May 13, 2015 at 17:20Choosing a corporate Internet gateway
The corporate Internet gateway is the head of the IT infrastructure, but in case of any problems, it instantly turns into another part of the body ... for the company.
The choice of an Internet gateway depends on many circumstances: the allocated budget, qualifications and addictions to the hardware and software solutions of the administrator responsible for the network, network size, the need for certificates, etc. Probably, this article is not for gurus who knew Tao, who, with the help of improvised tools like the third hemp, tambourine, and some mother, can effortlessly provide uninterrupted Internet access and traffic control for hundreds of cars. We will talk about things more standard and down to earth: how to choose a corporate Internet gateway and what should be in it?
First of all, it is worth deciding whether to choose a hardware solution or a software one. Most hardware solutions are pre-configured and operate on a “set and forget” basis. In a limited budget and with insufficient qualifications, it is better (away from sin) to use a hardware solution.
With this approach, you have to sacrifice customization of settings and the number of network monitoring and control capabilities with this approach. Software solutions usually require constant monitoring of the network, analysis of statistics, setting filtering parameters, choosing an operating mode, adding users, changing security policies, - in general, the rational use of the available functionality. Therefore, if you need to sharpen a product for yourself “from and to” and have a complete set of tools for managing the network, you need an appropriate software solution and your own corporate server.
The Internet gateway organizes the smooth operation of all employees of the company on the Internet, therefore the proxy server on which it is based should have sufficient functionality, a user-friendly interface and the ability to flexibly configure the network and access rights: VIP-users should have full access to the network, and ordinary chop off VKontakte and your favorite forums. It is also important to easily control the speed of users, set priorities for various types of traffic (for example, increase the priority of IP-telephony to ensure high-quality communication and lower it for archives). Do not forget about VPN and NAT support. The ability to remotely administer is extremely useful so that the lion's share of network problems can be solved without leaving your home.
The built-in proxy server helps to control and save Internet traffic: it allows you to analyze user requests, download sites and their elements and act in strict accordance with established rules. Typically, the following traffic filtering functions are required from an Internet gateway:
Often used are proxy cascading systems, the ability to redirect traffic of different users to different upstream proxies, and with different methods and types of authorization.
Separately, it is worth mentioning the statistics, which for the Internet gateway is not a “third type of lie”, but an important source of information about user behavior. Thanks to statistics, you can find out at any time which of the users is clogging the Internet channel, on which resources the employees are hanging, and when it is time to block sites and cut the traffic limit.
In addition, the Internet gateway protects the corporate network from external influences. Especially reliable protection is important when, for one reason or another, not only users are sitting under Windows, but also the server itself (we will not put up a holivar on the topic of why under Windows, but practice shows that this happens quite often). In this case, an antivirus and firewall are necessary as air. You also need a phishing protection module and, most importantly, the direct hands of the person who sets up all this splendor.
A separate topic is the availability of security certificates, which, firstly, guarantee certain security (for whom they won’t be issued), and secondly, if the FSTEC certificate is available, the Internet gateway will not arouse suspicion during the “beloved” bureaucratic checks organization.
Each time when placing a new server or service, the system administrator has a problem: how to "fit" a new constantly running service or server into an already established network.
How to fine-tune NAT and other network services for its correct operation, whether this server will be in AD, whether other network services can be hosted on it, or the server should be dedicated. It does not depend on the implementation method - it is a matter of network planning.
The main problems when using software gateways are as follows. First of all, this is a situation familiar to many: the old admin quit, and the new genius knocked down correctly working settings in the process of work and has no idea why nothing works, and what to do now. A difficult case - the last admin correctly configured everything through a flop, and the admin - a Windows fan - climbed to deal with the sad consequences for himself and the company. Often beginners encounter incorrect filter settings because of a reluctance to read the manual and understand what is written there. Or the user just installed the program and has no idea what to do with it.
In general, an Internet gateway is a tool that needs to be selected depending on the tasks to be solved, tastes and competence responsible for the safe and uninterrupted operation of the system administrator's network. The main thing is that the network works like a clock and performs the most important function assigned to it to ensure the organization’s communication with the outside world.
Thank you for your attention and look forward to your comments.
