• / Free eNewsletters & Magazine
  • / My Account
Home>Practice Management>Technology>Securing Your Small Network

Related Content

  1. Videos
  2. Articles
  1. Can 401(k)s Get the Job Done?

    Roundtable Report: Christine Benz, John Rekenthaler, and David Blanchett weigh in on how this savings vehicle can be made better and used better by the increasing number of Americans who will depend on it.

  2. Managing the Risk of Outliving Your Assets

    Morningstar retirement expert David Blanchett covers the pros and cons associated with the key longevity insurance products.

  3. Benz: How Small Changes Can Bridge a Retirement Shortfall

    Bundled together, small tweaks can help investors get their portfolios ready for retirement, says Morningstar's Christine Benz in this special one-hour presentation.

  4. Session 2: Midyear Portfolio Checkup and Risk Factor Review

    Director of personal finance Christine Benz will help you check your true exposures and stress-test your holdings in session 2 of Morningstar's 2012 Midyear Financial Checkup.

Securing Your Small Network

A new router from ZoneAlarm can help you easily secure your network.

Joel P. Bruckenstein, 01/18/2007

Most advisors I speak with are increasingly concerned about the security of their data. It is easy to understand why. Viruses, worms, and other malware are prevalent. The threat from hackers is real. Incorrectly configured routers, weak passwords, and other user-related errors leave too many readers vulnerable.

Based on what I hear from advisors, and what I see when I visit the offices and homes of advisors, it is clear to me that with regard to Internet- and network-related threats, two groups of advisors are most at risk: small advisory firms that use consumer wireless routers at their place of business and advisors who use consumer wireless routers for their home-office network.

Says Check Point Software Technologies spokeswoman Allison Wagda, "The typical home wireless router only offers basic security features." As a result, many users may believe that their network is more secure than it really is. When you add in the fact that many users do not know how to configure their routers to take full advantage of all the security features offered, and many either rely on the default passwords or other easy-to-break passwords, you have a potential accident waiting to happen.

Until recently, users with modest networking needs and limited budgets didn't have many alternatives. They could choose to purchase a business router, which was expensive and difficult for novice users to configure, or they could stick with a consumer router and hope for the best.

Now, it appears there is a better solution. It is called the ZoneAlarm Secure Wireless Router Z100G. The Z100G is the first unified threat management (UTM) appliance created for consumers and home offices. This router, currently available only on the Zone Alarm for the special introductory price of just $149.95, including shipping, could be an ideal entry-level security appliance for financial service professionals.

What makes the Z100G so good? For starters, it includes seven layers of protection: a firewall, intrusion detection/prevention, antivirus, Web filtering, VPN remote access, wireless encryption, and secure remote desktop access. Let's briefly examine each.

Almost all Windows PCs these days employ some type of software firewall. ZoneAlarm, for example, offers a software firewall that many consider the best in the business. Other vendors of security software, including such well-known names as Symantec (Norton) and McAfee, sell competing products.

So why is router firewall protection important? Because if malware gets past your router, it has already breached your first line of defense. Ideally, you want to stop threats before they get past your router. There may be devices on your network that do not have protection and thus are susceptible to attack, or computers on your system might have software firewalls that are not configured or maintained properly.

The best defense against attack is to stop intruders before they get past your router. The ZoneAlarm router is designed to do just that. ZoneAlarm claims that its security appliance, which uses Check Point's Stateful Inspection technology filters, is capable of catching deep threats that others miss. Since the technology underlying this device is the same technology used in Check Point's business class systems, I'll give the firm the benefit of the doubt.

So is the router firewall sufficient? Do you still need to run a software firewall on each PC? According to Wagda, yes. "We view the router firewall as an additional layer of security, not a replacement for your PC's firewall," she says.  "In theory, if all of your computers never left the office, and you never downloaded any suspicious programs over the Internet, the router's firewall would suffice, but we don't recommend it."

If you rely on the firewall and you, or someone in your home or office, downloads a program over the Internet, the router's firewall assumes you know what you are doing and that the program is save. A PC-based software firewall would serve as a second layer of defense, to make sure the download really was safe. In addition, if you use a laptop, even if it was safe within your network, it would be at risk when you moved it outside your network, so a software firewall would still be required.

The device employs an added layer of protection; something called SmartDefense. This tool scans network traffic to stop hackers and worms. Through the use of Application Intelligence, the user can control potentially hackable applications such as peer-to-peer file sharing and instant messaging. 

