The information below outlines the recommended minimum level of network security coverage that a typical 50-employee company should maintain. This summary provides a basic set of non-technical guidelines. However, SonicWall strongly encourages customers to consult a local network security provider directly for requirements scoping, implementation, and/or managed security services options as appropriate for your environment.
1. Firewall: A well-maintained firewall is the first line of protection for your network. This firewall should be no more than 3-5 years old and should be capable of performing Deep Packet Inspection (DPI) at speeds in excess of your current Internet connection bandwidth and expected bandwidth within 2-3 years. Given the rate of improvement in Internet speeds, a reliable guideline is to purchase a firewall that supports 4-5 times the speed of your network connection today. Maintenance of the operating system (OS) software that runs the firewall is often overlooked, however it is imperative that updates be performed whenever a new version is released.
2. Intrusion Prevention Service (IPS): Intrusion Prevention is one of the core network security technologies that runs on your firewall. It is dynamically updated and provides continuous protection as new threats arrive; SonicWALL refers to this as “daily security updates.” IPS should either be running on the firewall as a subscription service (recommended) or on a separate dedicated 3rd party device. Intrusion Prevention is the technology that evaluates the characteristics of inbound and outbound network traffic and, when properly configured, blocks malicious activity based on patterns that are monitored at the network level.
3. Anti-Virus (AV): Anti-Virus + anti-spyware software must be maintained on every computer connecting to your network. This provides an additional layer of security beyond just Intrusion Prevention alone. While all of the computers your business owns are likely protected by some form of anti-virus software today, SonicWALL recommends that you do not assume this is sufficient to protect your network from harm. Furthermore, do not allow subscriptions to your AV service to expire. Anti-Virus, like IPS, is only as effective as its last daily update.
Firewall Security Services Layers
To have a truly secure network, you need layers of security. That is, hardware with layers of specialized software on top of it. And, optimal security requires that these services be dynamically updated with a steady stream of new threat data from SonicWall.
Network Security Status Report
SonicWALL customers with 2 or fewer TZ family firewalls receive a monthly Network Security Status Report describing the current state of your firewall(s), the number of intrusion attempts and other malware blocked by SonicWALL firewalls globally as well as the status of the security software subscriptions in use that your firewall requires for complete protection.
Additionally, you will receive friendly reminders about the need to keep your service subscription current. It is important that you act on the renewal reminder as soon as it arrives. The most common cause of an unwanted intrusion or other network incident stems from a lapse in services.
This layered approach to security-a firewall, an IPS solution and computer AV-has quickly become the basic foundation for secure networks of all sizes. It should be noted that there are advanced configurations which can replace the need for some individual components. Please contact SonicWall or a certified SonicWall reseller for further details on these options.
Download the 10 Easy Steps to Secure Your Small Business white paper.
Read the recent PCWorld article on intrusion prevention.