Craig Hinton

Managing a network has never been easy, whether it comprises 100 or 100,000 machines. Even with a dedicated network administrator, the overheads are horrendous. Rolling out new applications, checking for non-licensed software, looking at network traffic... full-time tasks that often have no one with a full-time job to attend to them. This becomes even more worrying when you consider the security implications.

In today's world of CD-ROMs and high-capacity DVDs, it is easy to forget that there are other storage media which still have considerable popularity. One frequently overlooked example of this is the humble tape, which is still vital for many businesses. 
Modern tapes have extremely high capacities, and developments in fiber channel mean that recording speeds are incredibly fast. However, there is an inherent security risk – after the tape has been recorded, when the data becomes portable, and therefore at risk. This is increased if you send the tapes off site to a firestore. How can you be certain that the courier isn't simply going to vanish with your confidential client records?

When considering security in any area, be it IT, ATMs or even opening your own front door, there is always one weak spot: it has to involve people. Despite all the research, we are years away from being able to recognize a person's identity with 100 per cent certainty (even if using finger-printing, retinal scanning or DNA testing) in real time.
Unfortunately, the drive to encourage remote working means that more and more people need access to the corporate network, with all of the security risks that that entails: how can you be sure who the person is on the other end? One solution - or rather, preventative measure - is to simply publish only necessary information on an extranet, but even then, this can still be confidential data and a risky business.

The EdgeForce firewall with Performance Module 1 enabled incorporates a flexible demilitarised zone (DMZ) via a third port. This gives the ability to host public servers (email, FTP and web) from behind the firewall, and with this feature, non-authenticated access to servers behind the firewall can be granted, yet the private network itself is still completely shielded from the internet.

Stonesoft produced its own firewall a few years ago and has shown that it really understands the high end of the market.

SonicWALL is another well-known name in the firewall arena, offering a range of products suitable for anything from the home user to the high-end of the market.

Old hand BorderWare has decided to focus on one particular area of network security - email. Whereas most companies are happy enough to bundle email in with the rest of its internet traffic and allow the firewall to handle all of it, BorderWare's MXtreme MX-200 appliance specifically focuses on the problems of email traffic.

Back in the world of software, we have Microsoft's entry in the firewall market. Microsoft Internet Security and Acceleration Server (ISA Server) is a fully-featured firewall with a number of bells and whistles that add considerable functionality and security.

Swedish company Ingate may be a relatively new name in the firewall market, but its products have been getting an extremely positive reaction. The Ingate 1400 appliance is its solution for the medium-sized business; it is a black, 1U rack-mounted appliance, with four Ethernet ports, a COM port and a simple LED display.

CyberGuard has a long and impressive track record in the firewall market, providing solutions from the desktop to those suitable for the high end, such as data centers. The SL2000 is positioned at the high end and, while certainly not the cheapest firewall in this Group Test, is worth every penny.

Clavister is a fairly new name in the security market, but its high-end firewall appliances are impressive enough to ensure that will not be the case for long.

Blade has made quite a name for itself over the last year or so with the development of its Blade IDS Informer application, which monitors the performance of your intrusion detection system and ensures that it is running to the best of its abilities. The company has now extended this with the release of Firewall Informer, which performs a similar function for your corporate firewall.

Remember the halcyon days of the dot-com boom, when analysts were insisting that no company worth its salt could continue in business unless they had a web presence? Their weighted words were sufficiently terrifying to ensure that businesses rushed to add that all-important 'e' to their trading, resulting in countless new web sites appearing.

While not strictly an appliance, this version of Websense is tightly integrated with all of SonicWALL's range of extremely popular firewall appliances.

Symantec Web Security is a product specifically designed to monitor the content of HTTP, HTTPS and FTP traffic. It takes the form of a proxy server that sits behind your firewall; with most firewalls it will operate transparently, but you have the bonus of integration with Check Point's FireWall-1.

SmoothWall Corporate Server is an extremely effective way of turning a PC into a dedicated hardware firewall sitting on its own hardened operating system. The company has now released a bolt-on to the Corporate Server to provide even more protection - Smooth Guardian, a multi-layered content filtering package.

SurfControl has long been a name in internet security, with its CyberPatrol product one of the best known applications for home use, and its Web Filter application is an excellent business tool for micro-managing users' access to the internet.

Unique in this test, the iPrism is actually an appliance. Although these tend to be more expensive than software-only products, they usually have the advantage of a fairly solid configuration since they are factory-build.

NetIQ MailMarshal was the sleeper hit of the recent email security Group Test. Can this New Zealand-based software development center make it two in a row with its WebMarshal browser control? The answer is a resounding yes.

N2H2 is generally considered to be one of the best content/URL filtering products on the market, and looking at in this group test, it is easy to see why.