Fortinet FortiGate-224B
>> Read ZDNet Australia's full review
Fortinet has taken their proven UTM firmware and hardware experience and combined those with a 24-port network switch. While perhaps not suited to larger enterprises, the FortiGate-224B certainly represents an excellent proposition for SMB or branch office deployment and worthy of further research.
RRP: AU$8454.00
The good:
- All-in-one network and security device.
- Despite quite complex functionality the interface is clear and easy-to-use.
- Good levels of redundancy are provided.
The bad:
- Potential for "all eggs in one basket" issue.
- Incorrect deployment or configuration could lead to a single point of failure for either network or security systems.
- "Jack of all trades and master of none" issues.
The bottomline:
While perhaps not suited to larger enterprises, it certainly represents an excellent proposition for SMB or branch office deployment and worthy of further research.
Editors' rating:
As a number of horror stories reveal, corporate networks aren't the safe and tightly controlled entities they should be. Here we expose just how wrong it can go and ask leading industry figures to light the way towards effective network management.
Have you heard the one about the financial services organisation whose employees had a competition each day for the colleague who could best beat the URL filtering system and access the most inappropriate content on their desktop PC?
Or what about the employee who, over the course of a few weeks transferred huge chunks of data from the corporate network to a home PC and then promptly upon completion of this data heist handed in his notice?
Then there are the thousands of employees who leave their PCs streaming Internet radio over the weekend -- and those who have Webcams streaming all day, every day via their instant messaging application.
It gets worse -- those examples are just a snapshot of real life scenarios unearthed within large enterprises.
This level of network abuse is far from a rarity. Penetration testers at SecureTest know better than most what employees could do on a network -- especially those with an axe to grind. One large financial services company that SecureTest worked for sacked a staff member a few months ago but failed to revoke the ex-employee's remote access on all systems.
This open door for malicious attack was duly used and a worm caused havoc on the network.
Another sacked employee, this time within the healthcare sector, used a similar vulnerability after his termination to launch a Trojan and wipe files and back -- ups from company hard drives.
If this paints the picture that networks are in chaos then in many instances that's not far from the truth. Even if staff aren't flagrantly breaking the rules or acting in a malicious manner, poor policy enforcement or a lack of end -- user education can still hamper network performance. You may well have encountered the member of staff who sends 20MB worth of e-mail attachments to 500 desktops as "photos of last night's Christmas party". It's not malicious but it sure isn't helpful.
Centennial Software, a provider of asset management services, has looked inside many a corporate network to reveal assets the company never knew it had. One UK government agency, for example, found it owned a vast array of disused technology still plugged into its network, including a mainframe computer that had somehow escaped the IT manager's gaze.
Another government department couldn't explain why there was a rogue 56Kbps modem dialling into its network from another country where the department had no offices or remote staff.
And imagine shelling out for hundreds of new servers and desktops only to discover, on closer inspection, you already owned all that kit, and more, but had simply lost sight of it in the dark corners of your network.
So to avoid such problems, here are some tips for better network management -- straight from the experts:
Be proactive
Ian Cummins, European sales director at Network Instruments, said: "Often administrators will only apply analysis tools after the network is already slow or down. Rather than waiting for problems, you should continuously track performance trends and patterns that may be emerging. Active management allows you to spot and limit the impact of performance anomalies and network problems."
Keep it simple
Anton Grashion, security strategist at Juniper Networks, said: "Having centralised control of your network is crucial. You need to have real -- time information on the current status of the network, and who is accessing what information. It is important to be able to adapt the policies easily, to make the day -- to -- day management of the network as simple as possible."
Beware the "corporate ghost"
Alex Raistrick, northern Europe director at ConSentry Networks, said: "A flexible workforce, utilising temporary workers or contractors, can offer instant scalability and help control costs but it's vital this doesn't cost you your business. If you let people onto your network, you need to be able to track the movements of these "corporate ghosts" and know where they are and what they are doing."
Know what's coming in under the radar
Nigel Hawthorn, vice president at network security and performance specialist Blue Coat Systems, said: "Keep watching for new technologies. Skype, IM and P2P were all new once, though many people have still not implemented rules for these. What about YouTube? Are non -- business streams impacting performance? If so, ensure that the systems for control have enough intelligence to create granular policies for different circumstances."
The same is true for hardware, according to Kees Vos, global portfolio director for security and business continuity at AT&T. He said: "If you have people bringing in machines which are out of compliance with your policies then you have to make sure it can't get straight onto the network."
Introduce effective policies
All companies should have acceptable use polices and these should be well advertised during any induction of new staff. Regular reminders and organised refresher sessions should also become standard.
"IT should not work alone," said Blue Coat's Hawthorn. "Check with HR and senior management before deploying policies." Ensure staff understand everything from why they shouldn't take sensitive data out of the building unencrypted on USB keys to why they shouldn't sit streaming huge media files or forward large attachments.
Recent research from managed security specialist MessageLabs suggest 76 percent of small companies have acceptable use policies. But how many can say they rigorously -- and effectively -- enforce them?
"If you have policy make sure it's not just a PDF sitting in some folder. Make sure it is enforceable on every machine," said AT&T's Vos.
Don't let policy dent your effectiveness
But policy can also get in the way when implemented poorly. Blue Coat's Hawthorn added: "Consider allowing the user to override policies so that IT does not have to react to instant demands for changes. Consider treating the users as adults, for example the system may say 'Bob Smith, the site you are trying to access, Playboy.com, is not usually considered a business site. However if you have a business reason to view this site please click here to continue. All Internet access is logged and your policy is shown here'."
Such an approach would remind users their activity is being monitored but in instances where people do have to access content deemed adult or inappropriate for valid reasons and could reasonably defend their reasons -- such as journalists researching a piece about Internet gambling sites -- IT doesn't have to add constant exceptions.
Don't just throw bandwidth at the problem
Joel Trammell, CEO of NetQoS, said: "Increasing bandwidth is not a panacea for solving performance problems. Make sure you understand the cause of the problem before taking corrective action like throwing bandwidth at it. Delay, for example, could be caused by the server, the application or even the transit path. The ability to measure the right performance metrics is key."
Don't assume the network is to blame
One of the most common complaints within a business is "the network is running slowly" but it is not always the network that is to blame. Misdiagnosis is as detrimental to the effective running of your network as not spotting a problem at all.
Network Instruments' Cummins, said: "Often users blame the network when operations are running slow on their computer. To be able to quickly pinpoint network issues, it is critical to analyse and isolate problems pertaining to both the network and application performance."
