Craig Hinton

Managing a network has never been easy, whether it comprises 100 or 100,000 machines. Even with a dedicated network administrator, the overheads are horrendous. Rolling out new applications, checking for non-licensed software, looking at network traffic... full-time tasks that often have no one with a full-time job to attend to them. This becomes even more worrying when you consider the security implications.

In today's world of CD-ROMs and high-capacity DVDs, it is easy to forget that there are other storage media which still have considerable popularity. One frequently overlooked example of this is the humble tape, which is still vital for many businesses. 
Modern tapes have extremely high capacities, and developments in fiber channel mean that recording speeds are incredibly fast. However, there is an inherent security risk – after the tape has been recorded, when the data becomes portable, and therefore at risk. This is increased if you send the tapes off site to a firestore. How can you be certain that the courier isn't simply going to vanish with your confidential client records?

When considering security in any area, be it IT, ATMs or even opening your own front door, there is always one weak spot: it has to involve people. Despite all the research, we are years away from being able to recognize a person's identity with 100 per cent certainty (even if using finger-printing, retinal scanning or DNA testing) in real time.
Unfortunately, the drive to encourage remote working means that more and more people need access to the corporate network, with all of the security risks that that entails: how can you be sure who the person is on the other end? One solution - or rather, preventative measure - is to simply publish only necessary information on an extranet, but even then, this can still be confidential data and a risky business.

Blade has made quite a name for itself over the last year or so with the development of its Blade IDS Informer application, which monitors the performance of your intrusion detection system and ensures that it is running to the best of its abilities. The company has now extended this with the release of Firewall Informer, which performs a similar function for your corporate firewall.

Clavister is a fairly new name in the security market, but its high-end firewall appliances are impressive enough to ensure that will not be the case for long.

CyberGuard has a long and impressive track record in the firewall market, providing solutions from the desktop to those suitable for the high end, such as data centers. The SL2000 is positioned at the high end and, while certainly not the cheapest firewall in this Group Test, is worth every penny.

Swedish company Ingate may be a relatively new name in the firewall market, but its products have been getting an extremely positive reaction. The Ingate 1400 appliance is its solution for the medium-sized business; it is a black, 1U rack-mounted appliance, with four Ethernet ports, a COM port and a simple LED display.

Back in the world of software, we have Microsoft's entry in the firewall market. Microsoft Internet Security and Acceleration Server (ISA Server) is a fully-featured firewall with a number of bells and whistles that add considerable functionality and security.

Old hand BorderWare has decided to focus on one particular area of network security - email. Whereas most companies are happy enough to bundle email in with the rest of its internet traffic and allow the firewall to handle all of it, BorderWare's MXtreme MX-200 appliance specifically focuses on the problems of email traffic.

SonicWALL is another well-known name in the firewall arena, offering a range of products suitable for anything from the home user to the high-end of the market.

Stonesoft produced its own firewall a few years ago and has shown that it really understands the high end of the market.

The EdgeForce firewall with Performance Module 1 enabled incorporates a flexible demilitarised zone (DMZ) via a third port. This gives the ability to host public servers (email, FTP and web) from behind the firewall, and with this feature, non-authenticated access to servers behind the firewall can be granted, yet the private network itself is still completely shielded from the internet.

If you are looking for a little more than simple content filtering, it is worth taking a look at WebWasher. Aimed at the medium to large business, it provides extensive content filtering and a number of other valuable features.

One of the biggest problems with internet security is that you can end up blocking sites which employees may have a perfectly valid reason for visiting - 'breast' blocking cancer sites, for example.

Possibly one of the most addictive aspects of the internet is instant messaging. Even if you prevent your employees from installing MSN Messenger, AIM or Yahoo, there are countless web sites that offer proprietary messaging systems that can be overlooked by some security applications.

Cobion's OrangeBox Web is a very similar product to DynaComm i:filter. Designed to integrate with a proxy server (for example, Microsoft ISA on Windows 2000/XP), it is also happy to sit on a number of popular Linux and Unix platforms. It can also be used as a proxy server in its own right if you have a small or medium-sized intranet network.

DynaComm's i:series offers a range of security solutions: DynaComm i:filter is designed to monitor and protect you from internet traffic. Covering HTTP, HTTPS, FTP and NNTP traffic, it uses a database of URLs and a rules-based strategy to enforce your internet policy.

Another policy enforcement product, but with some added features that really give it some teeth, is iomart's NetIntelligence. As well as monitoring URL requests, it also looks at the network as a whole (hardware, software and all files) and can instantly detect whether any unauthorized changes have been made, or whether any prohibited content is suddenly present.

N2H2 is generally considered to be one of the best content/URL filtering products on the market, and looking at in this group test, it is easy to see why.

NetIQ MailMarshal was the sleeper hit of the recent email security Group Test. Can this New Zealand-based software development center make it two in a row with its WebMarshal browser control? The answer is a resounding yes.