If your small office is like most, you're probably connected to the Internet using a Linksys, or some other brand of consumer router that cost about $100.00.

Ah, the folly of men. Women too, since the vast majority of office managers are female.

Our clients are throwing their little blue Linksys boxes out the window, and replacing them with industrial strength routers.

Read the letter below to a client who is considering the upgrade. The consultation was precipitated by the ominous notice recently sent out by Microsoft to all Microsoft registered users about the Slammer worm. "The vulnerability exploited by the worm was known..." Now they tell us.

Dear Dr. N,

More about security in general, and the features of the Rapier switches.

"Firewall" is a general term for a host of networking protocols that provide network security. It refers to a layer that all data must pass through when communication occurs between computers on your LAN and the Internet.

"NAT" means Network Address Translation. This is the most basic level of security. It allows computers on the LAN to communicate with computers on the Internet, but the transfer of data is controlled by the LAN computer. Therefore, a computer on the Internet cannot get to a computer on the LAN unless their are specific ports open and pointing to a computer on the LAN and that computer is listening for data on that port. The weakness here is that a hacker can exploit an open port if that port service is vulnerable to attack. NAT is suitable for stopping driveway hackers, but not a criminal bent on breaking in. Your consumer routers use NAT.

"Gateway Proxy" is the oldest and most common form of security. The proxy server (either a computer or a CPU in a router) acts as a communication buffer between the LAN and the Internet. Any exchange of data occurs within the buffer before data comes in or goes out of your network. If the exchange is irregular, the proxy is closed and the data doesn't go through. Basically, proxy security duplicates all of your network traffic, so the process is relatively slow. Your consumer routers don't use proxy.

"Stateful Packet Inspection" is the latest industry standard of security, and it can refer to a broad range of security services. The gist is that the hardware chipset looks at each packet of information, studies it, and decides if the data in the packet matches what the programs on both sides of the connection are intended to be doing. So if a packet of info has worm code, and the data is supposed to be e-mail, it will drop the packet.

The Rapier switches can tell us if this happens. Stateful inspection is very CPU intensive, that's why the consumer level of routers slow your network down if they have Stateful Inspection. The Rapiers have powerful RISC CPUs, so process packets very quickly - on every port. Stateful Inspection only works on TCP/IP packets, which is why it's an Internet only form of security. Your consumer routers DON'T use Stateful Inspection.

(A note about software security like BLACK ICE. Black Ice introduces Stateful inspection and proxy security at the workstation level via software. Black Ice uses CPU cycles to run the Stateful inspection and proxy routines. Naturally, this slows down your computer. It works okay, but the notion of a computer doing it's own security work troubles me because it introduces complexity to the OS that simply isn't necessary. It's made necessary, of course, by cost. For the home user, a $50.00 software solution is better than a $2,000.00 solution, or no solution at all. The other thing that bothers me about desktop software security is that it is, to use an analogy, like defending the fort after the invaders have already breached the moat.

I've done price comparisons between Allied Telesyn and Cisco. Allied's product consistently have more features at a substantially lower price. Cisco is simply over priced, and overly complex. The Allied Rapier's have a web interface. So you can, from your computer's browser, look at what's happening on your network, and receive e-mail if there is a breach.

Well, that's enough on the issue for now. Just trying to bring you up to speed for our upcoming conversations.