When it comes to running a successful company, any business owner will tell you that communication is key.
But many small and medium-sized businesses (SMBs) find it hard to get a proper communication system that fits into their tight budgets.
A new partnership between Telus Corp and Microsoft Corp is hoping to change that. The two companies are teaming up to offer a range of services that will make communication between business partners, suppliers and employees cheaper and easier.
"SMBs are the single most under-served market in Canada," said Sean Seaton, director of Microsoft Canada's communications sector.
Seaton was speaking at a conference hosted by the Toronto Board of Trade in May, during which the partnership was announced. The focus, he said, is to provide better services to the SMB sector in Canada through unified communications.
Unified communications (UC) allows for the integrated use of a variety of communications tools, such as voice and e-mail, instant messaging or video conferencing in a secure environment. Often thought to be for the sole use of larger corporations because of cost constraints, Seaton said the new services offered through the Telus-Microsoft partnership will make that a thing of the past.
Using Microsoft products, which many people are familiar with, will reduce training and make the system more accessible, he added.
Take, for example, the Outlook Voice Access, part of the Microsoft Exchange 2007. By using any phone line and a toll-free number, Telus customers can access their mailbox to dictate, hear and forward new e-mails, as well as manage calendar and contact entries. In addition, users will be able to access e-mails, agendas and documents from any computer or over the Internet by accessing Outlook Web Access on a Windows Mobile-based or BlackBerry handheld device.
Other UC tools include accessing Microsoft SharePoint through a secure network to share documents, easily collaborate, find company resources, search for experts and corporate information and manage content and workflow. And all this can be accessed from a PC, Internet browser, mobile device or phone.
"Many of these tools were previously out of reach for small businesses," said Brent Douziech, vice-president of new product development at Telus. Also speaking at the conference, Douziech said UC will offer the SMB sector vital improvements such as ease of access, reduction in travel time and improved team activities.
For businesses that may be unsure of how a unified communication system could help them, Douziech suggested a visit to the Telus website ( www.telus.com ). Online, business owners will find an assessment tool that will let them plug in the particulars of the business and give them feedback as to the best communication tools available to meet their needs.
"Its all about business needs and business problems," he said. "And a need to solve those."
Carol Wilding, president and CEO of the Toronto Board of Trade, said the board decided to host the event because enhanced communication for small and medium-sized businesses is of particular importance to her members.
"One third of our members are the small businesses," she said. "Another one third are what we call medium-sized businesses."
Wilding said supporting the growth and development of these companies - by helping them become more competitive and connect with other business leaders - is a way to ensure that Toronto prospers as a city.
"Business very much now depends on communication technology," she said, adding that companies must work and trade in a much more globalized economy.
BY IZABELA JAROSZYNSKI
Source: http://www.torontobusinesstimes.com/tbt/article/49110
Friday, May 30, 2008
Sunday, May 25, 2008
Just how big a threat does public WiFi pose to your security?
Rick Coca of the Daily News had a story on the cover today concerning an FBI warning about hackers who set up their own WiFi router with the same SSID name as the public WiFi router you wish to connect to, with the purpose being to steal vital passwords and other information during your wireless Internet session.
While the article was short and didn't go very deep into the security issues surrounding WiFi and Internet networking in general, and laptop computers in particular, users of WiFi in general and public WiFi in particular need to be aware of what they should and shouldn't do.
The article did say that it's a good idea to have your computer configured to CHOOSE the WiFi router to which you wish to connect, because the consequences could be, for lack of a better word, bad:
Once in, a hacker can steal passwords and credit-card information and install viruses, worms and other malware — malicious software — on a computer that can spread to other systems you run.
(FBI cybercrimes supervisor Bryan) Duchene recommends that Wi-Fi users change their settings so they have to manually input the Service Set Identifier (SSID) they want to log on to.
While free-access seekers spawned the "wardriving" phenomenon — Wi-Fi users drove around with GPS systems and Wi-Fi-seeking laptops, marking locations of unsecured, free Wi-Fi sites — that practice eventually piqued the interest of criminals, Duchene said.
While WiFi does increase the risk of "bad" things happening, and the lack of encryption on almost all public WiFi connections doesn't help matters, I'm pretty confident in saying that if you are entering logins, passwords and other "sensitive" information over a secure connection — one with https:// in the Web address instead of just plain http:// — you are pretty safe, even over public WiFi.
