Secure the home office sensibly and easily
Distributed organizations, telecommuting, working from home -- no matter how you slice it, the home office represents one of the biggest security headaches IT must face. Companies are finding that it's one thing to protect systems in-house and another thing altogether to enforce standards in the spare bedroom.
The emerging personal firewall software market offers several products that address networking vulnerabilities at the desktop level. Leading vendors in this space include Network ICE Corp., Sybergen Networks Inc., Sygate Technologies Inc., and Zone Labs Inc.'s Zone Alarm, as well as more familiar companies such as Network Associates Inc. and Symantec Corp. Good desktop firewalls can be had for free, but most commercial packages cost between US$40 and $60 and sometimes include anti-virus capabilities.
These desktop firewalls are a good first step but hardly a complete solution because they don't shield non-networked devices, especially network-attached printers, from remote probing. They do, however, provide a line of protection at the desktop's network interface that we expect will be built in to future operating systems.
SOHO (small office/home office) routers can offer even more protection for the home user by isolating the home network from the broadband connection. Vendors competing in this space include Cisco Systems Inc., Linksys Group Inc., Ramp Networks Inc., SonicWall Inc., and WatchGuard Technologies Inc., with most of their offerings in the $150 to $200 range.
Most SOHO routers are designed to deliver protection equivalent to a low-end firewall: NAT (network address translation) with TCP port inspection. They can perform some simple filtering tasks and forward requests -- depending on the TCP port -- to a limited number of internal hosts.
Most also offer the ability to place one IP address in a DMZ (demilitarized zone) where none of the router's firewall features apply. This can be useful in videoconferencing, when gaming, or when using other types of applications that don't play well with firewalls. One problem with this approach is that often only one computer at a time can be in the DMZ, so managing this feature may prove troublesome in households with multiple users of these services.
We recommend that users install in home offices both personal firewalls and SOHO routers to present a blanket front to potential intruders. This way, if you have to keep one of your hosts in the DMZ more or less permanently, even that exposed host will have some degree of protection from the nasties.
Managing SOHO routers remotely may not be for every organization. The safest rule is that if you provide the hardware you should manage it. At a minimum, a SOHO router should permit management through its WAN interface, although we highly recommend using a nonstandard TCP port instead of easily guessed ones such as 8080.
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
