Solved

Security for small business

Posted on 2006-10-23
14
319 Views
Last Modified: 2013-11-16
I'm a computer consultant specializing in the small office/home office market.  I'm curious to hear from other SOHO consultants regading security for small business.
More often than not the SOHO customer goes for the least expensive solution - especially when the details of a product comparison get technical.  A case in point is the firewall.  As a technical consultant I want my customers to purchase high quality products that are flexible and easy to configure.  I want to sell my customers dedicated firewall solutions that are independently certified and well regarded by the industry.  The problem is the customers wants the $70 Linksys instead of the $500 Watchguard.  Explanations of superior security features and expandability are obscured by price.  Further, it's difficult to encourage customers to invest in gateway security when so many problems are invited in by the end users!  Others must be experiencing this too.  How are you dealing?
0
Comment
Question by:pnkljohnson2
  • 3
  • 3
  • 2
  • +3
14 Comments
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
Hi pnkljohnson2,

Good question, I have found that most small business do not need the functionality provided by the high end firewalls.

They usually do not need a VPN (especially not if they are using Exchange 2003 (or more likely SBS) you are not OS specific here, so this is just my experience).  All they need at most is a NAT router to stop inbound unsolicited traffic, and provides basic port forwarding for email and/or inbound web (443 for OWA)

-red
0
 
LVL 9

Expert Comment

by:bigjimbo813
Comment Utility
its tough thats for sure. But limit user capabilities with permissioning, keep anti-virus and application firewalls patched and up to date would be your first step.

How's your knowledge with linux?
0
 

Accepted Solution

by:
elusivetech earned 32 total points
Comment Utility
I dont think simple port forwarding firewall is enough.

Sonicwall or Juniper or Even Cisco do offer firewalls for small businesses. Though its not $100 dollars like Netgear, but for roughly $499 you can get yourself a decent firewall that does more than port forwarding or port triggering.

I think having rule based firewall is necessary even for small business. This gives you a granular control over, and you can control inbout and outbound traffic better than Linksys or Netgear.

If you dont want your customer to pay $499, I would suggest use Linux box. You can setup free rule based firewall with any flavor of Linux.

-- Martin
0
 
LVL 39

Expert Comment

by:redseatechnologies
Comment Utility
Why don't you think a nat router or port forwarding firewall is enough?

Closed ports are closed ports -> whether that is done with a $20 firewall or a $40k router
0
 
LVL 8

Expert Comment

by:jako
Comment Utility
I usually pose the question this way: If the CTO of the consulted business wants to restrict web access to most of their staff for productivity rise and yet at the same time have himself access to say, security related websites, he needs a firewall that enables more finegrained settings than the cheap NAT router he was eyeballing.
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 9

Expert Comment

by:bigjimbo813
Comment Utility
yea, but that option is up to management not the consultant. It could however be a selling point to convince management on buying the more pricey hardware.
0
 
LVL 1

Author Comment

by:pnkljohnson2
Comment Utility
As I see it the benefits of true firewall appliances over cheap NAT/PAT devices are:

1) Stronger security - more sophisticated packet inspection, better alerting/reporting, egress filtering, more integration
2) More features - VPNs, more users, configuration flexibility, industry certification
3) better support - front line support techs that do more than read from a screen, proactive research and publishing, software/firmware maintenance

These features help keep systems safe to a degree but their security value is being eroded by the simple fact that more malware is transported via open ports.  Firewall vendors are starting to offer more threat management at the gateway for enterprise products but not yet for SOHO products.  I feel like I'm doomed to put out fires all day long and I'm getting tired.  Firewall vendors, are you listening?
0
 
LVL 9

Assisted Solution

by:bigjimbo813
bigjimbo813 earned 31 total points
Comment Utility
Consulting consists of a huge grey area vs black and white. Budget with SOHO clients can vary depending on that buisness size and needs.

I have delt with clients that are as cheap as scrooge himself. You just point out a clause stating this is what you reccomend, if this isn't met then I cant guarentee my consulting time/fees.

If they don't like it, walk. Usually these tightwads are also the ones who complain over the smallest things which IMO, isn't worth the stress/money.
0
 
LVL 1

Author Comment

by:pnkljohnson2
Comment Utility
I agree with you.  Determining which customers to avoid is just as important as determining which customers to accept!   My goals is to serve my customers as well as I am able, to deliver value in my services, and to be a reliable partner for the people who put their trust in me.
It's hard being a one man shop.  There's nobody else to turn to when the going gets tough.
0
 
LVL 39

Assisted Solution

by:redseatechnologies
redseatechnologies earned 31 total points
Comment Utility
Sorry, I should have written that better.

I don't use the el-cheapo nasty routers for $20

The cheapest thing I will buy is a Linksys or equivelant for about AUD$90

With that in mind;

1) I am yet to have a small client that outgrew the security of a cheap little linksys router (including the wireless routers) - Reporting is usually a bit dodgy, if it even exists, but generally they don't care - close the ports they aren't using let it run.
2) Linksys can be a bit dodgy with VPNs, allowing only Pass-through (usually from inbound to outbound only) but I don't use the firewalls VPN anyway - RRAS does that, and takes advantage of the windows authentication.  And how flexible does a small business need their router to be?  As long as it port forwards and allows VPNs, what else is there?  I am starting to wonder about your definition of small business :) And Linksys are industry certified (and owned by cisco)
3) Support, yes, that can be lacking - but I consider these routers to be relatively disposable, and generally the online help is there (especially considering they are SOHO, and intended to be managed by consumers)

Now, I am not trying to argue for the fun of it, just trying to really get a handle on what you are doing.  I am also a one man band, and work for large (50 scattered users) and small (3 user) networks.  Where they have the budget, and moreso, the need for greater security - I have pressed for big cisco routers (1760s mainly).  But my small client, sure they are hosting mail, but that is it - everything is shut except port 25, and the router is bolted down by default everywhere else (although I was sure to check that).

No security is designed to stop anything - even locks on doors are only designed to slow down intruders.  Smaller companies (and I have seen it) usually dont even care about backups!  And there is a far greater possiblity of hardware or software problems wiping an install than someone intentionally forcing their way though a soho router.

-red
0
 
LVL 4

Assisted Solution

by:LBACIS
LBACIS earned 31 total points
Comment Utility
Ok here we go,

                 You can purchase netscreen, sonicwall, watchguard, small appliance for 200 to 500 dollars and get full statfull packet inspection etc, etc.
Example watchguard x50 ebay 400.00. This will even have a web content filtering feature called web blocker. They have always worked great for me...
0

Featured Post

Comprehensive Backup Solutions for Microsoft

Acronis protects the complete Microsoft technology stack: Windows Server, Windows PC, laptop and Surface data; Microsoft business applications; Microsoft Hyper-V; Azure VMs; Microsoft Windows Server 2016; Microsoft Exchange 2016 and SQL Server 2016.

Join & Write a Comment

Phishing is at the top of most security top 10 efforts you should be pursuing in 2016 and beyond. If you don't have phishing incorporated into your Security Awareness Program yet, now is the time. Phishers, and the scams they use, are only going to …
Healthcare organizations in the United States must adhere to the guidance of both the HIPAA (Health Insurance Portability and Accountability Act) and HITECH (Health Information Technology for Economic and Clinical Health Act) for securing and protec…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
Get a first impression of how PRTG looks and learn how it works.   This video is a short introduction to PRTG, as an initial overview or as a quick start for new PRTG users.

763 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

10 Experts available now in Live!

Get 1:1 Help Now