This is a cringe-worthy response: I'm a big believer in proactive IT, and security is one of those areas, along with backups, that get neglected because of cost. Because there is no immediate value-add to security (indeed, the effect of good security is invisible), many companies choose to invest that money elsewhere, reasoning that they can't afford an effective firewall appliance like a Sonicwall or an ASA.
Given today's recession, many small businesses have to cut operating costs, and sadly firewalls are an area that may not be as immediately necessary as others. The saddest part, however, is that there are open-source solutions out there that make perfectly serviceable firewalls for nothing but the cost of an outdated PC or virtual machine.
IPCop - Cost Effective Firewall
IPCop, the example we'll use in this article, is an open-source OS based on Linux that is designed to act as a firewall and router. Unlike a vanilla Linux distro running iptables, IPCop goes far beyond simple add and drop rules; it has features one might expect from a more advanced firewall appliance, including intrusion detection, VPN services, and traffic shaping capability. IPCop was designed for this very application (cost-effective firewall solution) and as such it is made for the small business network admin in mind: The entire OS is run through a stylish web interface, allowing easy administration of the IPCop firewall from any web-accessible machine, and the installation is straightforward and full of easy-to-understand directions.
IPCop is one of a number of distros, like Smoothwall, which aim to be full-featured firewalls for small business. Unlike Smoothwall and others, however, IPCop is completely free, thus making the insertion of an IPCop instance in your network both a painless and extremely cost-effective solution, especially where a dedicated hardware firewall appliance is an expense your business simply cannot afford.
IPCop Disadvantages
IPCop does have its disadvantages, of course, especially when compared to a more robust appliance like a Cisco ASA. It lacks the fine granularity of IOS, for example, and some of the more advanced ACLs and command-line magic the IOS performs is beyond the scope of the IPCop instances. That said, however, IPCop comes very close to the performance of an entry-level ASA, and many of the functions an ASA provides are duplicated effectively in IPCop's web interface.
Linux Distro
The title of this article, however, is not "Best firewall appliance". We're here to talk about cost-effective firewall solutions, and in that regard a Linux-based distro is unbeatable. While it does require some spare hardware, the system requirements are quite sparse, and so the implementation cost is minimal at best (and the software is, of course, open-source and free). In fact, even disregarding the price, I am willing to put forth the semi-controversial idea that IPCop may be as good as a dedicated firewall device in a small business setting; many of the functions it provides are more than suitable for a small business network.
That said, no network should be without security; the cost of a firewall appliance, though prohibitive, need not stop a small business from implementing security solutions. With open-source, free solutions like IPCop, a network admin can insert a firewall into his network infrastructure at little to no cost, immediately making his network more secure and giving him the power and functionality of a dedicated firewall appliance at a fraction of the price.
LearnComputer! (learncomputer.com) offers instructor-led local, online and onsite Networking courses for companies and individuals. Sign up for an upcoming Networking course with LearnComputer! today and learn the skills you need to succeed in your career!
No comments:
Post a Comment