|
On guard
Enterprise security involves more than just anti-virus software
on every desktop. SMBs need firewalls, IDS/IPS and the rest of the security
arsenal
Security awareness among Indian SMBs has risen over the years. However, it
is going to be a while before SMBs can call themselves ‘secure’.
The prerequisites are awareness, a well-drafted and implemented security policy
and processes and the right technology to back it all up.
Today, network devices—switches and routers—come with integrated security
(such as in-built firewall functionality). We will take the comprehensive technology
coverage aspect and look at some commonly used security products.
Combating viruses
Viruses continue to pose the biggest threat to networks. Consequently, desktop
anti-virus solutions are widely deployed.
 Anti-virus
is the first line of defence. These solutions have a virus scanning engine to
discover viruses. Depending on their capabilities, the solution may be able
to scan a computer (desktop and server), e-mail (desktop and mail gateway),
network drives etc. The scanning engine compares each file with known patterns
to determine if a computer is infected or not. It then repairs or isolates the
file according to the type of infection. Some anti-virus solutions use ‘heuristic’
technology to discover fresh viruses whose patterns are not on record. To do
this, they detect virus-like activity.
The scanning engine is periodically updated with signatures or patterns from
the anti-virus vendor. Your anti-virus software is only as strong as its updates.
This is one of the biggest vulnerabilities in desktop anti-virus software. Users
may not be concerned about keeping an anti-virus updated at all times and virus
infections are the result. This is why it is important that an enterprise anti-virus
package should have centralised management and update capabilities.
In the server-based network anti-virus deployment model, the software is run
from a central server that downloads updates from the vendor’s servers
and ‘pushes’ them across an internal network (LAN) to client desktops
and servers. This method is more efficient than individually updating the anti-virus
software on each system.
As the update process is managed from a central point, it becomes easier for
an administrator to ensure that the protection on all machines is up to date.
The arrangement also saves Internet bandwidth as updates are only downloaded
once.
Getting an AV fix
Operating system support and centralised management or update are a must have
feature when it comes to selecting an anti-virus solution. Apart from protection
against viruses and Trojans, protection from spyware and adware is necessary.
Anti-virus solutions come as packaged products or as managed services. If you
are choosing a managed service, check on the vendor’s track record and
clientèle. Support is another important parameter. Your vendor must provide
24/7 support and online support should be a given.
On the cost front, you have to consider license, support and upgrade costs that
are one time in nature. Then there are the recurring (annual) costs—update
subscription and maintenance.
When it comes to features, many anti-virus solutions come with free add-on features.
Be sure to evaluate these features and whether you really need them. This is
essential to avoid going in for an expensive solution with non-essential features.
The second line of defence
Firewalls help protect a network from external threats such as blackhat hackers
and malicious traffic. Firewalls are available at the network and the desktop
(client) level. They come in two varieties—network layer and application
layer firewalls. Yet another way of classifying firewalls is into packet filter,
application gateway, circuit level gateway, and stateful inspection types. Firewalls
are available as hardware or software. Network firewalls are usually hardware
appliances while software firewalls are used to protect desktop PCs.
A very basic (and effective) firewall that can be created
is to employ NAT (Network Address Translation) on your switch or router. Firewalls
also offer inbuilt NAT, a feature to look out for. In addition to this, features
like the number of users allowed to connect and maximum allowed throughput are
important. The number of physical connections permitted should also be considered.
It is advisable to go in for a firewall with excess specifications to accommodate
future growth.
Most available firewalls provide VPN (Virtual Private Network). Here you need
to check for the number of concurrent VPN sessions and VPN protocols supported.
It is also essential to check for encryption.
Availability features—load balancing and failover (active-active or active-passive)
also have to be considered. Clustering is another useful feature if you have
high availability requirements. On the management side, look at supported management
protocols (SSH, telnet, SNMP, etc.) and the user interface.
Stopping intruders
Intrusion detection systems (IDS) are the next layer of defence after a firewall
and an anti-virus system. An IDS helps analyse network traffic to detect attacks
and virus or worm attacks that get past anti-virus systems.
