Solved

Suggestions for Small Business Content Security

Posted on 2004-09-21
9
302 Views
Last Modified: 2010-04-11
Dear fellow Experts,

Our company has about 80 workstations with 7 servers.  Our two domain controllers are win2k.  We have an exchange 5.5 server on NT 4.0 server.  We are currently using Computer Associates' eTrust Secure Content Manager which includes the eTrust Antivirus for content security in out business.  However, we have had many problems with these programs since we purchased them.

We are looking for a product or multiple products that will be able to accomplish the below list:

1.  The product needs to be able to filter, monitor, and scan for viruses all HTTP, SMTP, FTP traffic.
1.  The product needs to include a proxy. This is usually common because they usually use a proxy so it can monitor and filter HTTP traffic.  Our network is arrange in a way that it needs a proxy.
2.  Detailed reporting information.  This is a must!  We need to know what sites the users are visiting, what time they went there, and how long they were there, etc.  Most of the products we have seen don't have too much reporting available.
3.  We need to filter spam from our Exchange 5.5 server.  I have found that the user configurable bayesian anylsis filters seem to work the best.
5.  We need to be able to block sites along with monitoring where users are attempted to go to.
6.  We need to implement a network wide antivirus solution that can have a central location of administration.


The Secure Content Manager that we have been using has these limitations and more:

1.  Documentation is the worst documentation I have ever seen.  It doesn't tell you jack squat!  And you can't find anything on their webpage.
2.  The reports that we can get from the SCM program don't tell us anything.  They tell us that certain catagories of webpages were visited, but they don't tell WHO visited those pages.  Or it might tell you the top 10 users of the internet, but not what sites they are visiting.  Useless!
3.  The proxy server has a problem loading large websites.  It times out and tech support does not have an answer for us.
4.  The spam configuration is complicated and doesn't work once we set it up.
5.  The program is hard to use and complex.

If anyone could give some recommendations on either several programs to accomplish what we need or maybe one single program/suite.  We basiclly need an all around content security/filter solution.  Any help would be greatly appreciated.  Thank you.
0
Comment
Question by:sqwasi
9 Comments
 
LVL 2

Author Comment

by:sqwasi
Comment Utility
I wish I could add MORE points.
0
 

Assisted Solution

by:NathanBishop
NathanBishop earned 150 total points
Comment Utility
I don't know if this will be much help, but I hope it gives you a good start with some of the problems untill someone else gives you better tips.

Good software for the Virus Scanning and filtering on those services at an affordable price would be Norton Symantic Titled software such as Anti-Virus and Security Center plus Sygate Professional Firewalls are always a great affordability for small businesses.

Now depending on how small your business is or how small it really isn't, two great corporate software titles that have gotten great recognition are Sophos Corporate Anti-Virus and BlackICE Corporate Firewalls.

Now as for spam control and filtering, SpamAssassin seems to do great when used.  Now I don't know fully if you would be able to use it on your type of system but it is worth a look into isn't it?

I hope this provides some sort of help, these are all products we use or have used at the small business I currently work at and we have also set them up for others, so I gave this information based upon what you said you were looking for, so now I guess you need to wait for is anyone else to provide extra info on your question.

Have a good day.
0
 
LVL 7

Expert Comment

by:LimeSMJ
Comment Utility
What's your budget considerations?  For my suggestion, you would ideally need a new server with lots of RAM and decent CPU performance.

From what you wrote, you might want to check out MS ISA Server 2004...  Application level firewall, HTTP filtering and caching capabilities, Client-side firewall, really detailed reporting, etc.  You would definitely find out more info on what it can do on either www.microsoft.com/isa or www.isaserver.org sites.  I use this software on it's own dedicated server in addition to a separate hardware firewall in front.  This machine is also setup as an SMTP relay into my EXCH 2000 server... I have ORF (www.vamsoft.com) running on it which provides SPAM filtering, attachment blocking, etc... once emails get filtered, the ISA server forwards the "clean" emails to the EXCH server (which has its own SPAM programs running).

For Anti-virus, I use Symantec Corp 9.0 (as NathanBishop mentioned).  Provides a centrally managed anti-virus server/client environment - you can do remote scans, virus definition pushes, etc.  Works great and it's simple.

Those 3 programs should cover all your bases but again, it would all depend on your budgeting requirements.  Hope this helps.
0
 
LVL 2

Author Comment

by:sqwasi
Comment Utility
Thank you.  I guess I thought that ISA was just a type of firewall.  We already have a sonicwall in place which handles the firewall part.  So maybe the ISA will work well for the proxy, monitoring and filtering.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 2

Author Comment

by:sqwasi
Comment Utility
I took a look at the ORF (vamsoft) product.  How does that do in actual filtering?  I notice that it doesn't include the bayesian filtering.  I have used GFI mail essentials in the past and it wasn't very accurate until you trained the bayesian filtering.  Have you found success without using the bayesian filtering? (Sorry, this is just a side question.)  Thanks.
0
 
LVL 2

Author Comment

by:sqwasi
Comment Utility
I took a look at the ISA 2004 server.  Is this overkill for just using it as a web proxy server with web usage monitoring?  Also, I looked at the reports and there are reports for top users, but how do I get a report to show all the web pages that all the users are visiting?
0
 
LVL 7

Accepted Solution

by:
LimeSMJ earned 200 total points
Comment Utility
I use GFI on the internal mail server for additional SPAM filtering.  I just suggested ORF cause it was a very powerful and cheap solution - but if you have experience with GFI's stuff go for it, as I use it myself... and yes the Bayesian filter is quite impressive.

As for overkill... well there's a demo version out.  It's not the cheapest but it does have everything you need in a single integrated package - plus I like having a multi-layer security model (multivendor and multilayer just to make it that much harder to break through).  To be honest I can't really say that it is or isn't overkill for you since I use it and I love it - kinda biased opinion.  :)

As far as reporting goes, that's where GFI comes in.  They have a free add-on module to ISA 2004 that details real-time and past web usage per IP (user).  You can more details here: http://www.gfi.com/webmon/   I use this product too on my ISA box and it does what it says.

Hopefully another expert will suggest other products as I don't want to discount any others since I don't use them.
0
 

Assisted Solution

by:pkwatson
pkwatson earned 150 total points
Comment Utility
It greatly depends on the budget available, but one of the best (IMHO) out there for the corporate user is Clearswift all based around their MIMESweeper product
http://www.mimesweeper.com/products/default.aspx

You could also look at managed services - many companies offer this and it keeps the overheads on your network down.

Paul.
0
 
LVL 2

Author Comment

by:sqwasi
Comment Utility
Thanks for eveyrone's help.  You all helped some so I split out the points for you.  Have a great day.
0

Featured Post

Do You Know the 4 Main Threat Actor Types?

Do you know the main threat actor types? Most attackers fall into one of four categories, each with their own favored tactics, techniques, and procedures.

Join & Write a Comment

It’s a strangely common occurrence that when you send someone their login details for a system, they can’t get in. This article will help you understand why it happens, and what you can do about it.
Big data transfers via information superhighways require special attention and protection. Learn more about the IT-regulations of the country where your server is located. Analyze cloud providers and their encryption systems for safe data transit. S…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This video discusses moving either the default database or any database to a new volume.

771 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now