Utilize SMB security tools to work from home safely
With the global pandemic forcing enterprise workers home, SMB security tools can provide necessary protection for newly built home offices in order to keep business moving.
With the onset of the COVID-19 crisis, the home office instantly became the office for many enterprise workers. Unfortunately, the security features of many home offices lag behind those of most branch office locations.
For current -- and, possibly, future needs -- companies might want to consider or provide SMB-class technology for important home office functions.
These five SMB-class vendors all offer products that can be used to build a more secure home office environment. We have focused on five essential components:
- Wireless LAN (WLAN) access points (APs), serving as the hub of the home office.
- Integrated or stand-alone security gateways, with, at minimum, basic firewall protection, as well as WLAN APs and additional capabilities, like VPN tunneling, content filtering, and antivirus/antimalware and antiphishing protection.
- Gigabit Ethernet (GbE) switches, for those situations where additional wired connectivity is necessary.
- Cloud-based management to enable remote oversight and maintenance.
- There are, of course, many other operational issues that must be considered for home office workers -- among them, data loss protection and privacy. It's imperative that employees keep company data secure; it's also crucial for employers to respect the employee's privacy, particularly as companies take over the direct management of home office devices.
Cisco's Meraki division provides the line of technology most relevant to SMB users.
Meraki has always been SMB-focused, but a relatively new initiative, Meraki Go, focuses on small environments that lack on-site technical expertise, making it particularly well suited for home office use.
The Meraki Go indoor Wi-Fi AP, a Wi-Fi 5 device priced at $125, is its core component. Security is addressed through a stateful firewall, managed via the GX20 gateway, priced at $123. Users can upgrade to Cisco Umbrella, which adds content filtering, as well as antimalware and antiphishing support.
An eight-port Power over Ethernet (PoE) gigabit switch, priced at $250, is available for users who need additional wired capacity. Meraki Go also offers 24-port and 48-port devices.
All of Meraki's devices can be managed by the cloud but only through smartphone apps and not browsers.
Since its founding in 1986, D-Link has developed a strong consumer brand, becoming a household name with a prominent spot in the SMB market. D-Link's Nuclias Cloud provides management for APs and switches.
D-Link's offering is built around two Wi-Fi 5 Aps: DBA-1210P and DBA-2802P. The former is rated at 1.3 Gbps; the latter is rated at 2.66 Gbps. They are priced at approximately $200 and $400, respectively, for a one-year license.
D-Link offers a broad range of cloud-managed GbE switches in its DBS-2000 family. There are 10-port, 28-port and 52-port models. The 28-port switch is the only one of these options that does not include PoE support.
D-Link offers security through three models of its VPN Router series: DSR-150, DSR-250 and DSR-500. These devices -- all of which require a subscription after a three-month trial -- provide VPN tunneling and firewall services, with all supporting dynamic content filtering. The low-end DSR-150 device costs about $125 and provides eight Fast Ethernet ports on the LAN side, a single Fast Ethernet port and up to 35 VPN tunnels. At the high end, the DSR-500, which goes for about $275, provides eight GbE LAN ports and one GbE WAN port and increases the maximum VPN tunnels to an ample 75.
Even though these products are grouped with the company's Nuclias-managed APs, cloud management capabilities are not extended to this line.
Linksys, which Belkin acquired in 2013, provides networking systems for both home and small businesses. While Linksys was acquired by Belkin, it continues to keep its brands and models separate.
The basic Linksys AP is the LAPAC1200 model, a cloud-managed device that retails for $149.99. Five other APs are also available, each with different capabilities and throughput ratings. In addition, Linksys offers a Wi-Fi mesh system, Velop, for those who require greater coverage than they would obtain from a single AP. Velop is priced at $150 but is not cloud-managed.
Linksys offers a LAN switch portfolio number of about 17 different models. These are all GbE switches -- managed and unmanaged -- with or without PoE. These include five-port, eight-port, 16-port and 24-port versions, plus uplinks in certain models. Unfortunately, it does not appear that any of these switches are yet covered by Linksys Cloud Manager.
Security is handled through the LRT224 dual WAN business gigabit VPN router, which is offered either as a two-port or one-port model. Both sell for less than $200. The devices, which aren't cloud-managed, serve as VPN tunnel terminations and include integrated port filtering firewalls.
Netgear has a variety of SMB-focused networking equipment.
The basic Netgear SMB AP, WAC505, is priced at $89.99. Like other vendors, Netgear offers other AP models, with performance increasing as prices increase. Netgear's cloud management, dubbed Insight, oversees the Aps, as well as Netgear's Wi-Fi mesh offering.
Netgear has made great strides when it comes to SMB, cloud-managed switching. In fact, it has two classes of cloud-managed switches: one focused on lower-end, low-port count users and the other focused on higher-port count SMBs. The lower-end switches are relevant to this comparison and consist of six different models. Each model features eight user ports. Some models offer PoE, and some even offer ports that can handle small form-factor pluggable uplinks. Netgear Insight manages all of these.
Netgear's BR500 VPN router, which is also cloud-managed, features a full set of firewall functions, including stateful packet inspection, port and service blocking, and denial-of-service (DoS) protection.
Traditional VPNs are historically difficult to configure. For use between devices, Netgear has developed its Instant VPN to provide easy-to-use VPN functionality. The Netgear Instant VPN feature requires a subscription plan, which is priced at $25 per year or $100 for a five-year license.
Founded in 1996, China-based TP-Link offers a range of networking products.
TP-Link Omada, the vendor's centralized, cloud-managed offering, is license-free with no subscription charge and supports a number of its APs through a separate appliance, OC200, priced at $80. The basic TP-Link cloud-managed AP is EAP225 AC1350, which is ceiling-mounted and supports MU-MIMO (multiuser multiple input, multiple output). Its cost is under $60.
TP-Link has a portfolio of about 50 different models of SMB-class switches. These switches are either five-port, eight-port, 16-port, 24-port or 48-port. The models vary with respect to management capabilities, uplinks and PoE support. Unfortunately, Omada does not manage any of these switches.
Security functions -- among them, stateful firewall and DoS protection -- is provided through a VPN router, TL-R600VPN. It's equipped with five GbE ports, one for WAN and four for LAN. The device does not support cloud management.