The Z100G ships with VStream Gateway Antivirus. Just as you want to prevent other threats at the router, you also want to stop viruses before they get past the router. That is what this application does. The purchase includes one year of free updates. After that, users can renew their subscription for a fee.

The appliance includes built-in Web filtering. Users can block out sites containing sex, violence, drugs and alcohol, criminal skills, and hate speech. There are about 30 filtering categories in all that the administrator can enable or disable.

The Z100G can enable remote access to the user's network through the included IPSec VPN (virtual private network). A VPN creates a virtual encrypted tunnel between two endpoints: the remote computer and the network. To connect to the network, the remote user has to install VPN client software on the computer being used. The Z100G includes the use of Check Point SecuRemote VPN client at no additional charge. In order for the VPN to work, a static IP address may be required.

The appliance supports secure wireless communications through the use of WPA 2 (802.11i) encryption standards. In addition, there is complete firewall isolation between the wired and the wireless network segments.

The ZoneAlarm Z100G includes Remote Desktop, an integrated client for Microsoft Terminal Services, as well. The software allows users to connect to a Windows computer securely, without installing client software. It functions much like GoToMyPC, allowing the user to control the desktop remotely. This feature requires Windows Server 2003, Windows XP Pro, Windows Media Center, or Windows Tablet PC 2005. It does not work with Windows XP Home.

If you've been using an older wireless router, you will appreciate this appliance's performance. The Super G standard enables speeds of up to 108 Mbps, provided your computer supports that standard. The router offers compatibility with the older B and G standards as well. ZoneAlarm claims coverage of up to 984 feet indoors and 3,280 feet outdoors, but like all wireless routers, results can vary dramatically based on architecture, and the placement of the router.

The device also includes a built-in print server. This allows users to easily configure any USB printer into a wireless network printer.

Perhaps the most striking feature of the ZoneAlarm Z100G is ease of use. When it comes to networking, I don't consider myself particularly savvy. The odds are that if I can set up the appliance effortlessly, so can you. Over the past few years, I've had an opportunity to try out routers from most leading manufacturers, and none is easier to set up than this one is. The 35-page "getting started" guide is well written and illustrated. You will need to know how you connect to the Internet (cable modem, static IP, dynamic IP, etc.), and depending on how you connect to the Internet, there may be a few pieces of information you need to know For example, if you have a static IP address, you need to know what it is. Odds are, your Internet service provider has already provided you with this information. If not, a telephone call to your ISP will produce the information you need.

Armed with the required information, you configure your PC as described in the guide, start the setup wizard, and follow the directions. If you already have a network in place, and choose to upgrade to the Z100G, you should have the basic configuration completed in a matter of minutes. An initial install could take just a bit longer.

Once the initial configuration is complete, you are prompted to initiate your subscription to the free services. This involves filling out a form and waiting for an e-mail to validate the subscription. The process can take 24 to 48 hours. Once the services, such as the gateway antivirus are enabled, you can configure them.

After the core functionality of the appliance is in place, users can customize the configuration and employ the advanced features. Some of these features are a bit more challenging to set up, but the 300-page manual provides clear explanations in most cases.

The manual covers topics such as customization of the firewall, SmartDefense software, and the antivirus gateway. It also includes information on configuring a VPN and clientless remote access. There's much more detailed information than most novice users need, but for those capable of understanding the finer point of manual custom configurations, the information is readily available.

I've only been testing this security appliance for a short time, but so far I'm impressed. I ran into a few problems configuring this software on one of my remote laptops, but I believe the problem was linked to the version of Internet Explorer I was using, or to some custom IE settings. When I attempted a remote connection using IE's default settings, the process went smoothly. 

A novice user who reads to getting-started guide and who uses the wizards should be able to set up a small, secure network without trouble. I've got some concerns about a novice user's ability to configure custom settings and advanced features. When you add in the fact that the product is new, and that the quality of technical support is unknown, I am a little reluctant to get overly enthusiastic just yet.

On the other hand, for most small advisory firms and home offices, the primary concerns are security and ease of use; additional features are an added bonus. This being the case, I give more weight to the setup and use of core security features than that of additional features although ideally, all should function effortlessly.

Based upon what I've seen so far, the ZoneAlarm Z100G offers protection superior to that of consumer routers commonly used in home offices and small advisory firms, but it does not cost a lot more. For a home office, or a business with up to five concurrent Internet connections, the ZoneAlarm Z100G is an attractive security appliance.

Get practice-building tips and information from our team of experts delivered to your e-mailbox every Thursday. Sign up for our free Practice Builder e-newsletter.

©2017 Morningstar Advisor. All right reserved.