This is enough to make your head swim. I have a network of about 150 users. Windows 2003 Servers.
We run Trend Micro Client Security for SMB. Even with Trend running several users get hit with rootkits and the like. I know it is because the go places on the internet that they shouldn't ne going to. I obviously need some kind of Web Filter or in a broader sense some type of Unified Threat Mamagement.
In researching this topic it appears as though there are three basic topologies for doing this:
1) A security appliance
2) Turn the Windows Servers in to Proxy Servers
3) Set up a standalone PC as a Proxy server
Am I completely off base here?
Assuming I am close I am struggleing with the approach to take. I like the security appliances because they off load everything to the security appliance and don't utilize the servers in any way. I don't like the security appliances because they are propreitary and expensive. If one goes down it would be a real pain to get fixed rapidly and the intermet would be down for the duration of the fix.
I don't like using the server as a proxy server just from the standpoint that the less you have your server do the better off you are. One less thing to go wrong.
I like the idea of using a standalone PC as a Proxy Server for several reasons. It still eliminates any burden on the server. If it does go down you stand a good chance of fixing it fast and reasonably (especially if you make an image backup of it). There are a couple drawbacks. The major one seems to be that the UTM Proxy Server software from most vendors will only run on Windows Servers. This makes the price of a Security Appliance a lot more reasonable.
Does anyone have any input on the approach to take? My head is swimming with all the different vendors and their different approaches. I have read several of the threads here and everyone seems to reccommend a different vendor. Isn't there a web page you can go to to get an overall rating of the different vendors?
ANy input would be greatly appreciated. Thanks!