Hi,
For a small SME that has a couple of folks working on premises and few more remotely, what’s the best setup to secure the traffic/data?
Both on site and remote users access a file server that is on premises as well as some files in G Drive. E-mail is all provided by G Suite.
I know that I need to activate Suricata, but does it make sense to activate ClamAV?
Any suggestions/guidance?
Super thank you!
Hi,
[…] what’s the best setup to secure the traffic/data?
There is no generic one. The answer to this question depends on a myriad of requirements, circumstances, and limitations. Please be more specific, otherwise we cannot help you.
I know that I need to activate Suricata, but does it make sense to activate ClamAV?
You do not need to enable Suricata. It might be a good idea to do so, but your mileage might vary (especially if your IDS rule selection is poor).
“Activate ClamAV” is way too generic as well. Are you referring to its usage as a local file scanner on the IPFire machine or as the Squid proxy add-on? (Either way, it does not make sense to me, as local AV scanners are neither necessary nor helpful on a firewall, and since the overwhelming amount of web traffic is encrypted using TLS/HTTPS, an AV scanner will not be able to analyse it.)
Sorry for the harsh response, but I am kind of fed up with too generic security questions asked without sufficient information. Unfortunately, yours is one of them.
Thanks, and best regards,
Peter Müller
Why keep it as a proxy add-on on IPFire?
No harshness received.
More info:
SME is currently serviced by a Telco that provides NO SUPPORT and is continuous trying to up sell them all kinds of “cybersecurity” solutions.
I’m trying to convince them to install a separate hardware and use good open source software instead.
Iow, the SME wants a “cybersecurity” solution. Either I give them something or the Telco will rip them off.
It is your typical environment where employees BYOD and connect to the Telco router (at office premises) and do the usual (send e-mail, edit DOC files, etc.) on their notebooks/phones.
Given the COVID-19 many employees are working from home and continue to share files among themselves via e-mail and now want to access the local file server on company’s premises.
So in general what can I do with IPFire to give them an additional practical and sense of security?
Naturally a Firewall to protect the file server and the computers on the company’s local LAN makes sense. I also think that an IDS (Suricata w/ ET Open ruleset?) can give them extra reassurance.
Just trying to gather info/best practices.
I don’t know to what extent IPFire can protect what remote workers are doing (maybe Kaspersky Endpoint Security Cloud?) but I may be able to move their files from their Synology Diskstation to IPFire.
Then maybe it would make sense to have a regular ClamAV checking of the files??
Any help is appreciated. Like I said, don’t wanted them ripped off with some off the shelf unsupported hyped solution from the Telco.
Thanks!
Hello
A Perimeter Solution is not a magic solution that solves all problems, it helps, but it is not a panacea.
It is true that since all my Clients have installed IPFire, they have not had any security problems but that does not mean that they will not have it in the future (fingers crossed).
With these solutions, the aim is to “reduce the attack surface” to minimize security problems as much as possible.
Having a Perimeter Solution (either IPFire or another solution) does not imply resting on your laurels and doing nothing else. It is best, as far as possible, to involve Users in security by giving them knowledge about it.
If you use Microsoft, apart from IPFire, it would be advisable to install an Antivirus on each computer that analyzes the traffic / encrypted content that IPFire does not analyze and part of all this, instruct Users in good practices (do not open dubious emails, do not execute suspicious files, beware of phishing in mail, etc …).
There is a small manual of good security practices on the IPFire Wiki:
https://wiki.ipfire.org/optimization/start/security_hardening
This is my opinion, I hope it helps you.
Regards.