But in cases where your login or password is NOT sent via a secure, encrypted connection, or for regular Web browsing on non-secure connection, it's quite possible that others can see what you're doing on the Internet.
That may bother you, or it may not.
But especially when it comes to e-mail, make sure you are using a secure, encrypted connection, either through a Web-browser interface, or via the settings in your e-mail client, be it Microsoft Outlook, Mozilla Thunderbird, the Apple Mail program or whatever else you're running.
The worst thing you can do is send sensitive information -- or any personal or private information -- via unencrypted e-mail over an unencrypted WiFi connection. That's just too much of a risk.
I've often said that I wish all Internet traffic — e-mail, Web browsing, file transfers, etc. — took place over secure connections. I think we're headed in that direction.
So here's my quick guide on what to do and not do over a public WiFi connection:
E-mail: Only read and send e-mail via a secure encrypted connection. That means if you're using a Web interface, make sure the ENTIRE session, from login and password to composing and sending the e-mail and logging out -- takes place in a secure environment with the https:// in the address box.
For Gmail, you can choose a secure connection with https://gmail.com ... BUT the last time I read about it, your Google login and password is stored as a cookie on your computer for easy access, and it can be easily stolen over a public WiFi connection.
For Yahoo! Mail, your login and password is entered in a secure environment, but the rest of your e-mail session is unencrypted, so don't use Yahoo! Mail over a public WiFi connection.
If you have an office-provided e-mail service via a Web browser, look for the https:// instead of http:// and ask your system administrator about whether your connection is secure the whole way through.
If you use an e-mail client like Outlook or Thunderbird, make sure your e-mail server allows secure connections -- and make sure your client software is set up properly to use it.
There are e-mail services that offer more security. For the extremely paranoid, there's HushMail, but my favorite is Fastmail.fm. Just make sure you use the secure version. I'll also put in a plug for my ISP, DSL Extreme, which offers Web-accessible e-mail in a completely secure session.
Antivirus, antispyware, firewall protection: Whatever you do, and especially if you're using Microsoft Windows, make sure you have up-to-date antivirus and firewall programs. This excellent though aging Washington Post page has links to many vendors of these programs, some of which are available free. For the PC, I prefer Avast. Avast also runs on Linux, although with that operating system you're only likely to pass along a virus, because almost all malicious code is aimed at Windows computers, which are much easier targets.
Web: For Web browsing, if you are on an unsecured connection, it's easy for snoops to figure out the URLs of the Web pages you're visiting. And from there those snoops can see what's on those pages, too.
While it's not conducive to privacy, this might not be a problem, depending on where you're browsing.
But ... if you're entering any logins, passwords or other sensitive information, make sure you're on a secure connection before beginning. AND make sure your computer is NOT set up for file sharing.
To be more clear, if your computer is free of malicious software -- key-loggers that record every keystroke, spyware, etc. -- an encrypted connection should give you enough security over WiFi.
IM is a problem: Most instant-messaging traffic is unencrypted, so don't IM anything you don't want others to potentially see. The last time I checked, Yahoo! Instant Messenger, AOL's AIM and Microsoft's MSN Messenger are all unencrypted.
And do yourself a favor: NEVER, EVER, EVER NEVER, install any kind of software from an untrusted source, over WiFi or a wired Internet connection. That's when the bad stuff happens -- when malicious software makes its way onto your computer. It's easier by orders of magnitude to attack from the inside than from the outside.
WiFi at home and work: Wireless routers that you control at your home or workplace can be set up for encrypted connections only. Don't use WEP encryption because it can be easily cracked. Instead, use WPA or WPA2, which are much, much more secure and robust.
And like it says in the Daily News article, make sure you change the SSID name of your router to something other than the default (usually something like Linksys, Netgear, or the name of whatever company made the router), and also make sure you have your computers set to only connect with YOUR router.
By Steven Rosenberg
Source:http://www.insidesocal.com/click/2008/05/just-how-big-a-threat-does-pub.html
While the article was short and didn't go very deep into the security issues surrounding WiFi and Internet networking in general, and laptop computers in particular, users of WiFi in general and public WiFi in particular need to be aware of what they should and shouldn't do.
The article did say that it's a good idea to have your computer configured to CHOOSE the WiFi router to which you wish to connect, because the consequences could be, for lack of a better word, bad:
Once in, a hacker can steal passwords and credit-card information and install viruses, worms and other malware — malicious software — on a computer that can spread to other systems you run.
