By Ed Tittel and James Michael Stewart This column starts with the premise that companies have a strong and vested interest in securing and managing their telecommuting employees' home office connections to the Internet. In fact, our guiding assumption is that such organizations want to manage and control their remote employees' networks and connections in much the same way that they seek to protect their corporate networks and IS operations from unauthorized access and use. The remote security management problem is not unlike its on-premises equivalent, except that it is far more broadly distributed and must inevitably work with a variety of different connection types and speeds. Although one might hope to find a whole set of products that combine all the necessary security, access control and connection management features in a single package, a search of offerings available at present is bound to be somewhat disappointing. A quick sanity check against our initial search criteria turned up only three products that met most of those criteria (these are documented in the article entitled "Hitting the Target" at the conclusion of this column). In fact, most home office connectivity products available today appear to focus on creating and sharing LAN broadband connections such as cable modem or DSL, rather than on protecting or managing such connections. While these kinds of solutions
Hitting the Target
By Ed Tittel and James Michael Stewart
* Simple firewall capabilities
* Simple traffic screening on domain name, IP address, or port address
* Network Address Translation (NAT) services
* DHCP for LAN clients Those products that came closest to meeting our original search criteria also included remote management capabilities, some of which supported centralized management from the vendor, others from a centralized, authorized IS location inside the purchasing organization. The first product in this category is WatchGuard's Firebox SOHO. It supports DSL, cable or ISDN, but an external modem is required. It can automatically download software and security updates, and no installation or client software is required (the box handle everything from firmware). It can share a share a single connection with up to 10 users (and is upgradeable to a maximum of 50 users). The Firebox SOHO also acts as a hub for connected systems, and VPN services are available as a recommended, add-on feature. This device is managed remotely by the vendor through a yearly subscription contract, and some configuration control may be gained if the recommended VPN software is also installed. The second product in this category is McAfee's FireWall ASaP (or http://www.mcafeeasap.com/content/vpn_asap/default.asp). FireWall ASaP combines the functions of a managed firewall with VPN services, antivirus checks and content filtering capabilities, and it delivers a general security solution that is pre-configured by McAfee to meet your security requirements. As with the WatchGuard product, this product is also managed and monitored by McAfee as needed. Thus, if your needs change, you must contact McAfee to implement such changes and pay for support service on a yearly contract. This device requires a statically-assigned IP address and is designed for use with McAfee's ASaP VPN product. Although we were unable to find exact details on the connection types support, we'd guess that they include cable modem and DSL at a minimum, perhaps along with ISDN and/or analog telephone support, depending on the precise configuration selected. The third and final set of products in this category comes from Cisco Systems (or http://www.cisco.com/warp/public/cc/pd/rt/1700/) and includes both their 800 and 1700 Series routers. These devices support ISDN, serial connections (Frame Relay, leased lines, X.25 or asynchronous dialup), IDSL and ADSL (modem integrated). Cisco also allows service providers to deploy value-added services, such as security with integrated stateful firewalls and/or IPSec virtual private networks, third-party VPNs, integrated toll quality voice over IP and differentiated classes of service through Quality of Service Features. Cisco recommends setting up these routers by their using Cisco 800 Fast Step, a Microsoft Windows-based configuration tool (or by making arrangements with a service provider to do this for you). The Cisco 800 Fast Step software ships with both types of router and is also available on Cisco Connection Online on the World Wide Web. Obviously, relationships with third-party service providers for small home office security and configuration management will involve some kind of service contract or billing relationship, but we find it extremely interesting that Cisco built third parties into this set of product offerings from the get-go. In fact, we expect to see this entire market segment migrate in that direction in the next year or two. About the authors
Ed Tittel and Michael Stewart are both searchNetworking experts. Click over to ask them a question or read more about them.