| About InfoWorld : Advertise : Subscribe : Contact Us : Awards : Events : Store |
 |
||||
|
||||
 | ||||
 |
|
|||
 |
||||
|
|
|
||
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
 TEST CENTER Big firewall for small offices By Russell C. Pavlicek February 22, 2002 SECURITY IS A concern for the entire IT community these days. If a large enterprise with trained security personnel has its hands full trying to secure its network while permitting the Internet services needed to do business, then how can a small or midsize business be expected to do the same? Or how can branch offices of large corporations protect themselves if there are no skilled security administrators on-site?
The SME Server can be deployed quickly by someone who is not an experienced systems administrator. Based on Red Hat Linux, the software is focused on providing a solution that rolls out quickly and requires very little interaction or knowledge on the part of the installer. SME Server offers an impressive blend of features. For example, the solution can make fine distinctions between the services available on the internal network and those available to the outside world. You can choose to turn on services such as PPTP (Point-to-Point Tunneling Protocol) access or to enable a secure e-commerce Web site, or you can leave your server locked down tight. The optional ServiceLink feature offers more compelling abilities. For a monthly fee, ServiceLink allows you to combine multiple SME Servers into a single VPN. The normally laborious process of securely exchanging public keys can be done transparently and painlessly, making the creation of VPNs a breeze. In minutes, branch offices or trusted suppliers can find themselves communicating over a secure, transparent link (provided, of course, each partner has subscribed to ServiceLink). Another key element of ServiceLink is the virus protection service, which lets you scan incoming mail for viruses and quarantine infected mail as needed. If desired, SME Server can provide POP3 or IMAP (Internet Messaging Access Protocol) e-mail boxes for the office. It can also provide Web mail access, if your business needs browser-based e-mail. Another key feature is SME's "information bay" -- a repository that can be used as shared network drives, Web sites, or download sites. This virtual domain can be used to host multiple Web sites on the server or carry out basic administrative functions, such as backup and user account maintenance. Making life easy Small shops without skilled network administrators on hand should appreciate SME Server's ease of use. Installation and configuration are straightforward. Pop in the CD, boot up, answer a few questions, reboot, answer a few more questions, and you're up and running in about 30 minutes. The sticking points typically found in Linux installations, such as partitioning and video card support, aren't a problem because of the specialized nature of the solution. SME Server can be installed on most standard PCs with two common PCI (Peripheral Component Interconnect)-based network cards in about 30 minutes. To configure the server, simply supply the IP addresses for the network cards as needed (one for the internal network and one for the external network) or instruct your machine to use DHCP (Dynamic Host Configuration Protocol). If you happen to be using a popular dynamic DNS to provide a static domain name to your dynamic DHCP-driven IP address, SME Server can automatically update the dynamic DNS every time your IP address changes, a very nice feature indeed. If your office does not have a permanent, high-speed connection to the Internet, the server can automatically dial up your ISP as needed. It can even optimize the connection to reduce off-hook time or minimize wait time. Again, those preferences can be set in seconds. Similarly, administering SME Server requires almost no heavy lifting. The system administration Web interface is appealingly simple, obviating the need to edit command files or master arcane Unix-style commands. The system can run as a strongly configured firewall and gateway right out of the box, and if you ever need to modify settings, the Web interface enables you make to adjustments simply and easily. Finally, new software, in the form of "blades" offered periodically by Mitel Networks, can be reviewed, downloaded, and activated with just a few mouse clicks, making security upgrades a breeze. Mitel's blades boast functionality ranging from security upgrades to MP3 jukeboxes -- just the ticket for companies that want to stay on top of the latest security developments but can't afford the expense of a full-time security expert. Granted, a seasoned security administrator could do an even more thorough job of locking down a firewall. For example, the /usr directory tree could be moved to a read-only partition, which would give crackers less of an opportunity to do damage if they should find holes in your network. Then again, doing so would also increase the complexity of performing security updates. And that's the trade-off. SME Server probably isn't the best solution for large companies because it doesn't offer the most robust functionality on the market, and because trained security personnel probably don't want menus insulating them from the nitty-gritty details of security administration. On the other hand, SME Server can be rolled out quickly and it won't ask you for constant baby-sitting when it's active. That makes it tough to beat for satellite offices or smaller businesses. Russell Pavlicek (pavlicek@linuxadvocacy.net) is an open-source author and consultant.
 RELATED SUBJECTS  SecurityNetworkingSPONSORED WHITE PAPERS 
SPONSORED LINKS
|
||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||||
|
||||||||||
|
||||||||||