(FBI cybercrimes supervisor Bryan) Duchene recommends that Wi-Fi users change their settings so they have to manually input the Service Set Identifier (SSID) they want to log on to.
While free-access seekers spawned the "wardriving" phenomenon — Wi-Fi users drove around with GPS systems and Wi-Fi-seeking laptops, marking locations of unsecured, free Wi-Fi sites — that practice eventually piqued the interest of criminals, Duchene said.
While WiFi does increase the risk of "bad" things happening, and the lack of encryption on almost all public WiFi connections doesn't help matters, I'm pretty confident in saying that if you are entering logins, passwords and other "sensitive" information over a secure connection — one with https:// in the Web address instead of just plain http:// — you are pretty safe, even over public WiFi.
But in cases where your login or password is NOT sent via a secure, encrypted connection, or for regular Web browsing on non-secure connection, it's quite possible that others can see what you're doing on the Internet.
That may bother you, or it may not.
But especially when it comes to e-mail, make sure you are using a secure, encrypted connection, either through a Web-browser interface, or via the settings in your e-mail client, be it Microsoft Outlook, Mozilla Thunderbird, the Apple Mail program or whatever else you're running.
The worst thing you can do is send sensitive information -- or any personal or private information -- via unencrypted e-mail over an unencrypted WiFi connection. That's just too much of a risk.
I've often said that I wish all Internet traffic — e-mail, Web browsing, file transfers, etc. — took place over secure connections. I think we're headed in that direction.
So here's my quick guide on what to do and not do over a public WiFi connection:
E-mail: Only read and send e-mail via a secure encrypted connection. That means if you're using a Web interface, make sure the ENTIRE session, from login and password to composing and sending the e-mail and logging out -- takes place in a secure environment with the https:// in the address box.
For Gmail, you can choose a secure connection with https://gmail.com ... BUT the last time I read about it, your Google login and password is stored as a cookie on your computer for easy access, and it can be easily stolen over a public WiFi connection.
For Yahoo! Mail, your login and password is entered in a secure environment, but the rest of your e-mail session is unencrypted, so don't use Yahoo! Mail over a public WiFi connection.
If you have an office-provided e-mail service via a Web browser, look for the https:// instead of http:// and ask your system administrator about whether your connection is secure the whole way through.
If you use an e-mail client like Outlook or Thunderbird, make sure your e-mail server allows secure connections -- and make sure your client software is set up properly to use it.
There are e-mail services that offer more security. For the extremely paranoid, there's HushMail, but my favorite is Fastmail.fm. Just make sure you use the secure version. I'll also put in a plug for my ISP, DSL Extreme, which offers Web-accessible e-mail in a completely secure session.
Antivirus, antispyware, firewall protection: Whatever you do, and especially if you're using Microsoft Windows, make sure you have up-to-date antivirus and firewall programs. This excellent though aging Washington Post page has links to many vendors of these programs, some of which are available free. For the PC, I prefer Avast. Avast also runs on Linux, although with that operating system you're only likely to pass along a virus, because almost all malicious code is aimed at Windows computers, which are much easier targets.
Web: For Web browsing, if you are on an unsecured connection, it's easy for snoops to figure out the URLs of the Web pages you're visiting. And from there those snoops can see what's on those pages, too.
While it's not conducive to privacy, this might not be a problem, depending on where you're browsing.
But ... if you're entering any logins, passwords or other sensitive information, make sure you're on a secure connection before beginning. AND make sure your computer is NOT set up for file sharing.
To be more clear, if your computer is free of malicious software -- key-loggers that record every keystroke, spyware, etc. -- an encrypted connection should give you enough security over WiFi.
IM is a problem: Most instant-messaging traffic is unencrypted, so don't IM anything you don't want others to potentially see. The last time I checked, Yahoo! Instant Messenger, AOL's AIM and Microsoft's MSN Messenger are all unencrypted.
And do yourself a favor: NEVER, EVER, EVER NEVER, install any kind of software from an untrusted source, over WiFi or a wired Internet connection. That's when the bad stuff happens -- when malicious software makes its way onto your computer. It's easier by orders of magnitude to attack from the inside than from the outside.
WiFi at home and work: Wireless routers that you control at your home or workplace can be set up for encrypted connections only. Don't use WEP encryption because it can be easily cracked. Instead, use WPA or WPA2, which are much, much more secure and robust.
