Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 332
  • Last Modified:

Security for small business

I'm a computer consultant specializing in the small office/home office market.  I'm curious to hear from other SOHO consultants regading security for small business.
More often than not the SOHO customer goes for the least expensive solution - especially when the details of a product comparison get technical.  A case in point is the firewall.  As a technical consultant I want my customers to purchase high quality products that are flexible and easy to configure.  I want to sell my customers dedicated firewall solutions that are independently certified and well regarded by the industry.  The problem is the customers wants the $70 Linksys instead of the $500 Watchguard.  Explanations of superior security features and expandability are obscured by price.  Further, it's difficult to encourage customers to invest in gateway security when so many problems are invited in by the end users!  Others must be experiencing this too.  How are you dealing?
0
pnkljohnson2
Asked:
pnkljohnson2
  • 3
  • 3
  • 2
  • +3
4 Solutions
 
redseatechnologiesCommented:
Hi pnkljohnson2,

Good question, I have found that most small business do not need the functionality provided by the high end firewalls.

They usually do not need a VPN (especially not if they are using Exchange 2003 (or more likely SBS) you are not OS specific here, so this is just my experience).  All they need at most is a NAT router to stop inbound unsolicited traffic, and provides basic port forwarding for email and/or inbound web (443 for OWA)

-red
0
 
bigjimbo813Commented:
its tough thats for sure. But limit user capabilities with permissioning, keep anti-virus and application firewalls patched and up to date would be your first step.

How's your knowledge with linux?
0
 
elusivetechCommented:
I dont think simple port forwarding firewall is enough.

Sonicwall or Juniper or Even Cisco do offer firewalls for small businesses. Though its not $100 dollars like Netgear, but for roughly $499 you can get yourself a decent firewall that does more than port forwarding or port triggering.

I think having rule based firewall is necessary even for small business. This gives you a granular control over, and you can control inbout and outbound traffic better than Linksys or Netgear.

If you dont want your customer to pay $499, I would suggest use Linux box. You can setup free rule based firewall with any flavor of Linux.

-- Martin
0
When ransomware hits your clients, what do you do?

MSPs: Endpoint security isn’t enough to prevent ransomware.
As the impact and severity of crypto ransomware attacks has grown, Webroot fought back, not just by building a next-gen endpoint solution capable of preventing ransomware attacks but also by being a thought leader.

 
redseatechnologiesCommented:
Why don't you think a nat router or port forwarding firewall is enough?

Closed ports are closed ports -> whether that is done with a $20 firewall or a $40k router
0
 
jakosysadminCommented:
I usually pose the question this way: If the CTO of the consulted business wants to restrict web access to most of their staff for productivity rise and yet at the same time have himself access to say, security related websites, he needs a firewall that enables more finegrained settings than the cheap NAT router he was eyeballing.
0
 
bigjimbo813Commented:
yea, but that option is up to management not the consultant. It could however be a selling point to convince management on buying the more pricey hardware.
0
 
pnkljohnson2Author Commented:
As I see it the benefits of true firewall appliances over cheap NAT/PAT devices are:

1) Stronger security - more sophisticated packet inspection, better alerting/reporting, egress filtering, more integration
2) More features - VPNs, more users, configuration flexibility, industry certification
3) better support - front line support techs that do more than read from a screen, proactive research and publishing, software/firmware maintenance

These features help keep systems safe to a degree but their security value is being eroded by the simple fact that more malware is transported via open ports.  Firewall vendors are starting to offer more threat management at the gateway for enterprise products but not yet for SOHO products.  I feel like I'm doomed to put out fires all day long and I'm getting tired.  Firewall vendors, are you listening?
0
 
bigjimbo813Commented:
Consulting consists of a huge grey area vs black and white. Budget with SOHO clients can vary depending on that buisness size and needs.

I have delt with clients that are as cheap as scrooge himself. You just point out a clause stating this is what you reccomend, if this isn't met then I cant guarentee my consulting time/fees.

If they don't like it, walk. Usually these tightwads are also the ones who complain over the smallest things which IMO, isn't worth the stress/money.
0
 
pnkljohnson2Author Commented:
I agree with you.  Determining which customers to avoid is just as important as determining which customers to accept!   My goals is to serve my customers as well as I am able, to deliver value in my services, and to be a reliable partner for the people who put their trust in me.
It's hard being a one man shop.  There's nobody else to turn to when the going gets tough.
0
 
redseatechnologiesCommented:
Sorry, I should have written that better.

I don't use the el-cheapo nasty routers for $20

The cheapest thing I will buy is a Linksys or equivelant for about AUD$90

With that in mind;

1) I am yet to have a small client that outgrew the security of a cheap little linksys router (including the wireless routers) - Reporting is usually a bit dodgy, if it even exists, but generally they don't care - close the ports they aren't using let it run.
2) Linksys can be a bit dodgy with VPNs, allowing only Pass-through (usually from inbound to outbound only) but I don't use the firewalls VPN anyway - RRAS does that, and takes advantage of the windows authentication.  And how flexible does a small business need their router to be?  As long as it port forwards and allows VPNs, what else is there?  I am starting to wonder about your definition of small business :) And Linksys are industry certified (and owned by cisco)
3) Support, yes, that can be lacking - but I consider these routers to be relatively disposable, and generally the online help is there (especially considering they are SOHO, and intended to be managed by consumers)

Now, I am not trying to argue for the fun of it, just trying to really get a handle on what you are doing.  I am also a one man band, and work for large (50 scattered users) and small (3 user) networks.  Where they have the budget, and moreso, the need for greater security - I have pressed for big cisco routers (1760s mainly).  But my small client, sure they are hosting mail, but that is it - everything is shut except port 25, and the router is bolted down by default everywhere else (although I was sure to check that).

No security is designed to stop anything - even locks on doors are only designed to slow down intruders.  Smaller companies (and I have seen it) usually dont even care about backups!  And there is a far greater possiblity of hardware or software problems wiping an install than someone intentionally forcing their way though a soho router.

-red
0
 
LBACISCommented:
Ok here we go,

                 You can purchase netscreen, sonicwall, watchguard, small appliance for 200 to 500 dollars and get full statfull packet inspection etc, etc.
Example watchguard x50 ebay 400.00. This will even have a web content filtering feature called web blocker. They have always worked great for me...
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 3
  • 3
  • 2
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now