Previous Posts:
The choice of an Internet gateway depends on many circumstances: the allocated budget, qualifications and addictions to the hardware and software solutions of the administrator responsible for the network, network size, the need for certificates, etc. Probably, this article is not for gurus who knew Tao, who, with the help of improvised tools like the third hemp, tambourine, and some mother, can effortlessly provide uninterrupted Internet access and traffic control for hundreds of cars. We will talk about things more standard and down to earth: how to choose a corporate Internet gateway and what should be in it?
Hardware or software solution?
First of all, it is worth deciding whether to choose a hardware solution or a software one. Most hardware solutions are pre-configured and operate on a “set and forget” basis. In a limited budget and with insufficient qualifications, it is better (away from sin) to use a hardware solution.
With this approach, you have to sacrifice customization of settings and the number of network monitoring and control capabilities with this approach. Software solutions usually require constant monitoring of the network, analysis of statistics, setting filtering parameters, choosing an operating mode, adding users, changing security policies, - in general, the rational use of the available functionality. Therefore, if you need to sharpen a product for yourself “from and to” and have a complete set of tools for managing the network, you need an appropriate software solution and your own corporate server.
Necessary functionality of the corporate Internet gateway
The Internet gateway organizes the smooth operation of all employees of the company on the Internet, therefore the proxy server on which it is based should have sufficient functionality, a user-friendly interface and the ability to flexibly configure the network and access rights: VIP-users should have full access to the network, and ordinary chop off VKontakte and your favorite forums. It is also important to easily control the speed of users, set priorities for various types of traffic (for example, increase the priority of IP-telephony to ensure high-quality communication and lower it for archives). Do not forget about VPN and NAT support. The ability to remotely administer is extremely useful so that the lion's share of network problems can be solved without leaving your home.
The built-in proxy server helps to control and save Internet traffic: it allows you to analyze user requests, download sites and their elements and act in strict accordance with established rules. Typically, the following traffic filtering functions are required from an Internet gateway:
- the presence of content filtering,
- HTTPS filtering option,
- filter assignment according to time,
- to specific user groups
- Presence of ready-made templates for rules.
Often used are proxy cascading systems, the ability to redirect traffic of different users to different upstream proxies, and with different methods and types of authorization.
Separately, it is worth mentioning the statistics, which for the Internet gateway is not a “third type of lie”, but an important source of information about user behavior. Thanks to statistics, you can find out at any time which of the users is clogging the Internet channel, on which resources the employees are hanging, and when it is time to block sites and cut the traffic limit.
In addition, the Internet gateway protects the corporate network from external influences. Especially reliable protection is important when, for one reason or another, not only users are sitting under Windows, but also the server itself (we will not put up a holivar on the topic of why under Windows, but practice shows that this happens quite often). In this case, an antivirus and firewall are necessary as air. You also need a phishing protection module and, most importantly, the direct hands of the person who sets up all this splendor.
A separate topic is the availability of security certificates, which, firstly, guarantee certain security (for whom they won’t be issued), and secondly, if the FSTEC certificate is available, the Internet gateway will not arouse suspicion during the “beloved” bureaucratic checks organization.
The main problems of system administrators with an Internet gateway
Each time when placing a new server or service, the system administrator has a problem: how to "fit" a new constantly running service or server into an already established network.
How to fine-tune NAT and other network services for its correct operation, whether this server will be in AD, whether other network services can be hosted on it, or the server should be dedicated. It does not depend on the implementation method - it is a matter of network planning.
The main problems when using software gateways are as follows. First of all, this is a situation familiar to many: the old admin quit, and the new genius knocked down correctly working settings in the process of work and has no idea why nothing works, and what to do now. A difficult case - the last admin correctly configured everything through a flop, and the admin - a Windows fan - climbed to deal with the sad consequences for himself and the company. Often beginners encounter incorrect filter settings because of a reluctance to read the manual and understand what is written there. Or the user just installed the program and has no idea what to do with it.
In general, an Internet gateway is a tool that needs to be selected depending on the tasks to be solved, tastes and competence responsible for the safe and uninterrupted operation of the system administrator's network. The main thing is that the network works like a clock and performs the most important function assigned to it to ensure the organization’s communication with the outside world.
Thank you for your attention and look forward to your comments.
Previous Posts: