Geoff Marshall

The LogiSense EngageIP Traffic Manager appliance combines the security benefits of firewall and web content filtering with other features that include web caching, routing and bandwidth management, with real-time bandwidth consumption reporting and quality-of- service (QoS) shaping.

The Aladdin eSafe Appliance is a hardened, Linux-based device, which can be configured as an email inspection tool (SMTP relay) and, additionally, as a full content-filtering gateway for HTTP/FTP. To obtain the full content-filtering gateway functionality you need to use Check Point Firewall-1 configured with a HTTP/FTP security server as a content vectoring protocol (CVP) client.

Fortinet offers a range of what it calls 'anti-virus firewalls' for all markets, from the home user to the large enterprise and carrier-class service provider.

Ingrian offers a range of appliances that are designed to secure any application that uses secure socket layer (SSL) transactions, while at the same time speeding up the performance. The company has recently added other features, including authentication, authorization, GZIP compression and an interface to external intrusion detection systems.

NetPilot was created to be a turnkey solution for businesses to solve all their internet connectivity requirements. It provides internet routing and the sharing of a single ISP account; proxy-based firewall and NAT; web server and web caching; servers for DNS, DHCP, FTP and email; access control and URL filtering. In addition it can act as a file and print server for Windows workstations.

McAfee is well known for anti-virus software, and has built its complete anti-virus engine into an internet gateway product that examines HTTP, FTP, SMTP and POP3 traffic for viruses. It also performs content filtering and acts as an email anti-relay. Within the content filtering mechanism anti-spam functionality is included.

Primarily a content-filtering platform, the Minesweeper CF 500 came with optional extras for intrusion detection and vulnerability assessment. Content filtering comprises URL blocking, anti-virus and anti-spam. Standard features include a firewall with an IPsec VPN and a DHCP server.

SonicWALL is well known for its firewalls, but it is now starting to add optional functionality to the range. The model tested came with the extra-cost items of content filtering and anti-virus. Vulnerability assessment is another optional extra, but was not supplied on the review unit.

The Symantec Gateway Security product combines firewall, content filtering and intrusion detection in one rack-mounted system that is 1U high. The content filtering includes anti-virus and anti-spam, plus the blocking of inappropriate content and non work-related surfing. The firewall has all the usual features you would expect from a modern firewall: stateful inspection, packet filtering, NAT, IPsec VPN and full inspection application proxies.

Based on a Toshiba Magnia SG20 solution developer kit, this unit runs a special version of Linux created by Astaro. It includes a firewall, VPN, DHCP server, traffic management and content filter. The latter includes web blocking and anti-spam.
The firewall uses stateful packet inspection and includes proxies for HTTP, HTTPS, SMTP, POP3, DNS, IDENT and SOCKS. It has user authentication and offers protection from the most common forms of DoS attacks. Of course, it provides network address translation. In addition it detects port scanning.

Entercept falls into the category of an intrusion prevention system (IPS). In common with traditional host-based IDS, Entercept resides on the host itself, but it works at a much lower level than a normal HIDS system.

This solution provides a network-based IDS, real-time session monitoring and internet/email content blocking. eTrust Intrusion Detection can be installed in standalone mode, or it can be distributed on separate machines. The intrusion detection program installs as a service under Windows NT/2000. As usual, the monitoring interface is a NIC in promiscuous mode, and therefore the presence of the IDS is concealed from the attacker.

This solution is supplied as software, desktop or rack-mounted. Each network sensor is a separate appliance, handing high-availability, high-security 10/100 or gigabit monitored segments.Running on a hardened OS, based on Red Hat Linux, in a small installation it can be managed using a web-based interface, software or optionally as an appliance.

NetScreen uses multi-method detection (MMD) in its IDS appliance, which also includes intrusion prevention options. MMD integrates stateful signature analysis with the detection of protocol anomalies, traffic anomalies, IP spoofing, layer 2 and SYN-flood attacks. Plus, it includes detection of 'backdoor' exploits and a network honeypot. The NetScreen IDP-100 is rated at 200Mbits/sec throughput, offering a choice of eight Fast Ethernet or two separate gigabit monitoring ports.

This is a network-based IDS, supplied as an appliance. There are four versions of the NID-300 series - the difference being in the number and speed of the Ethernet interfaces. The top-of-the-range model has two 10/100Mbit and two gigabit network interfaces. One of these interfaces is always reserved for management, but the remainder can be used for monitoring. In this way, a single NID-300 can monitor load-balanced or failover WAN connections. By separating the management and monitoring interfaces, NID-300 can operate in stealth mode, as the monitoring interface does not respond to any network traffic or requests from any service on the monitored network.

RealSecure 7.0 is the result of the integration between RealSecure and the BlackICE NIDS sensor technology. It runs on a dedicated machine and acts as a NIPS sensor to monitor a network segment, looking for intrusions or suspicious activity. If an intrusion is suspected, it can respond by recording details of the event. It can notify the network administrator, reconfigure the firewall, or terminate the event.

This software network-based IDS product requires a dedicated machine running Solaris 8 on either Sun SPARC or Intel hardware. The hardware specification depends on the amount of traffic to be monitored, and gigabit monitoring interfaces are supported. We were supplied with a pre-installed system running on a Dell PowerEdge rack-mounted server - however, customers would have to provide their own hardware; prices quoted are for software only.

In the Gateway Security product, Symantec has come up with a range of gateway appliances, each of which combines firewall, anti-virus, virtual private network (VPN), content filtering and intrusion detection in one rack-mounted system that is 1U high.

Oblix NetPoint is described as an identity management solution for the enterprise. What this means is that it is designed to manage the multiple identities and permissions in a modern e-business environment where you must provide access to a huge variety of different people - many of whom will be entering the network from outside the corporate firewall. In a modern large e-business enterprise it can be a daunting task to do this securely.
Oblix NetPoint simplifies the management of user identities and permissions across multiple applications and provides single sign-on. It makes it easy to add or remove users, to change permissions, and to enforce password rules.

CyberGuard offers a range of firewall/VPN appliances with specifications ranging from three Ethernet interfaces and 125Mbits/ sec throughput to 21 Ethernet interfaces and 2Gbits/sec throughput. All have an integrated VPN, run the same firewall software, and have the same configuration GUI. We tested model KS1500, which can have up to 18 Ethernet interfaces, of which two are gigabit-over-copper as standard.
Performance is the strength of the KS1500, which is designed to cope with 1.5 Gbits/sec throughput and up to 1.2 million simultaneous connections. The firewall boasts a host of certification standards including Common Criteria Eval­ uation Assurance Level 4+ (EAL4+), ICSA, ITSEC E3, Checkmark, etc. The secure operating system was designed to meet TCSEC/NCSC criteria at the 'Orange-book' B2 level.