How should I increase my security?

[davidmulcair]

Hello,

I am currently running the Linksys BEFVP41 as my firewall and internet gateway. Although there are no known problems with this product, and it is working great for the two VPN tunnels that I require, I am curious as to how/what I could use for expanding my security. (or if I even should)

My questions:

1. Is the Linksys sufficient? The only server that runs through the firewall is an email server, and does not receive a huge amount of traffic.

2. How would I set up an additional firewall? On what side of the Linksys (as I still need it for VPN)?

3. Finally (somewhat related), is there a software product that can be used to monitor internet (web primarily) access, and I can just add to my network, without interrupting existing aspects?

Thanks,

David

 

[AlexIT]

I usually avoid Linksys, Netgear, D-Link and the like in a corporate network environment. They are not designed with 100% uptime (or even 90%) and their security can be questioned. At home I run both SMC and Netgear for my wireless and I think they are great products.

If you are looking to improve security, replace the Linksys with a better firewall that also has the VPN capabilities you require. If you are only passing the VPN traffic through to your server, you may also want to get a device that hosts the VPN directly as this will free some of your server resources and only costs slightly more than a pass-through firewall.

For internet monitoring you have a three options I have used before. First, you could get a new firewall that has this internally...it will log all traffic to and from for you to review. Second you could get a proxy server and run all your outgoing traffic through this box, it will perform logging. Or third, get a simple computer and install a web traffic monitor on it, when its connected to a hub that is connected between the firewall and the rest of your network.

Only you can decide if you want a firewall to do everything, or split this into two (or three) devices.

Alex

 

[davidmulcair]

Thanks.

What would be a good example of a web traffic monitor package?

We are currently looking at an upgraded firewall/VPN system, but I'm having difficulty justifying the cost because of the Linksys' amazing functionality (for its price..).

David

 

[AlexIT]

I do not work for this company, but I recommed MailMarshal and WebMarshal at every client install. These are two software packages that run on a Win2K server and do SMTP (spam) filtering and logging (MailMarshal) and HTTP (web) filtering and logging (WebMarshal.) Both software packs together is about $2500 for the first 25 users. Each single one costs about $1600 for 25 users. Check out mailmarshal.com. You can run both together on the same machine, it doesn't need to be very powerful either (i.e. 500MHz, 256Mb RAM, 4Gb disk.) This server plus a good VPN-host firewall would give you a big step up.

I would also consider the above server running M$ ISA server ($1500) to host the VPN/firewall inside the Linksys as a improvement in security. Then the Linksys only has to pass-through to the ISA server (and if someone gets past the Linksys through a known hole, they must also get past the ISA server to access your network.) You could run all three on the same size server too if you don't have a large number of users...

OR you could look at the Symantec Security Gateway System, it does everything (firewall, vpn, web, mail, and AV) in the same box...for about $12000.

I personally have done the Velociraptor VPN/firewall with seperate Mail/WebMarshal server setup, the Symantec SGS setup, and a Netopia router/firewall/VPN with seperate MailMarshal server (they only wanted anti-spam) setup in the last year.