[This is part 9 of a 10 part series titled: “So You’re An IT Noob“]
Security, at least in my experience, is still one of the most overlooked aspects of IT infrastructure. Normally, the people I have come across usually think,
“Why would anybody hack our organization?”
The thought process being that if they’re a Church or a business that largely performs services, then they’re not a risk.
Getting hacked is only part of the problem. Malware including viruses, spyware, adware and other issues are also a big problem. If you worked in IT from 2002-2006, I am sure you had to fight off some nasty viruses that would literally shut down a company for days while the IT guys sought to clean it off the system.
While such viruses are not as common these days, malware has certainly become more sophisticated. It is not unusual to find somebody with a computer that is its own bot-net, sending out Viagra spam to the masses and the person in question has no clue. That is until their ISP blocks their outbound content.
Question: Should your church start up have a firewall?
Yes.
Firewall
I don’t use a firewall for my home network. I am savvy enough to have in place, processes with the equipment I already own to deal with the majority of threats I might see, but an organization is a different story even if it is small.
Firewall’s used to be challenging to set up. Whether it was a hardware device or software application, some knowledge was needed in setting up a configuration. You’re an IT noob, so chances are you have no idea what this means:
access-list inbound permit icmp any any
access-list inbound permit tcp any any eq www
access-group inbound in interface outside
static (inside,outside) tcp interface www 192.168.1.100 www netmask 255.255.255.255
The good news is, this has become much easier for noobs to implement. Hardware devices (you may see them referred to as appliances) are so much less expensive than they were just five years ago and are pretty painless to get set up.
There are plenty of good devices out there (it is a well saturated market). I can recommend the following brands:
In addition, for the noob, I can think of no better product than Barracuda‘s devices. I’ve used their devices at various levels and for different applications and they are solid. In addition, Barracuda has excellent customer service.
Better yet, Barracuda has been an organization that has evolved with the tech world, specifically in the realm of cloud computing. While their devices work well, what if your Church has signed on with Google Apps for email?
Barracuda has that covered as well with a virtual service. If you have 10 or less users in your organization, it’s free!
If are using an Exchange or Domino (Please, for all that is wonderful in God’s world, I hope you do not use Lotus Notes) server, the device will serve you well. They’ll even let you evaluate a unit for 30 days at no cost. Pretty neat.
Web Filtering
Productivity is important, and so is keeping people accountable. Don’t look at web filtering as a means of “not trusting” those in your organization. Think of it as I said, an accountability tool. Christians are often under the delusion that people who work in Churches aren’t going to visit pornographic websites or gambling websites.
Christians often forget that Christians struggle with these issues like anybody else.
Christians too, can be unproductive at work, even if they work at a Church.
So there is nothing wrong with filtering web traffic. At my previous place of employment, we were able to monitor traffic going out of our network and found it being clogged with visits to YouTube, Pandora and ready for it? Netflix! 2-3 people were streaming Netflix movies at their workstations.
Barracuda again makes an excellent web filtering device that can handle all of the necessary tasks and will also prevent users from going to websites with malware.
In addition, BlueCoat has solutions including a cloud based filtering system.
Do the research here. You don’t want to spend more than you need up front, but don’t ignore potential threats in an effort to save money. I have found that too many organizations play the odds and some of them do get by without issue, but those who get hit, spend far more in time and resources than they would have if they took preventative measures up front.
Now, for the final part of our series!
Eric J says
Would you not consider your NAT router at home a basic firewall? And yeah our church has a firewall and webfiltering, the filtering is pretty basic so i don’t run into it too much, it used to block imgur images because some of them are pornographic but i got our IT guy to white list the site so our communications team could continue to use twitter. Our firewall only allows ports 80 and 443 i think but i’m not 100% sure, i can still use skype and bittorrent (bittorrent is for legit reasons) so we might have more ports available.
Anyways this is a great series Jay!
Jay Caruso says
Thanks Eric!
Yes, I would consider my NAT router a basic firewall (it’s what I use at home), but it’s not something I would recommend for an organization, even it is just a startup.
Casey Riley says
Iprism is also a great web filtering appliance especially when you get up into the h-series of appliances, we are also using a Fortigate firewall that is managed by an offsite security company which takes that stress off of my shoulders I just get a phone call every now and then when a threat is detected.
Jay Caruso says
When I was still working at my company, we went with a managed security solution for the same reason.
Thanks for sharing the info on Iprism!
Mason says
I recommend OpenDNS as a filter option for anyone who has router access. Simple, free and great for work and home.
Eric J says
I use OpenDNS at home for personal accountability and to prevent our exchange students from visiting torrent sites.
Jay Caruso says
OpenDNS is awesome. Our IP provider at my old company was Sprint and we used their DNS server for external browsing and it was AWFUL. I switched over to OpenDNS and it was like buttah.
Thanks Mason!
Eric Dye says
I just love the post thumbnail. It’s fully awesome.
Jay Caruso says
It is awesome.