March 08, 2011, 1:19 PM — For many, security is like going to the dentist--you have to deal with it, but that doesn't mean you have to go willingly, or like it once you get there. One of the main problems with IT security, though, comes down to money. While new servers or PCs can be justified as an investment, security is seen simply as an expense and a headache. But, what if you could protect your network and your PCs without breaking the bank?
[ See also: Free antivirus software: The best and the rest ]
Well, General Motors and JP Morgan Chase Bank may not be able to do it on the cheap, for obvious reasons, but small and medium businesses--as well as individuals--have a variety of open-source tools and free software available to keep PCs and networks safe on a shoestring budget.
Protect the Perimeter
A firewall is a de facto requirement for any network security implementation. The firewall is the gatekeeper of the network--blocking unauthorized traffic from entering your internal network, and restricting the flow of traffic in and out of your network based on the rules you establish. Think of it as locking down the "perimeter" of your home or office network.
Brush the dust off of that old Pentium desktop you shoved in the closet and put it good use--it can house your firewall software. SmoothWall Express is a Linux-based open-source firewall delivering advanced features and perimeter protection capable of running on any Pentium-class PC with at least 128MB of RAM.
Smoothwall Express was designed to be simple enough to be installed by an average home user with no Linux experience, to run efficiently on seemingly obsolete hardware by today's PC standards, and to provide intuitive management and configuration through a browser-based console.
Smoothwall Express supports local networks, wireless networks, and what IT pros call DMZs (demilitarized zones). It performs all of the basic firewall functionality one would expect--port forwarding, outbound filtering, blocking bad IP addresses--and also delivers quality-of-service (QoS) features and network traffic statistics that can be broken down per network interface or per IP address.
Watch the Network
Filtering the traffic that is allowed into or out of the network at the perimeter is one thing, but you should also be monitoring the traffic flowing through the internal network for signs of suspicious or malicious activity. An intrusion detection or intrusion prevention system (IDS/IPS) will do the trick, and--when it comes to IDS--Snort basically wrote the book.
