If you keep sensitive customer information on your external network, or you keep company financials, for instance, on a network that's connected to the external world, you might want to try a product that offers more options than basic gatekeeping and monitoring. One to consider is SmartWall (base price, $15,495; V-ONE Corp.; 800-495-VONE; www.v-one.com). One nice feature of SmartWall is its real-time monitoring capabilities. Most firewall products, including SmartWall, log all systems activity and can generate reports for the systems administrator. But SmartWall goes a step further and alerts the administrator, via E-mail or pager, about suspicious on-line activity. This is especially useful given that some hackers will bombard a system with entry requests until it crashes and then sneak in while the firewall is down. SmartWall will page an administrator if, for example, someone tries to log into the system a particular number of times with an incorrect password, one sign of an attempted break-in. The administrator can then examine the logs to determine where the meddling is occurring and can reconfigure the software to block particular addresses from entering.
One of SmartWall's major selling points is SmartGate, a smart-card technology that comes with the firewall but may also be used, and/or purchased, separately. Because firewalls deny access, they may make it difficult for legitimate users--such as suppliers and virtual employees--to get into a company's network. Smart cards, similar to ATM cards, let authorized users log in if they're on the road or working from home. (The technology is also available as disks, called virtual smart cards.)
Don Grage, CEO of Potomac Interactive Corp., a Web-site development and Internet consulting company based in Arlington, Va., installed SmartWall with SmartGate about a year ago to ward off hacker attacks. Grage's customers, many of whom hand over detailed company material when contracting with Potomac to develop their Web sites, were worried about the prospect of sabotage and requested that Grage set up a firewall. "They didn't want people breaking in and seeing their company information in its raw form," he says. But Grage's employees have to access Potomac's system off-site when they're making customer-service calls. The smart-card technology allows for both options.
Since installing SmartWall, Grage has had one break-in. Hackers used one of his servers as a repository for stolen Macintosh software and then posted the server's address on a computer bulletin board. After receiving several calls from people who complained they couldn't access the Mac software on his Internet site because of heavy traffic, a surprised Grage investigated and discovered the pirated software (500 MB worth). Luckily, says Grage, the server was outside the firewall, which meant that nobody had gotten access to anything inside the boundary, where private company information resides. Had the firewall not been there, the hackers could easily have jumped from the external to the internal system, because the two are connected. "If they had gotten into our internal local area network," Grage says, "it would have been a nightmare."
Encryption: Hacker-Proofing
Secure as firewalls are, they can't repel intrusion 100% of the time. So if you're looking for the ultimate way to protect your company's secrets, you might want to consider encryption as a second layer of protection.
Think back to the breakfast cereal you ate as a kid. Sometimes there was a paragraph of gobbledy-gook on the back of the box that you could read only by putting a special piece of transparent colored plastic over it. Then, magically, the message would become crystal clear. That's essentially how encrypting a computer file works. One person creates a message and turns it into gibberish, using a special "key," or code. Only someone with the right decoding phrase (the equivalent of the transparent colored plastic) can read the message.
Computer encryption is serious stuff--so serious that the U.S. government has been trying to restrict it for years. Because a good encryption scheme is based on algorithmic mathematics, it's unbreakable unless you put several supercomputers to work deciphering the code--and even the computers may not be able to crack it. "It's absolute," says Craig Rowland, an Internet security consultant in Gaithersburg, Md. Rowland should know. He breaks into systems for a living--when customers ask him to test their security measures. The only thing that ever foils him or any hacker, he says, is encryption.
Probably the most famous encryption program is Pretty Good Privacy (PGP), created by Philip Zimmermann and released as freeware over the Internet in 1991. That put Zimmermann in hot water with the feds, who regard encryption as a potential threat to national security. (The government has banned the export of 40-bit and higher encryption algorithms, which are officially classified as munitions. Currently, the government requires manufacturers to have a special license to export files encrypted above 40 bits; they must provide the government with the mechanism[s] for key recovery in the event of a criminal investigation.) Finally, after years of dealing with the threat of patent suits and federal munitions laws, Zimmermann started his own company, Pretty Good Privacy Inc., in San Mateo, Calif., in March 1996. His first commercial product is an E-mail encryption program called PGPmail ($149.95; 415-631-1747; www.pgp.com). Some versions of the original PGP (which also encrypts E-mail messages) are still available for free on the Internet. (Manuals and technical support are not available with the freeware programs.) PGP is export-restricted.
