Internet threats have historically been classified as real threats from hackers and virus writers, and then the second order issue of time wasting caused by non-business internet browsing and by having to deal with spam.
With the advent of virus, spam and phishing and the real risk of casualbrowsing resulting in a network threatening download this distinctionis now blurred and all these can be classified as attacks, direct orindirect. The right solution depends on the organization,its size and the extent to which its IT systems are controlled. Myfocus here is on businesses of up to 50 staff. Because ofmanagement’s focus on day-to-day business issues, most operate apretty liberal attitude to employees’ PC usage beyond the basics ofprescribing which email and calendaring client to use.
Largerorganizations usually operate much stricter regimes with onlyauthorized applications allowed and set up in a consistent way.Add to that, the need for mobile email communication and protectingclient machines and the company network, it all becomes a complex issue.
Busy employees in a loosely controlled small company cannot be expected to focus on the security of their data and PC. This is why the concept of gateway or perimeter protection for businesses is important. Technology is available either in the form of conventional server-based software or increasingly in the form ofa single or multifunction appliance which provides a high degree ofprotection for the business pretty much irrespective of the behaviorof the employees.
Guarding the gateway with a firewall is a very well established practice.In some cases this has been extended to intrusion detection, althoughsome question whether the significant extra cost and complexity of adevice that has to monitor each LAN segment at wire speed iswarranted for the SME or most indeed larger organizations. Intrusionprevention an extension of a firewall to be adaptable and updateablemay be the more realistic approach for the most paranoid SMEs!
Virus checking ofemails is well accepted and most client PCs are delivered withanti-virus software. A gateway appliance can complement and enhancethat by performing the virus scanning at the point of entry into thebusiness. The appliance can be set to automatically update both itsvirus scanning engine and virus signatures at least daily. The thirdapproach to email scanning offered as a service by some ISPs is beingincreasingly discredited as it does not catch any browser-based emailviruses. As virus writers strive to bypass companyprotection gateway devices offer virus scanning of downloads inaddition to store and forward email. This guarantees pick-up of anyvirus download attempts resulting from virus spam and casualbrowsing. Download scanning protects against browser-based emailviruses, so if employees download private email at work whilstoutside the company email system, any viruses will be picked up.
Witharound 80 per cent of email being unsolicited spam it’s essential to filterout as much as possible to both prevent time wasting as employeesdeal with it and threats, phishing and virus spam. Detecting spam isnot a precise science and it’s just as important to prevent falsepositives as it is to block true spam. Spam detection uses lists ofknown spamming sites, analysis of the source and route of the email,a check of whether the email is from the source it purports to befrom, and then statistical analysis of email traffic. Gatewaysolutions have the advantage of seeing all email to a business andcan make better judgements on its nature. That, coupled withquarantining and ‘include/exclude’ control on a per user basis, givesa high degree of control. However, to get the best performance someuser programming is still needed — if employees can’t be bothered todo this, the gateway approach still gives very effective spamfiltering.
With the compulsive effect of the internet URL filteringhas been mainly to prevent employee time wasting. A wide range ofsystems offer various degrees of control such as defining time bandsand URL categories on a per employee basis, based on URL listsextending to many millions. It’s now recognized that casual browsingcan be a threat to a network as much from the use of resources asfrom viruses and worms, and it’s commonplace for organizations toblock certain file types, e.g. music files and executable files,completely. Further, following some high profile court cases in theUS, employers are seeking to prevent access to any form of offensivematerial that employees might otherwise stumble across byaccident.
Thegateway or perimeter approach gives pretty effective businessprotection without placing the responsibility on individual PC users.Off-site employees can connect to base via VPN, with the protectionof encryption, and pick-up email and browse through the companygateway without any loss of security or control. Multifunctionappliances can provide a set of balanced tools within one unit.
The author is the managing director of Equiinet.