Product Review: Big firewall for small offices

Security is a concern for the entire IT community these days. If a large enterprise with trained security personnel has its hands full trying to secure its network while permitting the Internet services needed to do business, then how can a small or midsize business be expected to do the same? Or how can branch offices of large corporations protect themselves if there are no skilled security administrators on-site?

The solution may be a simple firewall and gateway device that installs easily, provides good security and can be managed from an easy-to-use Web-based interface. The Mitel Networks Corp. SME Server V5 is just such a solution.

The SME Server can be deployed quickly by someone who is not an experienced systems administrator. Based on Red Hat Linux, the software is focused on providing a solution that rolls out quickly and requires very little interaction or knowledge on the part of the installer.

SME Server offers an impressive blend of features. For example, the solution can make fine distinctions between the services available on the internal network and those available to the outside world. You can choose to turn on services such as PPTP (Point-to-Point Tunneling Protocol) access or to enable a secure e-commerce Web site, or you can leave your server locked down tight.

The optional ServiceLink feature offers more compelling abilities. For a monthly fee, ServiceLink allows you to combine multiple SME Servers into a single VPN. The normally laborious process of securely exchanging public keys can be done transparently and painlessly, making the creation of VPNs a breeze.

Another key element of ServiceLink is the virus protection service, which lets you scan incoming mail for viruses and quarantine infected mail as needed.

If desired, SME Server can provide POP3 or IMAP (Internet Messaging Access Protocol) e-mail boxes for the office. It can also provide Web mail access, if your business needs browser-based e-mail.

Another key feature is SME’s “information bay” – a repository that can be used as shared network drives, Web sites, or download sites. This virtual domain can be used to host multiple Web sites on the server or carry out basic administrative functions, such as backup and user account maintenance.

Making Life Easy

Small shops without skilled network administrators on hand should appreciate SME Server’s ease of use. Installation and configuration are straightforward. Pop in the CD, boot up, answer a few questions, reboot, answer a few more questions, and you’re up and running in about 30 minutes. The sticking points typically found in Linux installations, such as partitioning and video card support, aren’t a problem because of the specialized nature of the solution.

To configure the server, simply supply the IP addresses for the network cards as needed (one for the internal network and one for the external network) or instruct your machine to use DHCP (Dynamic Host Configuration Protocol). If you happen to be using a popular dynamic DNS to provide a static domain name to your dynamic DHCP-driven IP address, SME Server can automatically update the dynamic DNS every time your IP address changes, a very nice feature indeed.

If your office does not have a permanent, high-speed connection to the Internet, the server can automatically dial up your ISP as needed. It can even optimize the connection to reduce off-hook time or minimize wait time. Again, those preferences can be set in seconds.

Similarly, administering SME Server requires almost no heavy lifting. The system administration Web interface is appealingly simple, obviating the need to edit command files or master arcane Unix-style commands. The system can run as a strongly configured firewall and gateway right out of the box, and if you ever need to modify settings, the Web interface enables you make to adjustments simply and easily.

Finally, new software, in the form of “blades” offered periodically by Mitel Networks, can be reviewed, downloaded, and activated with just a few mouse clicks, making security upgrades a breeze.

Granted, a seasoned security administrator could do an even more thorough job of locking down a firewall. For example, the /usr directory tree could be moved to a read-only partition, which would give crackers less of an opportunity to do damage if they should find holes in your network. Then again, doing so would also increase the complexity of performing security updates.

And that’s the trade-off. SME Server probably isn’t the best solution for large companies because it doesn’t offer the most robust functionality on the market, and because trained security personnel probably don’t want menus insulating them from the nitty-gritty details of security administration. On the other hand, SME Server can be rolled out quickly and it won’t ask you for constant baby-sitting when it’s active. That makes it tough to beat for satellite offices or smaller businesses.

THE BOTTOM LINE: DEPLOY

Mitel Networks SME Server V5

Business Case: This is a simple but effective firewall and gateway solution. It is a very good choice for businesses that cannot afford to hire security administrators for each office.

Technology Case: SME Server can lock down specified services, both internally and externally, straight out of the box. Software blades with added functionality (such as security updates) can be easily downloaded and installed.

Pros:

+ Simple to administer

+ Provides very good security

+ Includes e-mail and optional VPN service

+ Low cost

Cons:

– Not appropriate for large enterprises

Cost: Free download; US$175 per month for ServiceLink option

Platform(s): All TCP/IP-based clients

Company: Mitel Networks; http://www.mitel.com

Russell Pavlicek (pavlicek@linuxadvocacy.net) is an open-source author and consultant.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Featured Articles

Cybersecurity in 2024: Priorities and challenges for Canadian organizations 

By Derek Manky As predictions for 2024 point to the continued expansion...

Survey shows generative AI is a top priority for Canadian corporate leaders.

Leaders are devoting significant budget to generative AI for 2024 Canadian corporate...

Related Tech News

Tech Jobs

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Tech Companies Hiring Right Now