Home‎ > ‎Network Security‎ > ‎

SMB Security

I make my living providing technical support to small & mid-sized businesses (SMB). As such I wanted to provide an area where anyone could refer to get good, accurate information on  how to 'secure' their SMB networks from malicious activity. In this day and age that is actually much easier than at any time before. There are several things you can do, even if you consider yourself to be "technically challenged", to protect yourself and the users on your network from harm.
 
Firewall
The first line of defense is a good firewall. Think of a hardware firewall like a good fence around your yard, hence the term perimeter security. It keeps the bad guys out and lets everyone know where your property line starts.

I am still surprised when I find small businesses connecting their PC's directly to the cable or DSL modem provided by their ISP. There are several really good products available. I strongly advocate hardware firewalls. The reason is simple. If your firewall is breached with a software firewall they (hackers) are sitting right on your PC. With a hardware firewall, if it's breached they only sit on a hardened Linux-based OS (or a variant thereof).

Here are some excellent SMB firewalls for varying needs and price ranges.
 
Netgear
UTM-series - This is the top of the line. Simple, easy, clientless SSL-VPN remote access.
FVS338 - This is a fast, dependable firewall. VPN requires client software.
FVS336G - This is my personal favorite. Simple, easy, clientless SSL-VPN remote access.
FVS318 - This is a long running dependable workhorse firewall. VPN requires client software.
SRXN3205 - Think FVS336G with Dual-Band Wireless-N thrown in.
FVG318 - Think FVS318 with Wireless-G added.
 
SonicWALL
TZ-100 Series - For the serious SMB. These cost more and require an annual support contract.
TZ-200 Series - For the more serious SMB. Includes A/V and Anti-Spam filtering options.
TZ-210 Series - For the most serious SMB. Includes mid-market features and functions.
 
TRENDnet
TEW-652BRP - Inexpensive Wireless-N firewall. Everything you need, nothing you don't.
 
Anti-Virus/Anti-Spyware
The second line of defense is fairly simple ... install and maintain a good anti-virus / anti-spyware package. At present I have a couple packages I like a lot. For SMB users I recommend NOD32 anti-virus / anti-spyware. I also recommend Malwarebytes (anti-spyware) Anti-Malware. Malwarebytes is free and can augment NOD32 by scanning only on demand.

Using these packages and keeping them up to date should prevent you from having to deal with viruses or spyware. Or if you do get infected, will alert you at once and contain the threat to prevent damage to the system and hopefully prevent data loss or identity theft as well. 
 
E-mail
I strongly advocate using outsourced email. My provider of choice is Google Apps Premiere for 3 very important reasons. First, it's $50 per user per year. This is far less than setting up your own email server would cost. Second, Google recently purchased Postini arguably the number one anti-spam service on the internet. And all your Google Apps e-mail is Postini spam filtered (for free). Lastly, Google Apps Gmail has applications for many smartphones (such as BlackBerry, Android and iPhone) to allow you to receive and send Google Apps Gmail right on your smartphone (for free). It also syncs your calendar and contacts. Did I mention all this was free? Check it out.

OpenDNS
The next line of defense may come as a shock ... don't use the ISP's DNS settings. Instead I recommend using the service OpenDNS (http://www.opendns.com/). By default it automatically protects you against most known spyware and virus worms. And if you take the time to set up an account and follow their posted instructions you can also use it as a way to prevent users on your network from accessing porn, illegal downloads, peer-to-peer sharing sites, etc. The thing I like about it the most is I make those changes in OpenDNS and they automatically extend to any and all "users" on my network, even if a friend brings a laptop onto my network. It is free for business with less than 5 PC's and only a small annual investment above 5 PC's.

Summary
From my experience, user's who adopt these simple policies have a much more secure home network and find themselves free from many of the "risks" we read about in the press periodically. These steps are simple, easy to implement and help to make your home network a safe and secure place for your family to work and play.