And like it says in the Daily News article, make sure you change the SSID name of your router to something other than the default (usually something like Linksys, Netgear, or the name of whatever company made the router), and also make sure you have your computers set to only connect with YOUR router.
By Steven Rosenberg
Source:http://www.insidesocal.com/click/2008/05/just-how-big-a-threat-does-pub.html
Thursday, May 22, 2008
Messaging Architects Announces M+Guardian Virtual Messaging Firewall
Industry's First Fully Virtualized Solution to Offer Identity-Driven, Policy-Based Security and Data Loss Prevention in a Single, Extensible Platform for Total Email Lifecycle Management
MONTREAL--(Marketwire - May 21, 2008) - Messaging Architects, global leaders in risk management software and services for enterprise email, announced today the availability of version 2008.2 of its successful M+Guardian Secure Messaging Firewall. Now available as a fully virtualized appliance, called M+Guardian VMF, it delivers advanced email security and data loss prevention combined with the business benefits of server virtualization. M+Guardian VMF integrates seamlessly with other components of the M+ platform such as M+Archive, ensuring fully compliant email lifecycle management.
With this release, Messaging Architects enables organizations to fully leverage the business continuity and high availability features linked to server virtualization and apply them to their messaging and collaboration infrastructure. "M+Guardian VMF reflects Messaging Architects' commitment to delivering best-of-breed technology that can simplify the lives of its clients. We saw the advantages that ESX, the industry's leading enterprise virtual platform, and the freely available VMware Server can bring to our customers and wanted to ensure they could benefit from these advantages when deploying M+Guardian," explains Nick Stefan, VP of R&D at Messaging Architects. M+Guardian VMF is delivered using VMware's industry leading virtualization platform for which Messaging Architects is a certified VMware Technology Partner.
"The convenience of email as a business communications tool also exposes enterprises to a wide variety of legal, financial and regulatory risks associated with outbound email. M+Guardian truly delivers a significant benefit for our customers in addressing these risks from a policy-based, identity-driven perspective," says Maximilian Morgan, Product Manager for M+Guardian. "Other solutions typically only address one or two security risks, and fail to offer a unified view of the organization's mail flow, resulting in important compliance and security gaps".
M+Guardian incorporates a robust, enterprise-class clustered MTA with perimeter security, industry-leading anti-virus and anti-spam technologies, reputation and content filtering engines, data privacy and loss prevention. The built-in clustering capabilities of M+Guardian ensure that no latency is introduced into the mail flow, even when sophisticated pattern matching and filtering is applied on a large volume of messages. Before any new version is shipped, M+Guardian is extensively field-tested on Messaging Architects' own real-life, high-volume hosted email system. This system (www.myrealbox.com) processes over 6.5 million messages a day for 50,000 users worldwide, filtering out 99.1% of all messages.
"The M+Guardian appliance really meets the needs of our Colleges with its flexibility and numerous features. What I really like about this version is the fact that it comes as a pre-configured and optimized appliance that requires minimal setup on my part. The fact that it uses its own embedded LDAP server is a huge selling point for me as it allows me to manage profiles and policies centrally. M+Guardian also scales really well and is able to easily handle all the traffic for both College email systems," remarks John McHugh, Network System Specialist at The Chabot-Las Positas Community College District, where M+Guardian protects the email accounts of 1,500 faculty and staff users and some 22,000 students, ensuring full compliance with internal policies and external regulatory frameworks.
The new fast-track deployment wizard simplifies implementation and provides instant portability of server settings to new server hardware, whether physical or virtual. Installation of M+Guardian will typically take less than 15 minutes from opening the box to full Email Server protection.
Availability
M+Guardian 2008.2 is available immediately as a physical appliance or as a virtual server for VMware. It is compatible with all standard email servers, including Novell GroupWise, Microsoft Exchange and IBM Lotus Notes/Domino. For more information, visit www.messagingarchitects.com/mplusguardian.
About Messaging Architects
We are global specialists in risk management for enterprise email and collaboration. We provide software and services for 100% uptime and compliance. Used daily by thousands of enterprise clients worldwide, our solutions are compatible with Novell GroupWise (NOVL), Microsoft Exchange (MSFT) and IBM Lotus Notes/Domino (IBM). For more information, visit our website at www.messagingarchitects.com/businessdriven.
