Security is a concern for the entire IT community these days. If a large enterprise with trained security personnel has its hands full trying to secure its network while permitting the Internet services needed to do business, then how can a small or midsize business be expected to do the same? Or how can branch offices of large corporations protect themselves if there are no skilled security administrators on-site?
The solution may be a simple firewall and gateway device that installs easily, provides good security and can be managed from an easy-to-use Web-based interface. The Mitel Networks Corp. SME Server V5 is just such a solution.
The SME Server can be deployed quickly by someone who is not an experienced systems administrator. Based on Red Hat Linux, the software is focused on providing a solution that rolls out quickly and requires very little interaction or knowledge on the part of the installer.
SME Server offers an impressive blend of features. For example, the solution can make fine distinctions between the services available on the internal network and those available to the outside world. You can choose to turn on services such as PPTP (Point-to-Point Tunneling Protocol) access or to enable a secure e-commerce Web site, or you can leave your server locked down tight.
The optional ServiceLink feature offers more compelling abilities. For a monthly fee, ServiceLink allows you to combine multiple SME Servers into a single VPN. The normally laborious process of securely exchanging public keys can be done transparently and painlessly, making the creation of VPNs a breeze.
Another key element of ServiceLink is the virus protection service, which lets you scan incoming mail for viruses and quarantine infected mail as needed.
If desired, SME Server can provide POP3 or IMAP (Internet Messaging Access Protocol) e-mail boxes for the office. It can also provide Web mail access, if your business needs browser-based e-mail.
Another key feature is SME’s “information bay” – a repository that can be used as shared network drives, Web sites, or download sites. This virtual domain can be used to host multiple Web sites on the server or carry out basic administrative functions, such as backup and user account maintenance.
Making Life Easy
Small shops without skilled network administrators on hand should appreciate SME Server’s ease of use. Installation and configuration are straightforward. Pop in the CD, boot up, answer a few questions, reboot, answer a few more questions, and you’re up and running in about 30 minutes. The sticking points typically found in Linux installations, such as partitioning and video card support, aren’t a problem because of the specialized nature of the solution.
To configure the server, simply supply the IP addresses for the network cards as needed (one for the internal network and one for the external network) or instruct your machine to use DHCP (Dynamic Host Configuration Protocol). If you happen to be using a popular dynamic DNS to provide a static domain name to your dynamic DHCP-driven IP address, SME Server can automatically update the dynamic DNS every time your IP address changes, a very nice feature indeed.
If your office does not have a permanent, high-speed connection to the Internet, the server can automatically dial up your ISP as needed. It can even optimize the connection to reduce off-hook time or minimize wait time. Again, those preferences can be set in seconds.
Similarly, administering SME Server requires almost no heavy lifting. The system administration Web interface is appealingly simple, obviating the need to edit command files or master arcane Unix-style commands. The system can run as a strongly configured firewall and gateway right out of the box, and if you ever need to modify settings, the Web interface enables you make to adjustments simply and easily.
Finally, new software, in the form of “blades” offered periodically by Mitel Networks, can be reviewed, downloaded, and activated with just a few mouse clicks, making security upgrades a breeze.
Granted, a seasoned security administrator could do an even more thorough job of locking down a firewall. For example, the /usr directory tree could be moved to a read-only partition, which would give crackers less of an opportunity to do damage if they should find holes in your network. Then again, doing so would also increase the complexity of performing security updates.
And that’s the trade-off. SME Server probably isn’t the best solution for large companies because it doesn’t offer the most robust functionality on the market, and because trained security personnel probably don’t want menus insulating them from the nitty-gritty details of security administration. On the other hand, SME Server can be rolled out quickly and it won’t ask you for constant baby-sitting when it’s active. That makes it tough to beat for satellite offices or smaller businesses.
THE BOTTOM LINE: DEPLOY
Mitel Networks SME Server V5
Business Case: This is a simple but effective firewall and gateway solution. It is a very good choice for businesses that cannot afford to hire security administrators for each office.
Technology Case: SME Server can lock down specified services, both internally and externally, straight out of the box. Software blades with added functionality (such as security updates) can be easily downloaded and installed.
Pros:
+ Simple to administer
+ Provides very good security
+ Includes e-mail and optional VPN service
+ Low cost
Cons:
– Not appropriate for large enterprises
Cost: Free download; US$175 per month for ServiceLink option
Platform(s): All TCP/IP-based clients
Company: Mitel Networks; http://www.mitel.com
Russell Pavlicek (pavlicek@linuxadvocacy.net) is an open-source author and consultant.