Fortress In A Box
New internet security appliances simplify network protection chores.Jamie Fenton
As the number of employees in your business grows, a stand-alone antivirus suite or a simple firewall may not be enough to protect you. You could always upgrade to an enterprise version of your software, or you might consider a newer alternative: Internet security appliances. Such appliances have existed for a while, but it's only been recently that major security software vendors Network Associates and Symantec have released appliances suitable even for small and medium-size businesses (from a couple dozen seats to hundreds).
These appliances ease deployment and maintenance of protective countermeasures like firewalls, virtual private networks, and gateway virus scanners. Everything comes ready to run on the dedicated hardware, so you skip complicated software installs and troubleshooting. Moreover, the limited functionality of the devices removes many potential security vulnerabilities.
Walled In
To safeguard your network from outside attack, Symantec offers its $1200 Firewall/VPN Appliance Model 200R. The product features dual wide-area network ports for Internet connection sharing and management (so you can use two DSL or cable modem lines in place of a more expensive T1 connection), and firmware for a firewall and for virtual private networking. With this appliance, you also get a site license for Symantec's Enterprise VPN Client software for unlimited remote users (although the 200R's rated capacity is 30).
The 200R resides between your DSL or cable modem and your network. You'll be fine with the configuration defaults if you want to deploy the device quickly--the 200R worked well between our DSL modem and our small network without any setup at all. Still, although they complicate setup, the options that Symantec offers for enhancing and customizing your defenses are considerably better than those we've seen with other server appliances, so checking them may be worth your time. The product's VPN setup can be complex, especially for casual administrators, but the setup guide helps, walking you through the most common configuration scenarios.
Mail Guard
Internet-borne viruses and worms can be as costly as malicious intrusion. Network Associates' McAfee WebShield E250 confronts them on a larger scale than antivirus software does, and before the danger reaches users.
The $2816 E250 (for up to 50 nodes) is a PC dedicated to running a scanning proxy program; you use a Java-capable browser to administer it. It has two ethernet ports, one for network traffic and the other for administration. You must alter network addressing on every client PC (a bit of a hassle), so that in-bound and outbound e-mail, Web, and FTP traffic flows through the E250. Once everything is set, the unit handles up to 500 e-mail messages and 250KB of HTTP traffic per minute.
You can establish e-mail size limits, set blacklists of unacceptable Web sites and more, and ban attachment or download types. In its virus scans, the unit refers to a database that is typically updated daily, but it can also perform heuristic detection, recognizing suspicious characteristics in a document that may signal a new attack variation not on file. The E250 can filter out spam by consulting real-time lists of active spammers, too.
Security appliances are here to stay--Symantec has just released a do-it-all, five-function appliance, and other vendors' units are in the wings. Still, these devices are not for everyone; most small or home offices would be well served with software solutions. But if your office is growing beyond a few dozen people, or if you have lots of Net traffic, check out these products.
| Buying Information |
Symantec Firewall/VPN Appliance Model 200R 4 stars (04/01/2002) List: $1200 (unlimited VPN clients) |
| Buying Information |
McAfee WebShield E250 3.5 stars (04/01/2002) List: $2816 (up to 50 nodes) |