MONTREAL--(Marketwire - May 21, 2008) - Messaging Architects, global leaders in risk management software and services for enterprise email, announced today the availability of version 2008.2 of its successful M+Guardian Secure Messaging Firewall. Now available as a fully virtualized appliance, called M+Guardian VMF, it delivers advanced email security and data loss prevention combined with the business benefits of server virtualization. M+Guardian VMF integrates seamlessly with other components of the M+ platform such as M+Archive, ensuring fully compliant email lifecycle management.
With this release, Messaging Architects enables organizations to fully leverage the business continuity and high availability features linked to server virtualization and apply them to their messaging and collaboration infrastructure. "M+Guardian VMF reflects Messaging Architects' commitment to delivering best-of-breed technology that can simplify the lives of its clients. We saw the advantages that ESX, the industry's leading enterprise virtual platform, and the freely available VMware Server can bring to our customers and wanted to ensure they could benefit from these advantages when deploying M+Guardian," explains Nick Stefan, VP of R&D at Messaging Architects. M+Guardian VMF is delivered using VMware's industry leading virtualization platform for which Messaging Architects is a certified VMware Technology Partner.
"The convenience of email as a business communications tool also exposes enterprises to a wide variety of legal, financial and regulatory risks associated with outbound email. M+Guardian truly delivers a significant benefit for our customers in addressing these risks from a policy-based, identity-driven perspective," says Maximilian Morgan, Product Manager for M+Guardian. "Other solutions typically only address one or two security risks, and fail to offer a unified view of the organization's mail flow, resulting in important compliance and security gaps".
M+Guardian incorporates a robust, enterprise-class clustered MTA with perimeter security, industry-leading anti-virus and anti-spam technologies, reputation and content filtering engines, data privacy and loss prevention. The built-in clustering capabilities of M+Guardian ensure that no latency is introduced into the mail flow, even when sophisticated pattern matching and filtering is applied on a large volume of messages. Before any new version is shipped, M+Guardian is extensively field-tested on Messaging Architects' own real-life, high-volume hosted email system. This system (www.myrealbox.com) processes over 6.5 million messages a day for 50,000 users worldwide, filtering out 99.1% of all messages.
"The M+Guardian appliance really meets the needs of our Colleges with its flexibility and numerous features. What I really like about this version is the fact that it comes as a pre-configured and optimized appliance that requires minimal setup on my part. The fact that it uses its own embedded LDAP server is a huge selling point for me as it allows me to manage profiles and policies centrally. M+Guardian also scales really well and is able to easily handle all the traffic for both College email systems," remarks John McHugh, Network System Specialist at The Chabot-Las Positas Community College District, where M+Guardian protects the email accounts of 1,500 faculty and staff users and some 22,000 students, ensuring full compliance with internal policies and external regulatory frameworks.
The new fast-track deployment wizard simplifies implementation and provides instant portability of server settings to new server hardware, whether physical or virtual. Installation of M+Guardian will typically take less than 15 minutes from opening the box to full Email Server protection.
Availability
M+Guardian 2008.2 is available immediately as a physical appliance or as a virtual server for VMware. It is compatible with all standard email servers, including Novell GroupWise, Microsoft Exchange and IBM Lotus Notes/Domino. For more information, visit www.messagingarchitects.com/mplusguardian.
About Messaging Architects
We are global specialists in risk management for enterprise email and collaboration. We provide software and services for 100% uptime and compliance. Used daily by thousands of enterprise clients worldwide, our solutions are compatible with Novell GroupWise (NOVL), Microsoft Exchange (MSFT) and IBM Lotus Notes/Domino (IBM). For more information, visit our website at www.messagingarchitects.com/businessdriven.
Wednesday, May 21, 2008
Secure your network
Network security can be a thorny issue for small businesses because they generally lack pricey equipment and dedicated IT people who have the expertise to lock down a local area network. But addressing security is nevertheless essential: Just one customer data breach could easily wipe out a small business, and constantly battling viruses, spyware, and spam can sap employee productivity.
Threats may come from wireless deployments, too--Wi-Fi is a great convenience but also a serious weak point in most networks--as well as from Web site breaches and from employee downloads of illegitimate material. (Since you are responsible for employees' use of your network, that last vulnerability can have serious consequences.) And that list doesn't even count bandwidth wasted when employees visit sites like MySpace and Facebook, or watch YouTube videos, on company time. How can you secure your small business against so many disparate threats, constrained as you are by limited resources?
