Is Your Data Safe?

Roundup

The type of security you choose for your system depends on what you need to protect--and why. Herewith, an overview of the options

When you think of purchasing security products for your car, you probably run through a quick checklist in your head: Is your car a natural target for thieves (Porsche)? Do its parts fetch high prices on the black market (Honda Accord)? Do you have anything in your car that a thief might want (CD player)? The answers to these questions generally determine whether you shell out for a highfalutin alarm system, opt for the Club, or simply trust your door locks to deter would-be joyriders.

When you think about security for your company's computer system, a similar rundown makes sense. Who is most likely to try to break into your system, and why? What kinds of information need to be protected most vigilantly? What functions are most susceptible to tampering? Like the automobile-security industry, the computer-security market offers a wide range of options, with everything from antivirus software to one-time password devices. It's a good idea to assess your requirements in detail before shopping around, because one company's security needs may be very different from another's.

Here we take a look at two of the most basic and essential types of protection: firewalls and encryption. A firewall helps control who gets into and out of your network. (Think of it as car door locks and alarm system all in one.) An encryption program prevents anyone from reading your E-mail or the files on your system. (Think of the Club, which makes it impossible for an intruder to drive a car after a break-in.) One or the other--or both--may be right for your company.

Firewalls: Gatekeepers to Your System
Firewalls act as gatekeepers between a company's internal network and the outside world. At minimum, they examine the location from which data enter your system or the location to which data are going, and then choose, based on your instructions, whether to allow the transfer of that information. For example, you might set up a firewall to accept files from your office in Hawaii but to reject any other files. (The most thorough firewalls examine the contents of files for viruses.) In addition to gatekeeping functions, most firewalls monitor the use of your system and keep logs so you'll know if anyone is trying to break in. For example, if someone tries to log on to your system five times with the wrong password, the firewall's activity report will show that. (Some firewalls E-mail or page the systems administrator when they detect suspicious activity.) Other firewalls offer encryption options, which allow you to scramble the information in files, making it unreadable. A caveat: the more protection and options a firewall package offers, the more time-consuming it usually is to set up and maintain. Some programs are so sophisticated that even experienced systems administrators need to take a training course before implementing the package.

Fortunately, there's been a recent move toward firewalls with user-friendly graphical interfaces, as opposed to the UNIX-based firewall software (which requires you to type in commands) that dominated the market until about a year ago. For companies short on technical expertise, FireWall/Plus (from Network-1 Software & Technology; 800-NETWRK1; www.network-1.com) is one product to consider. FireWall/Plus has a graphical user interface; you simply click on one of 10 buttons to configure one of the 10 different firewalls. One option, for instance, prevents anyone from getting onto the Internet through your system; another lets people transfer files out of the company but blocks any files from coming in.

Richard Gillespie, manager of network services for Aspen Publishing, in Gaithersburg, Md., bought FireWall/Plus to use at the $60-million health and legal publishing company. He wanted employees to be able to use E-mail and the Internet but didn't want anyone from outside to be able to send files into the company via the Web. "I pointed a green arrow at the button that said 'mail in/out, and Web out,' and that was it," says Gillespie. That convenience was the clincher. He says he bought FireWall/Plus because he didn't want to go through the ordeal of learning UNIX.

FireWall/Plus can also be used to set up internal firewalls. While most firewalls are written to protect companies from external threats via the Internet, FireWall/Plus also filters traffic on internal networks. The program not only can tell whether a file is external or internal but can determine the source of a file from within your own network. For example, if you want to protect your financials from prying eyes in your own company (say, from the sales department), you can set up FireWall/Plus on an internal network server. Since the program takes up less memory than external firewalls, it can coexist with other server applications, such as E-mail programs, and protect those applications at the same time.

Pricing for FireWall/Plus varies, depending on which version you choose and how many users will access the system. (Industrywide, the cost of a firewall rises with the number of users; some vendors tack on additional fees to configure the firewall for you.) If you want full Internet protection, prices range from $5,000 to $13,000, depending on the number of users. Once you have the Internet version set up, you can add internal firewalls for anywhere from $2,500 to $6,000, again depending on the number of users. There is also an individual workstation version (if you want to, say, protect only your chief financial officer's computer), which sells for $750 for up to five users.

Another easy-to-use firewall is On Guard ($6,490 per 100 users; On Technology Corp.; 617-374-1400; www.on.com), which can also be used for an internal firewall (although it's not as flexible as FireWall/Plus). And new this spring is the Wall ($995; Raptor Systems Inc.; 800-9-EAGLE-6; www.raptor.com), aimed at businesses with up to 25 users. Setup time for these products is minimal (less than an hour in most cases) and administering them doesn't require an understanding of UNIX. The downside is that you sacrifice some flexibility in configurations and, in the case of the Wall, you're locked into the limited universe of 25 possible users.