BOSTON (05/08/2000) - We are a midsize law office running Microsoft Corp.'s Windows NT on our file server. We want to subscribe to a digital subscriber line (DSL) service. However, we are concerned about security issues - we can't compromise the confidentiality of our client information located on the server.
Our ISP assures us that it can provide adequate firewall protection. Is there a way to determine whether the firewall from the ISP is running and delivering the protection promised? Is there any resource (not excessively technical) that we can utilize to acquaint ourselves with DSL security issues and practical trade-offs?
The big security concern with DSL is that it is usually always on. The TCP/IP security issues remain the same. You want to limit the types of connections your NT file server will communicate with. You may be able to restrict file server access to LAN workstations by using only Windows networking on the server. Encrypting your confidential files adds a layer of protection. Working with your ISP to establish firewall monitoring, scanning and reporting policies, procedures and metrics is your best first step, unless you have internal security expertise available. The ping command can tell you if your firewall machine is running, and there are intrusion-detection software packages that can monitor traffic patterns. Go to www.cerias.purdue.edu/hotlist as your security starting point.
Blass is a network architect at Sprint Paranet in Houston. He can be reached at dr.intranet@ paranet.com.