I recently attended a seminar for Fortinet firewalls. These firewalls are highly rated and I recommend them to my clients.

The interface is slick and the features are robust. Fortinet firewalls come in sizes perfect for SMB (Small Medium Business) companies all the way up to Enterprise level corporations.

I have mostly worked with their Fortigate FG-60b and use it for customers up to 100 users. It includes a firewall, IPSec and SSL VPN (remote access back to your office), Intrusion Prevention, Antivirus and AntiSpam Scanning on incoming and outgoing traffic, and Web Filtering. Let’s review these pieces in more detail;

Firewall:

A firewall is a port-based restriction capability. Without a firewall the bad people out there can search to find you on your Internet connection and attempt to hack into your computer. Restricting your Internet traffic to only those ports you need to use makes this much more difficult. If you are not familiar with ports here’s a quick correlation: Browsing the Internet normally uses port 80 (HTTP) and going to a secure web site that shows HTTPS uses port 443. Many chat clients also now use port 80. You will probably never see these ports from your browser, they all work in the background, however if your Internet surfing is this clear then I can close down all the other ports without affecting your business at all.

IPSec and SSL VPN:

A VPN (Virtual Private Network) is a way to create a “tunnel” through the Internet from wherever you happen to be, back to your office. It means you can see the same computers and servers as if you were actually sitting in the office. It’s a great way to work from home. The caution is that your connection to the office and the connection to the Internet all come from your laptop or home desktop and this might be an issue if that computer isn’t properly protected. Any connections from outside the office should be secure.

Intrusion Prevention:

Intrusion Prevention is a step beyond Intrusion Detection in that it sees an attack or flaw and deals with it immediately. It protects you from outside forces trying to hack into your network by looking at known “signatures” of common attack types and stopping them cold. You need this!

Antivirus and AntiSpam:

I can hear you saying, “but I already have Antivirus running on my desktop.” Yes, I hope you do, and this is another level of protection that can remove Viruses and Spam before they even get to your desktop. The current security philosophy is multiple level security, that is, don’t just rely on one product but apply security at various levels; the desktop, the server, the network. And, apply security from the core of your network out to the edge.

Web Filtering:

Web Filtering reviews the web site you want to go to, and if it is known to be a site that contains phishing attacks or other malware it will not let you go there. You can also restrict sites on the basis of pornography, gambling, and many other categories. These days many employers restrict their employees to go to Facebook and other community sites. The Fortigate FG-60b accomplishes that.

Updates:

What many don’t realize is that Firewalls are not a “set and forget” type appliance. Your business changes, circumstances change, and the firewall must respond to these changes. Also, although Antivirus, Antispam and others are updated automatically, it is also important to update the firmware for the firewall and ensure the maximum protection is being applied. It is these proactive update services that set Foreverwarm Consulting apart from other service providers.

Part of multi-level Protection:

A firewall at your connection to the internet is imperative, however you should think of more than one level of protection. I also use ZoneAlarm Firewalls on desktops and laptops. This is a software-based firewall that adds an extra layer and includes a virus checker and spam blocker. Follow the link to find out more.

ZoneAlarm Internet Security Suite — The Most Complete Internet Security Solution

Conclusion:

I hope you can see that with a firewall one can provide a robust secure environment to your company. Updates and changes for any parameter can be handled remotely as they are required.

The Fortigate FG-60b has been price reduced to about $700 and includes a yearly subscription for updates of the virus, spam, and other services. It includes two WAN ports, a DMZ, and a 4-port switch. The firewall will handle 100Mbps and allows for up to 50 VPN tunnels and 70,000 concurrent sessions.

All told, having a firewall product like the Fortigate will help us all sleep better at night.

Foreverwarm Consulting Inc is now a Fortinet Partner. If you have other questions about this product or are interested in upgrading your firewall to Fortinet please contact me.

Microsoft has created a new server for use within homes. Interestingly, it falls under the desktop software section of their site, rather than the server section. This is clearly targeted to the home market.

Windows Home Server is a simplified server platform, a centralized storage spot that also allows restricted access from both inside and outside the home. You can, for instance, use the web server and load up your photos or movies to it, then show those photos from a browser to friends much as you would with Flickr or other photo sites. It will automate backups from client computers to the server and of course maps drives to shared locations.

One interesting feature is that it will consolidate iTunes syncronizations and create a global master iTunes pool, all of your music in one location.

The server sets up easily and requires a small client on each computer that wants to use the server. You have a maximum of 10 clients you can attach. The Server requirements are moderate and the suggested prices is, I believe, around $300 for the software.

If it is as easy as they say, this could be a significant entry for Microsoft into the home. My concerns would be the ongoing security issues Microsoft can’t seem to get over and with this server a compromise would allow attackers to your central computer to distribute attacks from there. I’m also unclear as to how effective the drive redundancy is. According to forum users, losing the main drive can be recovered but all user login information is lost and all links to files/folders must be rebuilt - a potentially time-consuming activity.

It certainly has me interested and I’m trying to get a demo copy but have not fully tested this yet.