There is little argument over the need to protect and keep enterprise networks out of harm's way. However SOHO sites are often just as vulnerable to security breaches.
Strangely SOHO sites are often overlooked when it comes to security. And the security risks, as we just saw from the Microsoft break in, are not just to the SOHO site -- an invasion into the home or branch office can be just as serious to the enterprise network.
Connections to SOHO sites are typically made through ISDN, DSL or Cable Modem systems. ISDN and DSL are point-to-point services. This tends to make remote access somewhat secure, but it doesn't do much to protect the enterprise from attack by the remote office.
For example, a while back a nephew visiting a staff worker's home attempted to hack the WVU enterprise network. This occurred even though CHAP (Challenge Handshake Authentication Protocol) was turned on in the ISDN router in addition to a password network login. How did the young nephew accomplish this amazing feat? It was all too easy -- the youngster simply wandered into his uncle's den. The network access password was neatly written on a sticky note attached to the uncle's PC, which was already authenticated on the network.
Cable modems are a shared technology, which means that packets are easy sniffed by others on the same Cable Modem Terminating System (CMTS.) Encryption can be helpful in protecting information from prying eyes, but do yourself a favor and buy a "personal" firewall for your cable modem connection. Since the cable modem is shared, anyone on your system can hack into your PCs and you may never know it. (It's all one big happy connection after all.) A firewall allows you to hide your PCs from the other subscribers.
In fact, no matter what the connection your remote site, a personal firewall can offer some protection from outside hackers. Software-based firewalls, as their name suggests, are software applications that run on a computer, typically a Windows or Linux machine. Because of their modest cost, software firewalls are very popular. For example, Norton Personal Firewall 2000 is available at street prices ranging $40 to $60. Other software firewalls, such as Network Ice Corp.'s BlackIce Defender, are equally low priced at $39.95 per seat.
Unfortunately, software firewalls tend to be slow. That makes it hard for them to keep up especially on faster networks like 100-Base-T. In addition, the firewall must process packets in the PC's CPU making its performance CPU specific. They can also have significant impact the PC performance.
Standalone hardware firewalls are generally faster and do not consume PC resources. They are easy to configure and offer decent performance at a reasonable price. For example, NetGear's RT-311 Gateway Router is available for $119 at a number of on line sites. It provides full routing capabilities including NAT+, a feature that allows it to spoof IP addresses for up to 32 PCs on the LAN side of the connection.
User interested in a hardware firewalls with more capabilities can investigate NetFortress R-50 from Fortress Technologies, the SonicWall SOHO, or WatchGuard Technologies' SOHO firewall. These upscale hardware-base firewalls cost between $400 and $4,000 and are intended for more sophisticated branch and remote home office LANs.
All-in-all securing today's networks -- be they large enterprises or small office LANs -- has never been easier or less expensive. It has also never been more important.