An IDS’ functioning is similar to that of an anti-virus solution. A typical
IDS compares network traffic patterns, server log files, or applications with
signatures of known attacks to detect malicious network activity. Latter day
IDS include heuristic features to detect previously undocumented attacks by
tracking traffic anomalies.
The common types of IDS are network-based, host-based and application-based.
In a network based IDS, the system plugs into the network and monitors network
traffic for malicious activity. Host-based IDS tracks a specific host for possible
intrusions, and an application-based IDS tracks specific applications. Each
of these has its pros and cons and the prices vary. This is why many enterprises
prefer to use a combination of IDS types for better security.
Irrespective of the type of firewalls, there are some common
parameters of selecting an IDS. These are the bandwidth used, ease of use, management,
operating systems supported, and reporting features. First of all, the IDS should
be able to rapidly and consistently detect attacks. Consistency in detection
is essential to ensure that the IDS performs well even while monitoring a heavily
trafficked link. Centralised management should be possible if you are using
multiple IDS’. Comprehensive alerting, logging and reporting are necessary
prerequisites.
Once an attack has been detected, an IDS can be passive or
reactive in nature. A passive IDS will log suspicious activity whereas a reactive
IDS will actually implement corrective action. The reactive IDS concept has
led to the development a new class of devices called an IPS (Intrusion Prevention
Systems). Many recent IPS devices incorporate ‘intelligent’ features,
they sport self-learning mechanisms to identify abnormal traffic.
| Manufacturer |
Product |
Functions |
Features |
Performance |
Contact |
| Cisco |
ASA 5540 |
Antivirus, IPS, VPN and Firewall |
Layer 2 transparent firewall, 802.1q-based VLAN support, Open Shortest
Path First (OSPF) dynamic routing, IPv6 support |
650 Mbps bandwidth, 4 GbE and 1 Fast Ethernet port, IPSec, SSL VPN |
Tel: (011) 55611000, Fax: (011) 23766126, Website: www.cisco.com/global/IN |
| SonicWall |
PRO 5060 |
Antivirus, IPS, VPN and Firewall |
802.1q virtual LAN support, spam filter, dynamic RIP and OSPF routing,
content filter, integrated wireless LAN Services, ISP failover and load
balancing, central management support, 1 year warranty |
1 Gbps bandwidth, 4 10/100/1000 Ethernet ports, 2 SX/SC multimode fibre
ports, policy based NAT, IPSec and 3DES and AES encryption for VPN |
Tel: (022) 26431233, Fax: (022) 26422182, Website: www.sonicwall.com |
| Company |
Solution |
Category |
NAT |
No of Users |
Bandwidth Mgmt |
No of Physical connections |
Availability features |
VPN Capabilities |
Other Features |
Contact |
| Cisco |
ASA 5510 |
Integrated firewall and IPS |
- |
50-150 |
300 Mbps |
Three fast Ethernet, One management Port/5 Fast Ethernet |
High availability not supported (upgrades available) |
Throughput: 170 Mbps |
IPSec, SSL, remote user connectivity, VLAN |
Tel: (011) 55611000, Fax: (011) 23766126, Website: www.cisco.com/global/IN |
| Check Point |
FireWall-1 GX |
Firewall |
Yes |
Unlimited |
600Mbps |
|
High availability supported |
Includes Check Point VPN-1 Pro |
|
Tel: Website: www.checkpoint.com |
| Fortinet |
Fortigate 300 |
Firewall |
Yes |
Unlimited |
200 Mbps |
3 10/100 Ethernet |
High availability supported for active / active and active
/ passive |
DES, 3DES, AES encryption, SHA-1 / MD5 authentication, |
Content filter, Spam filter, IPSec, Policy-based traffic management |
Tel: 080 25325800 Fax: 080 25325900 Website: www.fortinet.com
|
| Fortinet |
Fortigate 400A |
Firewall |
Yes |