The task is actually not as difficult as it may sound, thanks to enterprise-grade security technology that has been trickling down to the small-business level. So-called UTM (unified threat management) security appliances offer one-stop "security-in-a-box" protection that even part-time network administrators can deploy.
Basically, UTM appliances are firewall routers supplemented with powerful features such as antivirus and antispyware capabilities, intrusion detection and/or prevention, spam filtering, and Web content filtering (for blocking traffic such as porn sites and software downloads). These appliances may have other useful features as well, such as the ability to wall off a guest wireless network from the rest of the LAN, an array of secondary wide-area-network ports for redundancy or failover, and extensive logging and reporting systems.
Formerly the domain of network pros with deep pockets, UTM appliances for networks of 8 to 25 users now sell for as little as US$400, including a year's subscription to product updates and virus and malware definition services. I found many vendors offering full-featured UTM products for less than $1000 (see "Sub-$1000 UTM Appliances"). All of them market higher-priced products for larger businesses, too. Some UTM appliances are more user-friendly than others, but all can be installed by a third-party reseller and then maintained fairly easily.
Key UTM features explained
Unlike standard firewall routers, UTM appliances vary widely in their features and capabilities--and for the most part, you get what you pay for. Here are the major features to look for when choosing a network security package for your small business.
Antivirus, antispyware, and antiphishing tools
By stopping viruses and malware at the Internet gateway, you can reduce the burden on individual computers and prevent most threats from reaching your network. Antivirus tools also provide a second layer of protection beyond your individual PCs' virus checkers, which frustrated users may disable and negligent users may update too infrequently. Gateway checkers can't find every piece of malware, however, because they lack the horsepower needed to emulate the programs on each computer. Thus you should retain the virus and spyware tools on each PC.
It's also worth finding out the brand of virus or malware checker that the UTM appliances you are considering use. Some devices work with their own software, but most rely on third-party tools from companies such as McAfee, Kaspersky, or even ClamAV (the open-source option). You should make sure that ongoing support will be available.
Content and keyword filtering
With content and keyword filtering, you can block access to specific IP addresses, domains, and URLs by invoking the vendor's database of inappropriate Web sites and keywords in various categories, as well as by adding or subtracting your own. Content filtering isn't just for porn. You could block Web mail sites, for example, or video-streaming services. You can use filtering on outgoing data as well as incoming data, so you could prevent people within your network from sending explicit e-mail or instant messages. Check to confirm that the UTM appliances you're considering have the content-filtering capabilities you need.
Spam filtering
A few UTM appliances have antispam filters, but most offer it only as an extra-cost option (if at all). Because spam filtering can have a major effect on firewall throughput, many IT experts prefer to use a separate spam filter at the mail server. Your ISP probably can perform this task at little or no extra charge if you use its e-mail services. If you run your own e-mail server behind your firewall, UTM appliance-based spam filtering may be appropriate.
Intrusion detection and prevention
Intrusion detection goes beyond the simple packet header inspection that all firewalls perform, actually examining the packets' contents as well. Together with deep-packet inspection, intrusion detection and prevention systems use ever-evolving rules and behavioral algorithms to block suspected attacks, much as antivirus software does.
Data-leakage prevention
Less commonly available--but important to some small businesses--is data-leakage prevention. "Data leakage" refers to the loss of proprietary information and documents from the network via e-mail, e-mail attachments, instant messaging, Web site uploads, and so on. Law and medical offices especially need to prevent transmittal of client or patient data; they can be sued if such information leaks out.
DLP software uses content filtering or simply blocks e-mail attachments and file transfers. You may be able to simulate DLP by using regular content and port filtering tools, but you'll need to anticipate some of the ways data can leak, and some expertise in security configuration is extremely valuable. A security consultant can be a big help here.
Gateway throughput
One of the first specs you'll see on any UTM appliance datasheet is firewall performance or throughput, expressed in mbps (megabits per second). These numbers can provide a rough guide to performance, but they may not factor in the impact of the UTM tools you use--from intrusion detection to antivirus to content filtering--which can reduce throughput by up to 50 percent, though some gateways handle the hit better than others due to speedier processors or more efficient software. Antispam filters usually have the heaviest impact on throughput.
