Small Appliances Need To Get Bigger

 
 
By Larry Seltzer  |  Posted 2004-06-01 Email Print this article Print
 
 
 
 
 
 
 

It's great that fairly powerful security appliances are available for small businesses, but I want more.

I like perimeter security. It just makes sense to have your best defenses at a point where they can have a whack at everything going in or out of the network. Obviously any large business knows this, but small businesses, which are manically cost-sensitive, often get by with no such barrier, or a false one such as a NAT router. Capable security appliances for the perimeter of SOHO networks are available at prices small businesses would consider; I recently reviewed three such appliances for PC Magazine.

The appliances are capable all right— they all have real firewalls and VPNs— but in general theres a lot more they could do. Very, very few of these low-end appliances do any kind of malware scanning, and many of those that do compromise on their effectiveness.

For insights on security coverage around the Web, check out eWEEK.com Security Center Editor Larry Seltzers Weblog.
When you move up a class into devices designed and priced for larger businesses you get a lot more protection and performance. For the last couple of months Ive been using an EdgeForce Plus from ServGate. PC Magazine reviewed the lower-end model EdgeForce recently and loved it, giving it an Editors Choice in a roundup with several competitors. The EdgeForce Plus has greater capacities on the firewall and VPN.

Both models have an optional "Professional Module" that includes a 20GB hard disk used by the virus scanner and spam filter. The hard disk makes a big difference in virus scanning mostly in one regard: maximum scannable file size. Without a large persistent store like a hard disk, the virus scanner has to give up at some point when the file gets too big. Memory constraints can also limit the effectiveness of a spam filter. In general, just as with a desktop or server operating system, its good to be able to page things out to disk to make efficient use of your limited RAM.

And my EdgeForce Plus doesnt come with some cheesy, home-grown anti-virus application or one that comes from Uzbekistan—it comes with McAfee AntiVirus and spam filtering (the commercial version of SpamAssassin). All this does add cost to which the small business market is very sensitive, but you get what you pay for.

When you look at a SOHO appliance that does offer anti-virus protection, ask how many virus definitions there are in it. You might be surprised, appalled, whatever, to hear numbers under 10,000. Your $40 anti-virus software for your home computer probably has at least 80,000 definitions. But this is the price of squeezing anti-virus functionality into a little box with limited memory and processing capacity. There are boxes in this class, such as the Netscreen-5GT from Juniper Networks, which comes with Trend Micros anti-virus technology and can be had for under $500.

The EdgeForce line also has an optional "Performance Module" that increases capacities on the firewall and VPN in case your company outgrows it. Growth is another area in which the lower-end appliances usually fall short out of cost considerations.

A compromised perimeter is one approach to keeping costs down. The other is taken by Symantec in their Gateway Security 300 series; instead of implementing the functions on the device, it enforces policies that require any client connecting to the network to have up-to-date protection installed. There are good points and bad points to this approach, which Ive already written about, but I dont want to prejudge it since Im about to start testing one of them. More on this later, of course.

In the long term, the only differences from the low-end to the high-end of these devices should be capacity. If you want more users, you pay for more. Theres a case to be made that small business-oriented devices should be easier, with more wizards and such. But simple and complex approaches should be offered in all levels of these devices. Features such as anti-virus are tougher to do universally because reputable anti-virus products, such as those from McAfee and Trend Micro, dont come cheap.

Of course, no matter how good your perimeter security is, you need to have good client security too. But its harder to manage all that client security, and your best shot is to stop threats at the front door where nearly all of them try to get in.

Security Center Editor Larry Seltzer has worked in and written about the computer industry since 1983. Check out eWEEK.coms Security Center at http://security.eweek.com for the latest security news, reviews and analysis.

Be sure to add our eWEEK.com developer and Web services news feed to your RSS newsreader or My Yahoo page More from Larry Seltzer

 
 
 
 
Larry Seltzer has been writing software for and English about computers ever since—,much to his own amazement—,he graduated from the University of Pennsylvania in 1983.

He was one of the authors of NPL and NPL-R, fourth-generation languages for microcomputers by the now-defunct DeskTop Software Corporation. (Larry is sad to find absolutely no hits on any of these +products on Google.) His work at Desktop Software included programming the UCSD p-System, a virtual machine-based operating system with portable binaries that pre-dated Java by more than 10 years.

For several years, he wrote corporate software for Mathematica Policy Research (they're still in business!) and Chase Econometrics (not so lucky) before being forcibly thrown into the consulting market. He bummed around the Philadelphia consulting and contract-programming scenes for a year or two before taking a job at NSTL (National Software Testing Labs) developing product tests and managing contract testing for the computer industry, governments and publication.

In 1991 Larry moved to Massachusetts to become Technical Director of PC Week Labs (now eWeek Labs). He moved within Ziff Davis to New York in 1994 to run testing at Windows Sources. In 1995, he became Technical Director for Internet product testing at PC Magazine and stayed there till 1998.

Since then, he has been writing for numerous other publications, including Fortune Small Business, Windows 2000 Magazine (now Windows and .NET Magazine), ZDNet and Sam Whitmore's Media Survey.
 
 
 
 
 
 
 

Submit a Comment

Loading Comments...

 
Manage your Newsletters: Login   Register My Newsletters























 
 
 
 
 
 
 
 
 
 
 
Rocket Fuel