Solved

Security for small business

Posted on 2006-10-23
14
326 Views
Last Modified: 2013-11-16
I'm a computer consultant specializing in the small office/home office market.  I'm curious to hear from other SOHO consultants regading security for small business.
More often than not the SOHO customer goes for the least expensive solution - especially when the details of a product comparison get technical.  A case in point is the firewall.  As a technical consultant I want my customers to purchase high quality products that are flexible and easy to configure.  I want to sell my customers dedicated firewall solutions that are independently certified and well regarded by the industry.  The problem is the customers wants the $70 Linksys instead of the $500 Watchguard.  Explanations of superior security features and expandability are obscured by price.  Further, it's difficult to encourage customers to invest in gateway security when so many problems are invited in by the end users!  Others must be experiencing this too.  How are you dealing?
0
Comment
Question by:pnkljohnson2
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
  • 3
  • 2
  • +3
14 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17793029
Hi pnkljohnson2,

Good question, I have found that most small business do not need the functionality provided by the high end firewalls.

They usually do not need a VPN (especially not if they are using Exchange 2003 (or more likely SBS) you are not OS specific here, so this is just my experience).  All they need at most is a NAT router to stop inbound unsolicited traffic, and provides basic port forwarding for email and/or inbound web (443 for OWA)

-red
0
 
LVL 9

Expert Comment

by:bigjimbo813
ID: 17793287
its tough thats for sure. But limit user capabilities with permissioning, keep anti-virus and application firewalls patched and up to date would be your first step.

How's your knowledge with linux?
0
 

Accepted Solution

by:
elusivetech earned 32 total points
ID: 17793678
I dont think simple port forwarding firewall is enough.

Sonicwall or Juniper or Even Cisco do offer firewalls for small businesses. Though its not $100 dollars like Netgear, but for roughly $499 you can get yourself a decent firewall that does more than port forwarding or port triggering.

I think having rule based firewall is necessary even for small business. This gives you a granular control over, and you can control inbout and outbound traffic better than Linksys or Netgear.

If you dont want your customer to pay $499, I would suggest use Linux box. You can setup free rule based firewall with any flavor of Linux.

-- Martin
0
Optimize your web performance

What's in the eBook?
- Full list of reasons for poor performance
- Ultimate measures to speed things up
- Primary web monitoring types
- KPIs you should be monitoring in order to increase your ROI

 
LVL 39

Expert Comment

by:redseatechnologies
ID: 17793693
Why don't you think a nat router or port forwarding firewall is enough?

Closed ports are closed ports -> whether that is done with a $20 firewall or a $40k router
0
 
LVL 8

Expert Comment

by:jako
ID: 17795438
I usually pose the question this way: If the CTO of the consulted business wants to restrict web access to most of their staff for productivity rise and yet at the same time have himself access to say, security related websites, he needs a firewall that enables more finegrained settings than the cheap NAT router he was eyeballing.
0
 
LVL 9

Expert Comment

by:bigjimbo813
ID: 17795499
yea, but that option is up to management not the consultant. It could however be a selling point to convince management on buying the more pricey hardware.
0
 
LVL 1

Author Comment

by:pnkljohnson2
ID: 17803425
As I see it the benefits of true firewall appliances over cheap NAT/PAT devices are:

1) Stronger security - more sophisticated packet inspection, better alerting/reporting, egress filtering, more integration
2) More features - VPNs, more users, configuration flexibility, industry certification
3) better support - front line support techs that do more than read from a screen, proactive research and publishing, software/firmware maintenance

These features help keep systems safe to a degree but their security value is being eroded by the simple fact that more malware is transported via open ports.  Firewall vendors are starting to offer more threat management at the gateway for enterprise products but not yet for SOHO products.  I feel like I'm doomed to put out fires all day long and I'm getting tired.  Firewall vendors, are you listening?
0
 
LVL 9

Assisted Solution

by:bigjimbo813
bigjimbo813 earned 31 total points
ID: 17804031
Consulting consists of a huge grey area vs black and white. Budget with SOHO clients can vary depending on that buisness size and needs.

I have delt with clients that are as cheap as scrooge himself. You just point out a clause stating this is what you reccomend, if this isn't met then I cant guarentee my consulting time/fees.

If they don't like it, walk. Usually these tightwads are also the ones who complain over the smallest things which IMO, isn't worth the stress/money.
0
 
LVL 1

Author Comment

by:pnkljohnson2
ID: 17804156
I agree with you.  Determining which customers to avoid is just as important as determining which customers to accept!   My goals is to serve my customers as well as I am able, to deliver value in my services, and to be a reliable partner for the people who put their trust in me.
It's hard being a one man shop.  There's nobody else to turn to when the going gets tough.
0
 
LVL 39

Assisted Solution

by:redseatechnologies
redseatechnologies earned 31 total points
ID: 17807733
Sorry, I should have written that better.

I don't use the el-cheapo nasty routers for $20

The cheapest thing I will buy is a Linksys or equivelant for about AUD$90

With that in mind;

1) I am yet to have a small client that outgrew the security of a cheap little linksys router (including the wireless routers) - Reporting is usually a bit dodgy, if it even exists, but generally they don't care - close the ports they aren't using let it run.
2) Linksys can be a bit dodgy with VPNs, allowing only Pass-through (usually from inbound to outbound only) but I don't use the firewalls VPN anyway - RRAS does that, and takes advantage of the windows authentication.  And how flexible does a small business need their router to be?  As long as it port forwards and allows VPNs, what else is there?  I am starting to wonder about your definition of small business :) And Linksys are industry certified (and owned by cisco)
3) Support, yes, that can be lacking - but I consider these routers to be relatively disposable, and generally the online help is there (especially considering they are SOHO, and intended to be managed by consumers)

Now, I am not trying to argue for the fun of it, just trying to really get a handle on what you are doing.  I am also a one man band, and work for large (50 scattered users) and small (3 user) networks.  Where they have the budget, and moreso, the need for greater security - I have pressed for big cisco routers (1760s mainly).  But my small client, sure they are hosting mail, but that is it - everything is shut except port 25, and the router is bolted down by default everywhere else (although I was sure to check that).

No security is designed to stop anything - even locks on doors are only designed to slow down intruders.  Smaller companies (and I have seen it) usually dont even care about backups!  And there is a far greater possiblity of hardware or software problems wiping an install than someone intentionally forcing their way though a soho router.

-red
0
 
LVL 4

Assisted Solution

by:LBACIS
LBACIS earned 31 total points
ID: 17807801
Ok here we go,

                 You can purchase netscreen, sonicwall, watchguard, small appliance for 200 to 500 dollars and get full statfull packet inspection etc, etc.
Example watchguard x50 ebay 400.00. This will even have a web content filtering feature called web blocker. They have always worked great for me...
0

Featured Post

Ready to trade in that old firewall?

Whether you need to trade-up to a shiny new Firebox or just ready to upgrade from whatever appliance you're using now, WatchGuard has the right appliance for you! Find your perfect Firebox today with appliance sizing tool!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article provides a convenient collection of links to Microsoft provided Security Patches for operating systems that have reached their End of Life support cycle. Included operating systems covered by this article are Windows XP,  Windows Server…
With the rising number of cyber attacks in recent years, keeping your personal data safe has become more important than ever. The tips outlined in this article will help you keep your identitfy safe.
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
This video Micro Tutorial shows how to password-protect PDF files with free software. Many software products can do this, such as Adobe Acrobat (but not Adobe Reader), Nuance PaperPort, and Nuance Power PDF, but they are not free products. This vide…
Suggested Courses

631 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question