| Randy Johnston
has been involved in computing for over 25 years. In addition to being a top-rated and entertaining speaker presenting technology seminars worldwide for K2 Enterprises (www.k2e.com), he is also Executive Vice-President and Co-owner of Network Management Group, Inc., a full-service computer networking and service company. Randy recently published Technology Best Practices for Wiley Publishing. You may contact Randy by e-mail at randyj@nmgi.com, or by phone at (620) 664-6000. |
Computers & Software
2002-10-01 13:43:00
T-1 lines and security
: Does a T-1 need more or less security (i.e. a firewall) than a dial-up or cable modem?
Randy Johnston
Question: Does a T-1 need more or less security (i.e. a firewall) than a dial-up or cable modem?Answer: The T1 connection needs more security because there will be a larger number of users and the probability is high that you will have sensitive information accessible via your network. However, the need for security is no less on a cable modem, DSL or dial-up connection if you have sensitive business information on your network or computer. Our current working rule is very simple: if you don't have firewall protection for your Internet connection, stop using the Internet. You don't need access to email and web browsing badly enough to continue to use the Internet without protection. Firewalls are a combination of hardware and software that provide filtering of traffic that result in protection for your applications and data.Understanding the level of firewall protection that is required can make your files safer, and your Internet experience more secure without being troublesome. Most of the time that a computer is connected to the Internet, it has an IP address that identifies it to other computers. A firewall shields, protects, and often translates an IP address so that other computers can't address your computer directly. This is particularly important whether you are protecting your computer from the outside world (hackers and crackers) or from other departments in your company (payroll from everyone else). A T1 line is a high speed permanent communication line that runs at approximately 1.5MBps (Million Bits per Second). This line can be used privately with no Internet tie, but the way you asked your question, it looks like you have a T1 for Internet communications or provisioning. This line has either 23 or 24 channels of 56KBps (Thousand Bits per Second) where each channel will support about 10 heavy Internet users. Your T1 may well provide Internet services for 200 users or more. Since you have such a large Internet pipe, this implies you are using it for business purposes. You probably have confidential information on your network and you are large enough to have an IT staff. Your needs are more sophisticated, and we would commonly recommend firewalls from vendors like Cisco using their PIX firewall software. This product is expensive, and difficult to configure, but is one of the better firewalls in the marketplace. Competitors include products like CheckPoint.Smaller Internet pipes for fewer users can be provisioned using services like DSL or Cable Modems. These communications links are almost always Internet enabled, and should have a firewall as well. Both DSL and Cable, like the T1, are always on or always connected to the Internet. Since the services are always on, your users will have immediate access to the Internet without waiting for a dialing connection. It also means that computer users from the outside world could always have access to your local area network if you have no protection. We suggest that for less expensive DSL or Cable connections to the Internet that a less expensive and less sophisticated firewall is adequate. There is a pretty good chance that you have a smaller number of computers if DSL or Cable has enough capacity for your business. Additionally, it is likely that you have a smaller or less capable IT staff as well. For this type of application, we recommend SonicWall firewalls, either in the SOHO family (10, 25, 50 users) or the Pro family (100, 200 or 300 users). This firewall product is an appliance that is slightly bigger than the size of a VHS videotape, and has software that can be updated without operator intervention. This product is far less expensive than comparable Cisco products, and provides roughly the same level of protection. Far less protection comes from inexpensive appliance firewalls like those from LinkSys or DLink. For home protection, we ask users to consider one of these three appliance firewall vendors.If you want to be able to connect securely at high speed from your home back to your office over the Internet, remember that Virtual Private Network (VPN) technology can provide secure, seamless integration. This will take firewalls that have VPN software loaded and configured. Again, we recommend Cisco or SonicWall products for this application. The SonicWall Tele3 product is a nice combination of appliance firewall hardware, good software protection and VPN software for around $500 at the home. I use my own SonicWall to connect back to my office network and have the ability to use servers and printers as if I was sitting in the office.Finally, if you are using dial-up, you still need protection. When you connect to your Internet Service Provider, you are assigned an IP address that makes your computer accessible by others on the Internet. You do not want your local or personal files to be at risk while you are on the Internet. A software firewall is probably adequate protection, although we would still prefer an appliance firewall product that has a modem port. Software solutions include: Symantec Norton Firewall, BlackIce Defender, and ZoneAlarm. Software products that run on your local computer do not provide as much protection as hardware products that run on dedicated appliances, routers or computers.Regardless of the speed of your protection, get a firewall! It is a requirement for doing business safely over the Internet. If you choose not to implement a firewall, it won't be a question of if, but a question of when your personal computer or network will be attacked.