Most vendors have try-before-you-buy programs, so take advantage of these arrangements to ensure that the UTM appliance you ultimately select has the features you need and doesn't bog down under your network's loads. When you count the number of users on your network, remember to include peripheral network devices such as NASs, printers, and PDAs, since they may count toward the "recommended" user load.
Access control and authentication
To prevent unauthorized users from accessing your LAN, most UTM appliances support one or more authentication schemes, such as Windows Active Directory, LDAP, RADIUS, or an internal user database. They also provide MAC address filtering to prevent unregistered devices from accessing your LAN; unfortunately, MAC addresses are easy to spoof.
WAN failover/redundancy
One very important difference between standard firewall routers and many UTM appliances is the presence on the latter of a second (and sometimes even a third) WAN port. In case of an outage, you could balance the network load between two regular connections--say, one DSL and one cable. You can set one up as the primary, with the second kicking in only during an outage, or you can divide loads on a round-robin or percentage basis. This is a great way to establish outage protection without investing in an expensive T1 line (and the accompanying service-level guarantees).
VPN gateway
For secure connections between offices, during business travel, or in support of telecommuting, virtual private network support is a must-have feature. Most UTM appliances can serve as VPN gateways for incoming connections. Remote users can connect to the gateway and can access LAN resources securely over an encrypted tunnel.
Wireless security
Most small businesses want Wi-Fi network access, so wireless security features in a UTM appliance are very important. Some appliances have a built-in wireless router, enabling them to run Wi-Fi traffic through the same strong filters that they use for Internet traffic. Others let you use third-party Wi-Fi access points to create special security zones for wireless networks.
By Becky Waring
Source: http://news.idg.no/pcw/art.cfm?id=02E0ED8D-17A4-0F78-3160218B4C003A9C
Threats may come from wireless deployments, too--Wi-Fi is a great convenience but also a serious weak point in most networks--as well as from Web site breaches and from employee downloads of illegitimate material. (Since you are responsible for employees' use of your network, that last vulnerability can have serious consequences.) And that list doesn't even count bandwidth wasted when employees visit sites like MySpace and Facebook, or watch YouTube videos, on company time. How can you secure your small business against so many disparate threats, constrained as you are by limited resources?
The task is actually not as difficult as it may sound, thanks to enterprise-grade security technology that has been trickling down to the small-business level. So-called UTM (unified threat management) security appliances offer one-stop "security-in-a-box" protection that even part-time network administrators can deploy.
Basically, UTM appliances are firewall routers supplemented with powerful features such as antivirus and antispyware capabilities, intrusion detection and/or prevention, spam filtering, and Web content filtering (for blocking traffic such as porn sites and software downloads). These appliances may have other useful features as well, such as the ability to wall off a guest wireless network from the rest of the LAN, an array of secondary wide-area-network ports for redundancy or failover, and extensive logging and reporting systems.
Formerly the domain of network pros with deep pockets, UTM appliances for networks of 8 to 25 users now sell for as little as US$400, including a year's subscription to product updates and virus and malware definition services. I found many vendors offering full-featured UTM products for less than $1000 (see "Sub-$1000 UTM Appliances"). All of them market higher-priced products for larger businesses, too. Some UTM appliances are more user-friendly than others, but all can be installed by a third-party reseller and then maintained fairly easily.
Key UTM features explained
Unlike standard firewall routers, UTM appliances vary widely in their features and capabilities--and for the most part, you get what you pay for. Here are the major features to look for when choosing a network security package for your small business.
Antivirus, antispyware, and antiphishing tools
By stopping viruses and malware at the Internet gateway, you can reduce the burden on individual computers and prevent most threats from reaching your network. Antivirus tools also provide a second layer of protection beyond your individual PCs' virus checkers, which frustrated users may disable and negligent users may update too infrequently. Gateway checkers can't find every piece of malware, however, because they lack the horsepower needed to emulate the programs on each computer. Thus you should retain the virus and spyware tools on each PC.
It's also worth finding out the brand of virus or malware checker that the UTM appliances you are considering use. Some devices work with their own software, but most rely on third-party tools from companies such as McAfee, Kaspersky, or even ClamAV (the open-source option). You should make sure that ongoing support will be available.
