Do We Need a New Government Agency for Cyber Security?

Paul Mah

I was reading about how China has shut down almost a hundred Web sites since last week. The reason for the closures: Many of these sites contained pornographic content, which is illegal in China.

 

The article triggered my thinking about the kind of controls that an SMB might want to enforce on its network traffic. This is an important area, especially since the growing network of a small and medium business necessarily means that they do not inherit the "everything included" features of high-end enterprise firewalls.

 

So what are some of the features an SMB should look for in firewalls?

 

General port filtering

 

This is the most basic level of filtering found in even the most affordable firewalls. You should be able to define the ports to be blocked and allowed. In general, most companies will probably want to block all outgoing ports except for services such as SMTP and POP (e-mail), FTP (file transfer) and HTTP (Web browsing), etc.


 

The ability to manage network ports will allow you to block most games as well as applications that attempt to access the Internet.

 

Basic URL filtering and logging

 

The next level of control to consider would be to perform basic filtering by URL. Most of the time, it will make sense to perform some kind of logging of URLs, too.

 

The ability to perform URL filtering and logging will allow the network administrator to potentially expose malware or unauthorized applications that use HTTP. In addition, the ability to log all accessed URLs should also deter staff from visiting inappropriate Web sites in the office.

 

Blocking Instant Messaging

 

The freedom to perform instant massaging in the office can be a touchy area and depends heavily on work culture. I know of organizations that require every staffer to have an IM account and to be constantly logged on when at work. I also know of organizations where being seen instant messaging at work is viewed as slacking off.

 

Whatever the case, the ability to block instant messaging is typically only available to higher-end firewalls, since IM clients such as MSN Messenger have many different methods of connecting, making them difficult to block.

 

So make sure you check that the firewall has the intelligence to weed out IM messages if you want to block that.



Add Comment      Leave a comment on this blog post

Post a comment

 

 

 

 


(Maximum characters: 1200). You have 1200 characters left.

 

 

Subscribe to our Newsletters

Sign up now and get the best business technology insights direct to your inbox.


 
Resource centers

Business Intelligence

Business performance information for strategic and operational decision-making

SOA

SOA uses interoperable services grouped around business processes to ease data integration

Data Warehousing

Data warehousing helps companies make sense of their operational data


Thanks for your registration, follow us on our social networks to keep up-to-date