May 23 2007

The Inconvenient Truth: Security Requires Compromise


Photo: Orlando Copeland

Are the best things in life really free? Moonbeams and snowflakes on one’s eyelashes don’t require an annual contract. Yet what about adding that extra layer of protection to your network? How about installing firewalls on notebooks or subscribing to the often pricey auto-updates for your spam filter? These security blankets fall into the “definitely not free” category.


While products abound, the inconvenient information technology truth, which technology professionals know all too well, is that security is a process, not a product. In addition to paying the manufacturer’s suggested retail price (you’ll never pay that at CDW), IT administrators inherit the additional bonus of the maintenance overhead and potential backlash from end users who don’t want any part of IT’s latest initiative to keep them from their screensavers of choice.

But when it comes to protecting your company’s network, do you really have a choice? This issue and the BizTech Web site are packed with tips and best practices from IT professionals focused on keeping your network and data safe. Though the options, in terms of tools and ideas, are endless, so are the opportunities for thwarting the best-laid security plans.

In the online piece, “How To: Slowing Your PC to a Crawl,” BizTech’s crack team of IT professionals offer a tongue-in-cheek look at network security, which we hope will illustrate a point about the tech compromise and how to split the difference. For instance, contributing editor Jason Holbert says he’s always skeptical of phrases such as “36 easy payments” and “your call is very important to us,” but we guarantee that these proven techniques will cause your systems to move as if they were powered with Flintstone-era technology instead of dual-core processors.

Holbert offered a popular suggestion: Load up the system tray like it’s 1999, then visit vice sites to acquire processor-clogging spyware. Yet on the other end of the spectrum, Ryan Suydam says you can achieve the same painfully slow results from downloading too many “anti” tools. “One person I’ve supported had no less than three antivirus engines, five anti-spyware tools, two pop-up blockers, a real-time registry cleaner, firewalls and a handful of other fix-it applications installed and running,” he says. “Luckily, this end user didn’t have any spyware or viruses, but his computer crawled as slowly as if he did. This is one case of the cure being worse than the cold.”

These examples represent two ends of the security spectrum. In a perfect world, your users wouldn’t have to abide by any IT-imposed restrictions, ensuring that your help desk stays busy. In contrast, too much restriction might not produce the desired results either. Too little protection leaves the data at risk; too much protection isn’t cost-effective and may negatively affect data and system availability, leaving administrators to deal with end-user complaints. The key lies in determining the level of risk that your systems face, so that your IT team may put in place a preventive mix that is balanced while effectively meeting your organization’s needs and financial limitations. How do you know you’ve struck a good compromise? When no one is really happy, and your networked applications, desktops and servers actually work when tasked.

In terms of building your security arsenal, be sure to check out the following articles in this edition of BizTech: Jeremy Dotson discusses the Barracuda Spam Firewall 300, which devours spam as soon as it enters your system but leaves legitimate e-mail intact. Douglas Schweitzer dives deep into the murky topic of firewall logs. More than just an old tale from the sea, Schweitzer recommends that end users supersize their firewall logs to catch questionable activities. Holbert reels in desktop firewall options, and Daniel P. Dern offers market-fresh tips on locking down USB ports.

Lee Copeland
Editor in Chief