Posts filed under Security

Unified Threat Management (UTM) - The Catch-All Security Appliance

As promised, a follow-up article on security.  

So you've done the right thing, you installed anti-virus / malware / everything software on all your PCs (Windows, Macs, Linux, etc).  You've even gone the extra step of installing security software on your company cell phones.

But what about people who bring in devices that are not company owned?  (e.g. Smartphones, tablets, etc.)  The notion of "BYOD" (Bring Your Own Device) is a reality of today's world, and stifling the creativity of your employees is also counter productive.

What's a small business owner to do?  The answer is quite simple, and as iluded to in the title of this article, Unified Threat Management (UTM) is the answer.  Think of a UTM appliance as your router on steroids.  

It will do everything that your router does today such as acting as a firewall to prevent intrusion attacks as well as managing IP addresses.  But UTM appliances generally have multiple software programs running inside them that inspect the traffic going in and out.

For example, if someone were to click on a link in an e-mail, or on some website that leads to a phishing site, the UTM appliance will catch that and give you a warning or block it entirely (depending on the configuration options selected).  

There's nothing to install on any device.  It's simply placing itself "in the way" of all traffic, sitting quietly in the background.  

Additionally, some devices will have VPN (virtual private networking) abilities built in, allowing for remote access and / or site-to-site access.  Meaning if you have two more locations, they can be on one big "wide area network" (WAN).

Cost of such devices start around $500 (give or take) and can go up from there.  Like most networking hardware, the cost will depend on the size of the network.  But for a small shop with a dozen or so devices, an entry level device should usually do the trick.  Warranties of such business class devices are generally much better than consumer routers.  For example, Netgear's UTM appliances come with lifetime hardware warranties.  Meaning you'll never buy it again in the event of a failure.  

Posted on March 28, 2012 by Henry Ferlauto and filed under Security and tagged Universal Threat Management (UTM) network security.

Free Anti-Virus - Good in a Pinch, Not the Best Strategy for the Long Run

Before delving into the free vs paid argument, let's get one subject out of the way up front:  You need anti-virus and other "anti" threat protection measures.  It's not a want.  It's not a nice to have.  It's a need, period.  You're simply putting your data at great risk without it.

The lure of free software is of course always tempting.  After all, it's pretty hard to beat the price.  Products like AVG's Free edition of their anti-virus program provides very good protection.  And in a pinch, we highly recommend it for any unprotected PC.

However, once a small business gets beyond counting the number of computers on one hand, it's time to look at the "corporate" offerings.  Why?  What's the difference between the corporate and consumer offerings?  They protect against the same viruses, don't they?  

Yes, they do.  A virus does not know what kind of computer it is attacking.  It just attacks when given the opportunity.

The corporate editions protect against the humans.  Both you, your employees and anyone else that uses one of your computers.  Basically the corporate editions protect against the proverbial self-inflicted gun-shot wounds.

Have you ever had to disable your anti-virus software when you were installing a new piece of software or installing a device driver for a new piece of hardware?

There's the danger window.

Most anti-whatever (virus, malware, etc.) programs will allow you to temporily disable itself.  Usually for a defined time like 15 minutes, 1 hour, etc.  Other options can include, "until next restart," and of course just disabling until you remember (operative word) to re-enable it.

And there inlies the rub.  

First, who is making the decision to install what program(s)?  Next, do you want to leave it to chance that someone could disable the program permanently either on purpose or simply by accident?  Probably not.

Corporate editions, among many other features can enforce uniform policies, and passwords for usage.  Meaning in order to disable the anti-virus program, a password will first have to be entered before doing so.

BYOD

Many companies are starting to embrace a "BYOD" (bring your own device) approach to I.T.  This started with smartphones and tablets (largely iPhones and iPads) but has now expanded to traditional laptop computers. 

Even though a company may allow employees to use any devices they see fit, that does not mean that all policies governing security get thrown out the window.  In fact, it usually means other aspects need to get tighter.

Taking a Comprehensive Approach

This is where the corporate versions of security programs help close those gaps.  Even though the user will most likely have administrator control over a computer, these programs have their own added security so they cannot be easily disabled or removed without a separate password.  Additionally, the corporate anti-virus tools come with administrator consoles.  This means you can see who has their security installed and who does not.  Additionally, it can monitor each computer to ensure they are fully up to date, fully enabled, and fully compliant with your security policies.  

Having tools such as Symantec Endpoint Protection, our tool of choice on this subject, can help protect your company's data and remove a large level of worry.

Where to buy?

Once you get beyond consumer level products, you will typically not find such products in retail channels, even such chains that cater to small businesses like Staples.  They are available on-line via various channels as wellas most managed service providers and consulting firms.

Have questions?  Please feel free to reach out to us at any time.

How to guard against devices without any software installed? 

What about all those tablets, smartphones and the occasional "rogue" PCs?  How does one add that extra layer of protection?

Coming soon in a not-so-distant future post:  Unified Threat Management.

 

 

 

 

Posted on February 23, 2012 by Henry Ferlauto and filed under Operations, Security and tagged AVG Anti-Virus Best Practices Symantec security.

Single Sign-On (SSO) for the SMB

Most people want another password like they want dental work.  They'll get it done, but only because they have to and the pain of not doing the work far outweighs the long term implications.

Having one password for everything has long been a Holy Grail in the technology world.  Large companies have spent small fortunes trying to make this a reality.  And in recent years, at least on the consumer front there has been some progress on the SSO front with Facebook, Yahoo! and OpenID leading the charge.  By which we mean you can use the one set of credentials (your username and password) for many sites.  

For example, Gannett's website for local newspapers (e.g. The Journal News) no longer have their own unique commenting system, they simply use Facebook.  Flickr, the popular photo sharing website (owned by Yahoo!) allows for authentication with not only Yahoo! credentials, but Facebooks and Google as well.  

But most businesses probably do not want to have their security entrusted to a third party that has absolutely zero accountability to them. 

Recently a small crop of companies have been popping up that are making the dream of SSO a reality for companies of all sizes. 

One of those such companies is Okta.

They have over 1,000 websites (read:  cloud-based or SaaS applications) supported with their service, plus Microsoft Active Directory (AD).  So if your company has grown to the point where you have your own server, you can have passwords inside and outside your firewall automatically created and provisioned.  Meaning you create a user in AD, and then automatically their new Salesforce.com credentials are created at the same time.  When they move on, accounts are deprovisioned in the same fashion.

Depending on the features you require, their service runs anywhere from about $1 / user / month to about $10 / user / month. 

The auto-provisioning and deprovisioning is the true time, money and sometime (company) life saver.  With a few clicks all the necessary accounts are created.  And when they leave (especially under "extreme" circumstances), the ability to disable everything in one-shot is not just about saving time, it could be about saving your company's reputation or very existence.  

Posted on December 9, 2011 by Henry Ferlauto and filed under Security and tagged Cloud Facebook Okta Open ID SMB SSO SaaS Single Sign-On Small Business Software as a Service authentication security.