Network appliances spell security relief

The network and computing world has changed a great deal in the 3 years I've worked for Duke Communications, Windows NT Magazine's parent company. Duke Communications has changed a great deal, too. Although the company's initial e-commerce and corporate presence on the Web was slight compared to our Web presence today, the need for that presence was always obvious. When Windows NT Magazine first came into being, creating the magazine's Web site and acquiring an FTP site took high priority. After the magazine acquired a dedicated 56Kbps link to the Internet, the large number of readers who subscribed to the magazine through the Web site proved the site's value.

Babes in the Woods
Our trust levels were higher then, and because our business applications were IPX-based, we weren't too concerned with the IP network's security. After all, few crucial servers were available to Internet access—just Web, mail, and FTP servers. We even had an open FTP site that let anonymous users upload and download files.

A 56Kbps link doesn't provide a lot of bandwidth, but in 1995 it was enough to support the relatively simple Web pages that were common then. The occasional download would slow things up, of course, but such bottlenecks rarely lasted long.

Then 1996 rolled around. When I came in to work on January 2, a couple of comments about slow response times for Web browsing drifted my way. A little checking revealed that our 56Kbps link was experiencing heavy use, and more research showed why. Over the holiday weekend, an intruder found our FTP site and decided it would make a nice host for a collection of JPEG files and warez (illegally distributed licensed software products). We learned to be a little less trusting. Now, 3 years later, we've come a long way, both as technicians and as businesspeople.

A Clear and Present Danger
When companies are new to a technology and focusing on their business requirements, the tendency to naively postpone implementing network security is a danger. Some companies can get away with this head-in-the-sand approach. But for most companies, unpleasant lessons are just around the corner. This situation is unfortunate because it's unnecessary. Internet security doesn't have to be difficult.

No one can deny that network security is a complex and often arcane subject. New vulnerabilities seem to appear on a daily basis. Sophisticated hacking tools are readily available for download. Security-related OS and browser patches abound. Fortunately, new network appliances make implementing some level of protection easy. And "some level" is often enough to turn a would-be intruder away in search of an easier mark.

I recently had an opportunity to work with two types of network appliances that offer a measure of security: a Bay Networks NETGEAR ISDN router targeted for the small office/home office (SOHO) market, and a Sonic Systems SonicWALL firewall appliance. Other vendors offer products with similar feature sets to make setup and elementary protection easy. For example, Network Address Translation (NAT) can hide the true address of a computer from the Internet at large, so would-be hackers have difficulty finding and connecting to your users' computers. Some appliances include a Dynamic Host Configuration Protocol (DHCP) server to assign IP addresses to the computers on your network. Network managers and administrators who are brave enough—or who have the necessary technical skill set—can create packet filters to further restrict traffic coming into their company's network. All appliances have user interfaces (UIs) that make setup and configuration much friendlier than the old Cisco IOS command line.

Get Real
Network security is always relative—a trade-off between the desire to protect against unwanted access and the necessity of supporting your needs and your network users' needs. If malicious intruders really want to target your network and its computer systems, network appliances won't protect you. However, when you're not betting the business and want only to implement a cost-effective level of security, network appliances can easily meet your needs.