Unlimited |
450 Mbps |
2 10/100/1000 GBE ports, 4 10/100 Ethernet ports, 2 USB ports |
- |
DES, 3DES, AES encryption, SHA-1 / MD5 authentication |
Content filter, spam filter, IPSec, Policy-based traffic management |
Tel: 080 25325800 Fax: 080 25325900 Website: www.fortinet.com
|
| Juniper |
NetScreen 5400 |
Firewall |
Policy-based |
Upto 25,000 |
12 Gbps |
4 slots |
High availability supported for active/active and active/passive |
Up to 25,000 concurrent tunnels, 3DES and AES encryption, MD-5
and SHA-1 authentication, Prevents replay attacks |
IPSec, remote user connectivity, VLAN |
Tel: (022) 26572096, Fax: (022) 26572098 Website: www.juniper.com |
| Juniper |
NetScreen 5XT |
Firewall |
Yes |
100 |
70 Mbps |
5 Fast Ethernet |
High availability not supported |
Up to 1,000 concurrent tunnels, 3DES and AES encryption, MD-5
and SHA- 1 authentication, Prevents replay attacks, No remote access VPNs |
IPv4 and IPv6 Dual Stack Architecture |
Tel: (022) 26572096, Fax: (022) 26572098 Website: www.juniper.com |
| Nokia |
IP380 |
Firewall |
- |
100-250 |
600Mbps |
4 integrated 10/100 Base-T Ethernet ports, 2 slots for Network
Interface Cards, 2 Type II PCMCIA |
Nokia IP clustering |
Supported |
IPSec, SSL, VLAN, ISDN interface (optional) |
Tel: (080) 26618101 Fax: (080) 26506487 website: www.nokia.co.in/nokia |
| SonicWall |
PRO 1260 |
Firewall |
Policy-based |
Unlimited |
90 Mbps |
27 10/100 Ethernet Ports |
ISP failover |
3DES and AES encryption, 25 site-to-site tunnels |
IPSec, one year warranty |
Tel: (022) 26431233, Fax: (022) 26422182, Website: www.sonicwall.com |
| SonicWall |
TZ 170 SP |
Firewall |
Policy-based |
10 nodes, upgradable to 25 |
90 Mbps |
7 10/100 Ethernet Ports |
- |
3DES and AES encryption, 2 Site-to-Site tunnels |
IPSec, Failover, failback capability, WAN ISP loadbalancing,
Spam filter, Object-based management |
Tel: (022) 26431233, Fax: (022) 26422182, Website: www.sonicwall.com |
| Trend Micro |
Network VirusWall 1200 |
Firewall |
- |
256 |
180 Mbps |
Two 10/100 Base T Ethernet |
Inline failopen |
Supported |
VLAN, outbreak prevention |
Tel: 0120 2517690 Fax: 0120 2514956 Website: www.trendmicro.com |
| Company |
Solution |
Category |
Features |
Contact |
| Computer Associates |
Etrust Antivirus 7.1 |
Servers and Desktops |
Centralised management, Web-based administration |
Tel: 022 56413800 Fax: 022 56413810 |
| Fortinet |
Forti-Gate 300 |
Network Gateway |
VPN, intrusion detection, content filtering, traffic shaping, throughput
range: 30-200 Mbps |
Tel: 080 25325800 Fax: 080 25325900 Website: www.fortinet.com |
| McAfee |
VirusScan Enterprise 8.0i |
|
File servers and desktops Integrated firewall and IPS, outbreak functionality
that closes the window of vulnerability before DAT files are available,
centralised management and reporting |
Tel: 022 56935278 Fax : 022 26650078 Website: www.mcafee.com |
| McAfee |
LinuxShield |
Linux file servers and desktops |
Automatic updates, also works on the Windows environment, centrally managed
reporting |
Tel: 022 56935278 Fax: 022 26650078 Website: www.mcafee.com |
| McAfee |
GroupShield Microsoft Exchange |
Mail server |
Content filtering, centralised management and reporting, spam filtering,
automatic, programmable outbreak response |
Tel: 022 56935278 Fax: 022 26650078 Website: www.mcafee.com |
| McAfee |
GroupShield for Lotus Domino |
Mail Server |
Content filtering, centralised management and reporting, spam filtering,
automatic, programmable outbreak response |
Tel: 022 56935278 Fax: 022 26650078 Website: www.mcafee.com |
| McAfee |
Webshield 3000 |
Internet gateway |
Scans SMTP, HTTP, FTP, and POP3 traffic, it can be installed behind any
existing firewall without changing the existing network settings, spam blocking