Content and keyword filtering
With content and keyword filtering, you can block access to specific IP addresses, domains, and URLs by invoking the vendor's database of inappropriate Web sites and keywords in various categories, as well as by adding or subtracting your own. Content filtering isn't just for porn. You could block Web mail sites, for example, or video-streaming services. You can use filtering on outgoing data as well as incoming data, so you could prevent people within your network from sending explicit e-mail or instant messages. Check to confirm that the UTM appliances you're considering have the content-filtering capabilities you need.
Spam filtering
A few UTM appliances have antispam filters, but most offer it only as an extra-cost option (if at all). Because spam filtering can have a major effect on firewall throughput, many IT experts prefer to use a separate spam filter at the mail server. Your ISP probably can perform this task at little or no extra charge if you use its e-mail services. If you run your own e-mail server behind your firewall, UTM appliance-based spam filtering may be appropriate.
Intrusion detection and prevention
Intrusion detection goes beyond the simple packet header inspection that all firewalls perform, actually examining the packets' contents as well. Together with deep-packet inspection, intrusion detection and prevention systems use ever-evolving rules and behavioral algorithms to block suspected attacks, much as antivirus software does.
Data-leakage prevention
Less commonly available--but important to some small businesses--is data-leakage prevention. "Data leakage" refers to the loss of proprietary information and documents from the network via e-mail, e-mail attachments, instant messaging, Web site uploads, and so on. Law and medical offices especially need to prevent transmittal of client or patient data; they can be sued if such information leaks out.
DLP software uses content filtering or simply blocks e-mail attachments and file transfers. You may be able to simulate DLP by using regular content and port filtering tools, but you'll need to anticipate some of the ways data can leak, and some expertise in security configuration is extremely valuable. A security consultant can be a big help here.
Gateway throughput
One of the first specs you'll see on any UTM appliance datasheet is firewall performance or throughput, expressed in mbps (megabits per second). These numbers can provide a rough guide to performance, but they may not factor in the impact of the UTM tools you use--from intrusion detection to antivirus to content filtering--which can reduce throughput by up to 50 percent, though some gateways handle the hit better than others due to speedier processors or more efficient software. Antispam filters usually have the heaviest impact on throughput.
Most vendors have try-before-you-buy programs, so take advantage of these arrangements to ensure that the UTM appliance you ultimately select has the features you need and doesn't bog down under your network's loads. When you count the number of users on your network, remember to include peripheral network devices such as NASs, printers, and PDAs, since they may count toward the "recommended" user load.
Access control and authentication
To prevent unauthorized users from accessing your LAN, most UTM appliances support one or more authentication schemes, such as Windows Active Directory, LDAP, RADIUS, or an internal user database. They also provide MAC address filtering to prevent unregistered devices from accessing your LAN; unfortunately, MAC addresses are easy to spoof.
WAN failover/redundancy
One very important difference between standard firewall routers and many UTM appliances is the presence on the latter of a second (and sometimes even a third) WAN port. In case of an outage, you could balance the network load between two regular connections--say, one DSL and one cable. You can set one up as the primary, with the second kicking in only during an outage, or you can divide loads on a round-robin or percentage basis. This is a great way to establish outage protection without investing in an expensive T1 line (and the accompanying service-level guarantees).
VPN gateway
For secure connections between offices, during business travel, or in support of telecommuting, virtual private network support is a must-have feature. Most UTM appliances can serve as VPN gateways for incoming connections. Remote users can connect to the gateway and can access LAN resources securely over an encrypted tunnel.
Wireless security
Most small businesses want Wi-Fi network access, so wireless security features in a UTM appliance are very important. Some appliances have a built-in wireless router, enabling them to run Wi-Fi traffic through the same strong filters that they use for Internet traffic. Others let you use third-party Wi-Fi access points to create special security zones for wireless networks.
By Becky Waring
Source: http://news.idg.no/pcw/art.cfm?id=02E0ED8D-17A4-0F78-3160218B4C003A9C
Subscribe to:
Posts (Atom)
Durov: The phone of the richest man in the world was hacked through WhatsApp.
The founder of "VKontakte" and Telegram Pavel Durov said that back in November 2019 he warned about the vulnerability of the Whats...
-
Computer's personal often face problems when they have to take a break from their PC for some time and can’t answer to emails and instan...
-
The founder of "VKontakte" and Telegram Pavel Durov said that back in November 2019 he warned about the vulnerability of the Whats... -
We have received a question about using Instant Messaging services (such as AIM, Yahoo, MSN Messenger & Skype Chat) in the office: “Is i...
