Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Security for small business

Posted on 2006-10-23
14
Medium Priority
?
328 Views
Last Modified: 2013-11-16
I'm a computer consultant specializing in the small office/home office market.  I'm curious to hear from other SOHO consultants regading security for small business.
More often than not the SOHO customer goes for the least expensive solution - especially when the details of a product comparison get technical.  A case in point is the firewall.  As a technical consultant I want my customers to purchase high quality products that are flexible and easy to configure.  I want to sell my customers dedicated firewall solutions that are independently certified and well regarded by the industry.  The problem is the customers wants the $70 Linksys instead of the $500 Watchguard.  Explanations of superior security features and expandability are obscured by price.  Further, it's difficult to encourage customers to invest in gateway security when so many problems are invited in by the end users!  Others must be experiencing this too.  How are you dealing?
0
Comment
Question by:pnkljohnson2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
14 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17793029
Hi pnkljohnson2,

Good question, I have found that most small business do not need the functionality provided by the high end firewalls.

They usually do not need a VPN (especially not if they are using Exchange 2003 (or more likely SBS) you are not OS specific here, so this is just my experience).  All they need at most is a NAT router to stop inbound unsolicited traffic, and provides basic port forwarding for email and/or inbound web (443 for OWA)

-red
0
 
LVL 9

Expert Comment

by:bigjimbo813
ID: 17793287
its tough thats for sure. But limit user capabilities with permissioning, keep anti-virus and application firewalls patched and up to date would be your first step.

How's your knowledge with linux?
0
 

Accepted Solution

by:
elusivetech earned 128 total points
ID: 17793678
I dont think simple port forwarding firewall is enough.

Sonicwall or Juniper or Even Cisco do offer firewalls for small businesses. Though its not $100 dollars like Netgear, but for roughly $499 you can get yourself a decent firewall that does more than port forwarding or port triggering.

I think having rule based firewall is necessary even for small business. This gives you a granular control over, and you can control inbout and outbound traffic better than Linksys or Netgear.

If you dont want your customer to pay $499, I would suggest use Linux box. You can setup free rule based firewall with any flavor of Linux.

-- Martin
0
Looking for the Wi-Fi vendor that's right for you?

We know how difficult it can be to evaluate Wi-Fi vendors, so we created this helpful Wi-Fi Buyer's Guide to help you find the Wi-Fi vendor that's right for your business! Download the guide and get started on our checklist today!

 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17793693
Why don't you think a nat router or port forwarding firewall is enough?

Closed ports are closed ports -> whether that is done with a $20 firewall or a $40k router
0
 
LVL 8

Expert Comment

by:jako
ID: 17795438
I usually pose the question this way: If the CTO of the consulted business wants to restrict web access to most of their staff for productivity rise and yet at the same time have himself access to say, security related websites, he needs a firewall that enables more finegrained settings than the cheap NAT router he was eyeballing.
0
 
LVL 9

Expert Comment

by:bigjimbo813
ID: 17795499
yea, but that option is up to management not the consultant. It could however be a selling point to convince management on buying the more pricey hardware.
0
 
LVL 1

Author Comment

by:pnkljohnson2
ID: 17803425
As I see it the benefits of true firewall appliances over cheap NAT/PAT devices are:

1) Stronger security - more sophisticated packet inspection, better alerting/reporting, egress filtering, more integration
2) More features - VPNs, more users, configuration flexibility, industry certification
3) better support - front line support techs that do more than read from a screen, proactive research and publishing, software/firmware maintenance

These features help keep systems safe to a degree but their security value is being eroded by the simple fact that more malware is transported via open ports.  Firewall vendors are starting to offer more threat management at the gateway for enterprise products but not yet for SOHO products.  I feel like I'm doomed to put out fires all day long and I'm getting tired.  Firewall vendors, are you listening?
0
 
LVL 9

Assisted Solution

by:bigjimbo813
bigjimbo813 earned 124 total points
ID: 17804031
Consulting consists of a huge grey area vs black and white. Budget with SOHO clients can vary depending on that buisness size and needs.

I have delt with clients that are as cheap as scrooge himself. You just point out a clause stating this is what you reccomend, if this isn't met then I cant guarentee my consulting time/fees.

If they don't like it, walk. Usually these tightwads are also the ones who complain over the smallest things which IMO, isn't worth the stress/money.
0
 
LVL 1

Author Comment

by:pnkljohnson2
ID: 17804156
I agree with you.  Determining which customers to avoid is just as important as determining which customers to accept!   My goals is to serve my customers as well as I am able, to deliver value in my services, and to be a reliable partner for the people who put their trust in me.
It's hard being a one man shop.  There's nobody else to turn to when the going gets tough.
0
 
LVL 39

Assisted Solution

by:redseatechnologies
redseatechnologies earned 124 total points
ID: 17807733
Sorry, I should have written that better.

I don't use the el-cheapo nasty routers for $20

The cheapest thing I will buy is a Linksys or equivelant for about AUD$90

With that in mind;

1) I am yet to have a small client that outgrew the security of a cheap little linksys router (including the wireless routers) - Reporting is usually a bit dodgy, if it even exists, but generally they don't care - close the ports they aren't using let it run.
2) Linksys can be a bit dodgy with VPNs, allowing only Pass-through (usually from inbound to outbound only) but I don't use the firewalls VPN anyway - RRAS does that, and takes advantage of the windows authentication.  And how flexible does a small business need their router to be?  As long as it port forwards and allows VPNs, what else is there?  I am starting to wonder about your definition of small business :) And Linksys are industry certified (and owned by cisco)
3) Support, yes, that can be lacking - but I consider these routers to be relatively disposable, and generally the online help is there (especially considering they are SOHO, and intended to be managed by consumers)

Now, I am not trying to argue for the fun of it, just trying to really get a handle on what you are doing.  I am also a one man band, and work for large (50 scattered users) and small (3 user) networks.  Where they have the budget, and moreso, the need for greater security - I have pressed for big cisco routers (1760s mainly).  But my small client, sure they are hosting mail, but that is it - everything is shut except port 25, and the router is bolted down by default everywhere else (although I was sure to check that).

No security is designed to stop anything - even locks on doors are only designed to slow down intruders.  Smaller companies (and I have seen it) usually dont even care about backups!  And there is a far greater possiblity of hardware or software problems wiping an install than someone intentionally forcing their way though a soho router.

-red
0
 
LVL 4

Assisted Solution

by:LBACIS
LBACIS earned 124 total points
ID: 17807801
Ok here we go,

                 You can purchase netscreen, sonicwall, watchguard, small appliance for 200 to 500 dollars and get full statfull packet inspection etc, etc.
Example watchguard x50 ebay 400.00. This will even have a web content filtering feature called web blocker. They have always worked great for me...
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Check out the latest tech news, community articles, and expert highlights in August's newsletter.
A bad practice commonly found during an account life cycle is to set its password to an initial, insecure password. The Password Reset Tool was developed to make the password reset process easier and more secure.
With Secure Portal Encryption, the recipient is sent a link to their email address directing them to the email laundry delivery page. From there, the recipient will be required to enter a user name and password to enter the page. Once the recipient …
Sometimes it takes a new vantage point, apart from our everyday security practices, to truly see our Active Directory (AD) vulnerabilities. We get used to implementing the same techniques and checking the same areas for a breach. This pattern can re…

721 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question