Is Smoothwall Express secure enough?
November 16, 2005 3:38 AM   Subscribe

How secure is Smoothwall Express? Could it be trusted to protect the home network of two psychologists and their work?

I have a couple of friends who are also psychologists (and married). They use an iMac for work purposes, and keep most of their client data on the hard drive.

Currently, they have no internet connection, mainly because of the (entirely justified) idea that connecting a PC with highly sensitive information to a public network like the internet would be a Really Bad Idea.

I use Smoothwall Express for my own home network (which has very little sensitive data on it), and I feel about as protected as I could wish. I'd like to set up an old PC for my friends running the same system, so they can access the net without worrying about their data, but am reluctant to do so if Smoothwall is not as effective as it seems.

So my question: Is Smoothwall good enough to protect a psychologist's client data? Is there a better solution? Would I be better advised to simply drop the whole idea and have them do without the internet (unless they get a second Mac)?
posted by Ritchie to Computers & Internet (7 answers total)
If they are that worried, I would suggest they purchase an internet-only computer, and not link the two with any kind of home network. Short answer, but it seems like the best and safest solution to me.
posted by efalk at 4:09 AM on November 16, 2005

I agree with that assessment. No security is perfect. An air gap is the best possible solution.
posted by Malor at 5:24 AM on November 16, 2005

Security, btw, is a process, not a thing you can buy. A firewall is just one component in a long list of things you have to do to use the net safely.

All a firewall does is help protect against Microsoft's coding errors and your own configuration mistakes. It will do absolutely nothing to protect you from your own stupidity in, say, clicking on an email attachment.
posted by Malor at 5:26 AM on November 16, 2005

Considering the risk, I'd agree with the previous posters. Keeping the patients data offline, buying a new computer for internet activity and never networking the two is the safest option. That said, the iMac can be put on the internet with minimal risk if done by somebody that knows what they are doing (I mean a professional networking person, not a Geek Squad guy, unless they are also Cisco certified).

As a Linux based firewall Smoothwall looks like it would do the trick, but a simple configuration error could be a disaster. As you probably already know, as soon as you connect your machine to the internet zombie machines start trying to exploit every imaginable security hole. To achieve real security somebody has analyze the logs with some regularity, run updates, and make sure everything is still working properly.
posted by McGuillicuddy at 6:10 AM on November 16, 2005

I use smoothwall corporate 3.0 in my fraternity house (I'm the IT chair) to run a network with 15+ computers on it, and it has been nothing but fantastic. As I look, its current uptime is 6 months, 18 days. You can trust it, and it'll scale to work with all those computers. Smoothwall is just a custom linux build, with an iptables firewall, and a pretty web frontend. It will stop all bad data you don't explicitly let in, and will prevent, say, a trojan server from being accessed from the internet. But, like Malor said, it's more then that. Make sure Windows Antispyware (is it Defender now?) and some sort of virus scanner is on the computer, mabye even another firewall (Tiny Firewall works well and prevents anything you dont trust from running). And yeah, get a new computer just for the internet.
posted by Mach5 at 6:45 AM on November 16, 2005

Currently, they have no internet connection, mainly because of the (entirely justified) idea that connecting a PC with highly sensitive information to a public network like the internet would be a Really Bad Idea.

This is the completely reasonable and justified approach to protecting sensitive data, and I really appreciate that they recognize this. Keep the data off any network-connected computers.
posted by odinsdream at 8:13 AM on November 16, 2005

I switched from Smoothwall to IPCop because it appeared that smoothwall inc. was intentionally crippling the free version of their software. IPCop was based on the last gpl'd version of smoothwall, and has proven (to me) to be just as reliable as smoothwall. But it's no air gap! (Last I checked, my uptime was 400+ days, and before that it took a motherboard fire to take the machine down!)
posted by wzcx at 12:50 PM on November 16, 2005

« Older Which Randy Newman song goes: "Where you going...   |   Budget accomodation in Brighton Newer »
This thread is closed to new comments.