That was a good response. We're already doing those things, although I'm looking hard at ways to do them better.
I hesitate to mention firewalls, because people seem to get jumped on if they are perceived as thinking that's all they need. But... firewalls are Necessary But Not Sufficient, and I'm not satisfied with my current solution to that aspect of security. I need to address that. Low end firewalls don't offer near the packet inspection and other functionality I'd like to see, and the higher end ones I've used (like Cisco) tend to be too expensive in terms of both management time overhead and capital cost. I want a firewall that actually understands something of the protocols it allowa through, and can detect password guessing attempts on a number of protocols. I reeealy hate opening up ports for the bots to hammer on without good packet inspection, and I just do not have and cannot afford the time to cover all the details manually. I see a lot of talk about SonicWall (they burned me once), WatchGuard, Astaro, Untangle, ISA Server, etc. People talk a lot about what the like or don't, but hardly anyone seems to know what they actually do. >From what I've seen, I haven't been all that impressed. I liked the Cisco 1841 with IOS IPS, but it was buggy and very time-consuming. If I spent that kind of time on all the contenders, I might as well switch careers. Maybe I'm a paranoid iconoclast. Probably. Do you know of anyone who can speak knowledgeably about firewall products appropriate for one-server-no-IT-staff small business? /kenw ~ Upgrade to Next Generation Antispam/Antivirus with Ninja! ~ ~ <http://www.sunbelt-software.com/SunbeltMessagingNinja.cfm> ~
