?
Solved

Different Approaches to Unified Threat Mamagement

Posted on 2007-09-30
2
Medium Priority
?
280 Views
Last Modified: 2013-12-04
  This is enough to make your head swim. I have a network of about 150 users. Windows 2003 Servers.
We run Trend Micro Client Security for SMB. Even with Trend running several users get hit with rootkits and the like. I know it is because the go places on the internet that they shouldn't ne going to. I obviously need some kind of Web Filter or in a broader sense some type of Unified Threat Mamagement.

 In researching this topic it appears as though there are three basic topologies for doing this:
1) A security appliance
2) Turn the Windows Servers in to Proxy Servers
3) Set up a standalone PC as a Proxy server
Am I completely off base here?

   Assuming I am close I am struggleing with the approach to take. I like the security appliances because they off load everything to the security appliance and don't utilize the servers in any way. I don't like the security appliances because they are propreitary and expensive. If one goes down it would be a real pain to get fixed rapidly and the intermet would be down for the duration of the fix.

   I don't like using the server as a proxy server just from the standpoint that the less you have your server do the better off you are. One less thing to go wrong.

   I like the idea of using a standalone PC as a Proxy Server for several reasons. It still eliminates any burden on the server. If it does go down you stand a good chance of fixing it fast and reasonably (especially if you make an image backup of it). There are a couple drawbacks. The major one seems to be that the UTM Proxy Server software from most vendors will only run on Windows Servers. This makes the price of a Security Appliance a lot more reasonable.

   Does anyone have any input on the approach to take? My head is swimming with all the different vendors and their different approaches. I have read several of the threads here and everyone seems to reccommend a different vendor. Isn't there a web page you can go to to get an overall rating of the different vendors?

ANy input would be greatly appreciated. Thanks!
0
Comment
Question by:jimbecher
2 Comments
 
LVL 51

Accepted Solution

by:
ahoffmann earned 1000 total points
ID: 19987974
I'd collect an old i386 from the trash corner, install a simple linux with squid, force all browsers to use that squid as proxy, and ready you go ...
(well, the configuration ofthe blacklist checked by squid will be a challenge, depending on your browser user's skills:)
0
 
LVL 57

Assisted Solution

by:McKnife
McKnife earned 1000 total points
ID: 19994503
Hi!
First: No one "gets hit" with rootkits. If it could come that far, your administration has to be taken responsible for it. If you have that massive infections, then it's time to rethink your whole strategy.
Some loose thoughts for the future:
simple
-teach your users
-use user rights
-keep applications and OS updated (patch management)
-block access to personal startup areas (autostart/registry)
-think about restricting internet access to business matters only

less simple
-use indirect internet access like from a terminal server or kde (linux) session
-use content filtering (mimesweeper clearswift/ finjan web appliance)
-apply software restriction policies (via GPOs)

From your current situation I would first do analysis of "what went wrong", because something definitely went wrong. Alongside you should take your time to build a security policy and I mean it, make a plan about what you want people to be able to (functionality), what that implies (risks) and how to react (prevention/countermeasures/emergency behavior). Afterwards, you might think about hightech solutions - and if those would really be appropriate.
If people have direct internet access (no proxy) then there has to be a reason for that, what is it?
Imagine someone hacking your machines and committing cybercrime. The police might come and take away all your servers - no working for days - that was it ;)
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Provide an easy one stop to quickly get the relevant information on common asked question on Ransomware in Expert Exchange.
A new hacking trick has emerged leveraging your own helpdesk or support ticketing tools as an easy way to distribute malware.
Integration Management Part 2
Is your data getting by on basic protection measures? In today’s climate of debilitating malware and ransomware—like WannaCry—that may not be enough. You need to establish more than basics, like a recovery plan that protects both data and endpoints.…
Suggested Courses

862 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question