Power to the SMB

Jeanne Lim / Singapore

It is a fact that most small- and medium-sized enterprises (SMBs) face a common bugbear when implementing security solutions—that of limited IT budget and resources. IT managers are often told to “make do” with what they have. But when it comes to something as important as securing the corporate network, sometimes, making do is just not enough.

Recently, a friend of mine, James—who has to oversee network security although his main job function is that of a Web administrator—had to tackle a thorny DDoS (distributed denial of service) problem. His company is a typical SMB setup, with about three IT guys and 70 staff.

What happened was the network slowed down to crawl, and no one in the company could access the Web. A DoS agent was working its mischief, and this worm was spreading fast. The Sniffer program that examined incoming and outgoing network traffic detected three infected desktops.

However, as soon as James identified the infected machines and brought them offline, the worm spread to three more machines.

In the end, not only did the Web server go down, but the internal firewall as well, because the firm was using a low-end firewall which could not handle the high number of concurrent connections that was caused by the worm. As a result, Web and e-mail access was disrupted for at least half a day, causing great distress to employees, especially the ones who were heavily dependent on e-mail for correspondence.

No one can stop malicious attacks if the intention is there, but the problem could have been mitigated if the company had been able to afford a higher-end firewall device. Which is why I found it heartening that vendors such as WatchGuard design their products with the needs of SMBs in mind. Many IT security vendors address the SMB space by selling pared down versions of their enterprise products, but the irony is, SMBs are the ones who need all the features in an affordable package as many of them can’t afford to hire dedicated staff to handle network security.

Meanwhile, Mark Stevens, WatchGuard’s chief strategy officer, brought out another moot point. He felt that the onus is on the network service provider to detect and prevent DDoS attacks on customers’ networks.

However, James didn’t feel that getting service providers involved was the answer. He said: “Service providers are the key to everything. They can put an end to spam, DDoS, hacking, and so on. But it’s also easier said than done. For one, they have too many customers, and if they disrupt their services, there will be many unhappy customers who are paying for the service. “For example, the boss may not understand and will be very unhappy if the network service goes down because of one infected machine. As for me, I perform penetration testing [for simulation] to make sure that the network is not vulnerable to attacks. Does that mean I have to inform the service provider?”

In the end, he said that the answer to SMBs’ budget woes could be Linux. With open source software, he could install a full-fledged firewall at a very low cost. The only challenge will be convincing his bosses about the reliability of Linux when it is used in network security.

In the meantime, James would still have to contend with making do, but hopefully, there will come a time when he and others in the same situation will get what they really need.

This article first appeared in Asia Computer Weekly