Tech Tips: Firewalls and Security

Learn more about technology tips for dealing with firewalls and security issues.

Firewalls

Q: Dear IT guy, my Network Administrator recently published a Remote Access policy for the law firm at which I am a partner. It states that anyone requesting remote VPN service into the firm's network will need to set up a firewall appliance to prevent hackers from tunneling in. I have a Windows XP computer at home that has firewall capabilities with the software. Can you tell me the validity of the Remote Access policy and why I can't use my XP firewall instead?

A: I applaud your Network Administrator's forethought on putting together an Remote Access policy because the need for a physical firewall is well grounded. The cost of physical firewalls has come down in the past year and is a sound investment for anyone having broadband access. Given that most business computers have a broadband connection (which is left connected most of the time), the threat of being hacked into is worth consideration. Without a firewall appliance in place, your firm's VPN connection could allow a hacker the ability to tunnel through your computer into the firm's network. Compared to the software firewall provided with Windows XP, a physical firewall is more likely to stop any attacks due to the firewall's use of Network Address Translation (NAT).

Sending Sensitive Documents

Q: IT Guy, I have some sensitive documents that I repeatedly send to a client via electronic transmission. I was recently informed that my outgoing email with the documents attached may be vulnerable to being intercepted and read. How can I safely get the documents to my client?

A: Thanks for bringing up this question. Many firms use email to exchange sensitive documents, but often overlook the security of their email programs. My suggestion is to avoid email as a means of transmitting highly sensitive documents. Instead, have your IT department set up a secure FTP server. Documents can then be loaded onto this server in a folder accessible to you and your client through an encrypted user authentication. With an FTP server, you are able to provide a high level of security to the document exchange process.

Server Room Security

Q: Dear IT Guy, I am having a problem with building maintenance accessing my server room; they have left the door open on a couple of occasions leading to a vulnerable security situation. I would like to ask if you have any ideas on being able to monitor this situation?

A: I have a solution that is low cost and will provide what I think might be an answer to your problem. In some of my seldom-accessed network closets I have placed a Veo-Observer network camera with the motion detection attachment (Veo-Observer retail at CDW for $242 w/ MD adapter). The Veo software allows you to set up a SMTP email address to forward a camera snapshot when the motion detector is triggered. In your case, you would know when the maintenance staff was accessing the server room and could rectify the situation once the email was received. It is also great proof of who accessed the server room.

Preventing Improper Downloads by Employees

Q: Help IT Guy, I am finding it harder to block P2P and KaZaa downloads from employees. I used to be able to block ports 1214 and on my firewall but I think I have some tech savvy people that have found another route.

The advice I used to promote was to use a Cisco Router loaded with a Software Feature Pack that included CAR (Commited Access Rate). The CAR port setting for those known KaZaa and P2P ports can then be set at a very slow rate of transfer. This would allow a very slow stream of download but not force the software or user to seek another port. The person downloading, out of frustration would eventually stop downloading. Since download ports can be changed, the blocking of the download traffic needs to occur at the protocol level. Using a Cisco router with NBAR configured to drop the P2P traffic through the router's IOS (12.2(13)T or higher) the traffic can be blocked.

Virus Scanning

Q: Dear IT Guy, a few weeks ago my firm installed a home firewall appliance for a VPN connection into my work's domain. The computer guy that helped get it installed mentioned that the firewall had a virus scanning option but he was unfamiliar with it. Do you know if the virus scanner on the firewall is something I should look into?

A: Dear reader, the firewall virus scanning option is a great feature to have running. This is especially true if you have more than one PC running on your home network behind the firewall. Many of the firewall manufacturers offer virus signature file updating service and having this run would make a good supplement to your locally loaded virus software.

Q: IT Guy, we recently install a new virus-scanning suite from Trend Micro and we are fairly comfortable with the three layers of virus scanning on our network. Is there any other suggestions you would have to further protect us from virus infection?

A: Dear reader, one area of virus protection that frequently gets overlooked is with network routers and switches. This is especially true as of late with certain Cisco products. In addition to the virus protection you have installed on your servers and nodes, it is very important that you keep your router and switch IOS's up to date. This will help prevent any virus infection on your networking backbone.

Tips courtesy of Chuck Linebaugh of O'Hagan, Smith & Amundsen.

Technology changes quickly. For a more up to date discussion on this topic, please visit the Legal Software section at FindLaw’s Technologist blog.