| |
|
|
| Your network plays a critical role in the functioning of your business. The goal of properly protecting your network is to stop problems externally before they ever reach your systems internally. Here we will look at the most common protection businesses deploy to keep their network safe and some basic deployment scenarios. |
| |
|
Common Network Protection Systems Are:
|
| |
|
Firewall - Standard for any business to monitor and allow or block traffic coming from the Internet.
Intrusion Detection/Prevention Sytems - abbrev. IDS or IPS , Inevitably businesses need to open ports in their firewall to allow traffic for their systems to communicate. This exposes those servers to attack, the majority of hack attempts today are performed by software tools written for the specific purpose of hacking. The traffic created by hacking has a certain signature that can be recognized and thwarted by a working IDS/IPS System. These systems maintain a database of common hacking signatures and drop traffic that appears to be malicious.
E-mail Proxy- This is becoming common for businesses of all sizes. An e-mail proxy receives all of your company e-mail then checks to see if it is from a known Spam or Phishing source. If it clears that, it then checks the e-mail to make sure no viruses are contained therein. If the message is spam, it can be set to quarantine it. A good e-mail proxy can be setup to allow users to release their spam if it was unjustly quarantined. Also, it can be set to allow users to whitelist addresses that are being flagged as spam and are actually legitimate. Putting this in the users control, reduces the cost to administrate and the time it takes for users to receive an e-mail that they "really" needed.
The other major advantage to using an e-mail proxy is that it protects your e-mail server. The proxy is exposed to attacks instead of your e-mail server. Your e-mail server is also spending most its time processing clean and legitimate e-mail while malicious ones never enter your network.
Web Proxy - Also becoming very common, a web proxy handles the viewing of website traffic and most times ftp(File Transfer) as well. Here are some of the things a web proxy can do to protect your network:
- Content Filtering - A user can go to a website and the web proxy will check to see if it's an allowed site. Meaning is the site allowed by the company's policy, policies can be set to allow or disallow categories like gambling, violent, pornographic, financial, sports, you get the idea. This can save a company considerable resources by ensuring their Internet is being used for business purposes.
- Anti-virus / Spyware - Website traffic is checked to see if contains malicious software and blocks it before it ever enters your network.
- File Transfer Protection - The proxy will scan all files coming in or out of your network for viruses and other malicious software that may be embedded. Again protecting your systems before a problem arises.
Virtual Private Network - abbrev. VPN Rule number one to protecting any network is never expose anything that you do not absolutley have to. VPN's were created just for this reason. Let's say you have users that need access to the company's system from somewhere else. You can't just expose those systems and hope some hacker won't notice. They will notice and usually fairly quickly. So a VPN allows remote users to safely make an authenticated connection to your network. They will have to have some type of username and password and the information exchanged from them to you is encrypted while in transit. Hence the name virtually private. This allows those users access to systems that are closed to the rest of the world.
|
|
How are these protection systems being used?
|
| |
|
Businesses are implementing this network protection as a kind of Border or Perimeter Security to stop issues before they ever start. Almost all large companies and increasingly small to medium sized companies are embracing this type of security to ensure they run smoothly. Some implement certain pieces of this depending on their needs while others fully protect their systems and their network.
Before you start protecting your network, you should decide how you want to deploy this protection. We will now take a look at 2 common approaches called Distributed Threat Managment and Unified Threat Management. Each has its pros and cons and every company should consider them carefully before making a decision.
|
| The difference between Distributed and Unified is illustrated below. In a Distributed Model, you have these systems separated into independant components. However in a Unified Model, there is one system that handles everything. |
|
|
| |
|
What are some of the pros and cons to consider when deploying?
|
| |
|
|
|
|
Distributed Pros
|
|
|
Unified Pros
|
- System Stability: If one component fails others stay working independently and thus email does not stop just because the Web proxy has an issue.
- Delegated Administration: A specific person or group can be tasked to administrate one aspect of the network, thus allowing for greater specialization.
|
|
|
- Central administration: a specific person or team can monitor every security aspect from one place.
- Cost: generally it is more cost effective to purchase a UTM Solution as opposed to separate solutions.
- Central Reporting: Security Reporting can be simplified by having one place for generating traffic, Qos, and threat reports.
|
| |
|
|
|
|
Distributed Cons
|
|
|
Unified Cons
|
- Decentralized Administration: delegated administration can also be a con as it could place a burden on support resources, obviously this depends on the organization.
- Cost: generally the cost of each of these systems separately is much greater than one system that has bundled all of these options.
|
|
|
- Single point of failure: if the UTM appliance has an issue. You potentially lose the abilty to e-mail, surf the web and/or remote users cannot work. This is why most UTM solutions offer a high availabilty and/or cluster option that allows you to mirror the system or have one on Hot Standby to mitigate this risk. This should be considered when looking at your total cost. Appliances for the distributed model have to consider this cost as well.
- Central Administration: can also be con here as well, there may be no way to confine administrators to their specific duties within the UTM appliance.
|
|
| |
|
We are here to help so please do not hesitate to Contact Us with any questions.
|
| |
|
