
Printer Print this article
E-Mail E-Mail this URL
flame author Flame the author

IT managers charged with securing their business's Internet connections from intruders and viruses can't afford to get caught with a bad investment. Real security muscle comes at a price--in time or money. Often the costs are most painful to the little guys: small and midsize organizations that cannot get by with just personal protection (each system running its own antivirus software and firewall, for instance) and cannot hire a security team to do a full security work-up. The small office has become the target for attackers, and too many small-office networks are open to exploitation. We have already seen viruses like Code Red hang around the Internet for too long as many small businesses became infected and stayed that way. We need effective guidelines and tools for securing small enterprises.


For our purposes here, a small office is one with public-facing servers, internal servers, and wireless and wired workstations. Sound security practices for this setup require at least three networks because the internal servers and workstations can share the same network. This configuration rules out using most broadband routers for the firewall. Instead, the small business needs a firewall system with four interfaces: one facing the Internet, one for the external systems, one for the wireless workstations and one for the internal systems.

Takes More Than Two

Not surprisingly, the standard low-end firewall configuration has just two interfaces, short-changing a good security posture for small businesses. Perhaps small businesses look for the cheapest solutions, based on what they are told is adequate for their needs. A broadband router or an $80 box as the firewall is financially attractive, after all.

But Internet gateways are ill-conceived for providing security services. They must be upgraded cautiously; a mishap could disable Internet access, which may be needed for other gateway updates to get the connection working again. And updates occur frequently: New threats against firewalls are constant. Is your Internet gateway maintained through a Web front end? Is it current against the attacks aimed at Web servers? Is it maintained by your ISP, and thus only the ISP can adjust any firewall rules?

The single protected network is, perhaps, a greater limitation, as we have always known the risks inherent in placing external and internal servers on the same network. Even if the firewall will support separate rules for the external servers and the internal systems, if an external server is compromised, the internal network is open to attack. In addition, a wealth of information now shows that wireless 802.11-based systems put your network at real risk, which can best be mitigated by placing the wireless systems on a separate, firewalled network.

There is a certain attraction to using three two-interfaced firewalls. If the upgrade on one fails, you're not completely out of business, and you probably can use the wireless firewall as your upgrade test unit. But management of three units has its own perils.

Small businesses present a risk to the entire Internet; therefore, it behooves even the largest business to recognize the value of good security practices for the small business (which may be your business partner). These sites need sound security practices and soundly constructed firewalls that are not hamstrung on simple networking assumptions.

--Robert Moskowitz, rgm@htt-consult.com

Best of the Web

Data deduplication: Declawing the clones

Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.

Quick Read

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.

Quick Read

WAN Optimization Whitelists and Blacklists

Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.

Quick Read

WAN Optimization as a Managed Service: It's Not About the Cost

This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.

Quick Read

  Sponsored Links

Premium Content

Data Centers Gone Wild
February 22, 2010
NWC


Salary

Video

View All Videos

Most Popular

Stories Blogs

More Stories »

Whitepapers

More »

BlogRoll