and content filtering, detailed reporting and trend analysis |
Tel: 022 56935278 Fax: 022 26650078 Website: www.mcafee.com |
| MicroWorld Technologies Inc |
Escan |
Remote users, network clients and server |
Capability to block access, content filter, spam filter, popup filter,
automatic updates |
Tel: 022 28265701 Fax:022 28304750 Website: www.mwti.net |
| MicroWorld Technologies Inc |
MailScan |
Mail Server |
Content scanning, Compression and de-compression of over-sized attachments,
automatic updates, user defined rule-sets |
Tel: 022 28265701 Fax:022 28304750 Website: www.mwti.net |
| Symantec |
Small Business Edition 8.1 |
Work stations and network servers |
Capability to identify unprotected nodes, platform support for Windows
Server 2003 and Netware Secure Console, supports 64-bit Intel Itanium II
hardware, Reduced virus definition file size and multi-threaded server rollout |
Tel: 022 26570658, Fax: 022 26570671 Website: www.symantec.com |
| Symantec |
Multi-tier protection for small business 8.1 |
Gateway, network and work station |
Multi-layered spam filter, centralised network auditing capabilities help
identify unprotected nodes, supports 64-bit Intel Itanium II hardware, platform
support for Windows Server 2003 and Netware Secure Console |
Tel: 022 26570658 Fax: 022 26570671 Website: www.symantec.com |
| Trend Micro |
InterScan VirusWall |
Internet Gateway and E-mail Server |
Spam filters, easy scalability to suit the company's needs, automatic
scan of downloaded files as well as java scripts, applets and event logs
on the system |
Tel: 0120 2517690 Fax: 0120 2514956 Website: www.trendmicro.com |
| Trend Micro |
VirusWall 2500 |
Network Security |
Detects unpatched vulnerabilities, outbreak prevention, agent-less security
policy enforcement, flexible, central management |
Tel: 0120 2517690 Fax: 0120 2514956 Website: www.trendmicro.com |
| Trend Micro |
ScanMail eManager |
Mail Server |
Content filtering, spam filtering, file size regulation, outbreak prevention,
flexible customizable notifications |
Tel: 0120 2517690 Fax: 0120 2514956 Website: www.trendmicro.com |
| Trend Micro |
Portal Protect for SharePoint |
Network Security for Microsoft SharePoint 2003 |
Outbreak prevention, scalability, central management, automatic notification |
Tel: 0120 2517690 Fax: 0120 2514956 Website: www.trendmicro.com |
| Manufacturer |
Product |
Type |
Detection Technique |
Other Features |
Contact |
|
Cisco
|
IPS 4240 |
Network Subnets |
- |
High port density-standard 4 on-board
monitoring interfaces with optional 4-port card for a total 8 interfaces,
VLAN based load sharing through the support of 802.1q |
Tel: (011) 55611000, Fax: (011) 23766126,
Website: www.cisco.com/global/IN |
|
Juniper
|
NetScreen IDP 100 |
Network |
Multi-method detection system that includes
compound signatures, stateful signatures, protocol anomaly and backdoor
detection. Extensive signature customisation to improve the ability to detect
unique attacks and tailor the signature specific to requirements |
Enterprise security profiler, policy
editor, log viewer, centralized rule-based+E1 management approach, IDP clustering
|
Tel: (022) 26572096, Fax: (022) 26572098
Website: www.juniper.com |
|
McAfee
|
IntruShield 1200 |
Network |
Signature and behavior-based protection |
Scalability, flexible deployment, in-built
patch manager |
Tel: 022 56935278 Fax : 022 26650078
Website: www.mcafee.com |
|
Symantec
|
Security 7100 Series |
Network |
Protocol anomaly detection and vulnerability
attack interception |
Symantec security response and Symantec
DeepSight Early warning services, Auto-Protect and patch management facilities |
Tel: 022 26570658 Fax: 022 26570671 Website:
www.symantec.com |
|
