Jayne Parkhouse

We looked at version 3.0 of this product in the virtual private network Group Test last year, and it is good to see it being evaluated as a firewall this time around. Astaro might not be a familiar name to most people, but it deserves to be if it continues to produce products such as this.

Symantec is a very old name in the security business, but it is not going to rest on its laurels. Its software-based Enterprise Firewall with VPN has had yet another upgrade since the last time we looked at it, and it offers quite a few new features to what was already a very powerful application. The application is also available pre-loaded on one of Symantec's distinctive bright yellow appliances if you prefer.

At the small or home office end of the market we have the ZyWall 100 Internet Security Gateway. When we looked at the ZyWall 50 appliance in the VPN Group Test last year, we had a few concerns, such as build quality. This issue has clearly been addressed, since the ZyWall 100 is a robust yet compact device with a simple and attractive design.

In this review we are not so concerned with remote access as such, but more with the security and ease of use for the teleworker; a growing breed of employee. But this still means a high level of control and security.

Putting a firewall in the home office should be a natural thing to do. After all, you are not only protecting your user but also the data that they will be working on, and probably holding, on their machine. This security is just as important as the security in the main office, as liability on data and business-critical information could otherwise be breached with ease. This is where a small but powerful appliance from a developer with experience in both the enterprise and SOHO markets is going to come in very handy.

Either as a closed environment or as a service, Endeavors Technology's Magi Enterprise is a peer-to-peer security solution ideal for end users who have little or no experience with installing security solutions, but who are charged with telecommuting on a regular basis. From the administrator's viewpoint, removing any end-user problems can make the whole job of securing the data flow far easier.

This solution is again reliant on enterprise management, but for the teleworker who requires a standalone solution BlackICE PC Protection is still available. RealSecure Desktop Protector (formally known as BlackICE Agent for Workstations) is the enterprise version.

This hardware solution is suitable for both the hardened teleworker or a small office environment. It brings with it not only a stateful inspection firewall, but also the protection of a VPN. For the user logging into an enterprise, MD5 authentication comes into play. This ensures encrypted communications and also foils any attempt to steal the SonicWALL password.

We have looked at solutions that are purely based within the teleworker's domain, but we are also taking the view that some organizations of the larger variety may wish to impose server-based network and system security solutions on their remote users.

If anyone was under the illusion that data storage was boring, think again. The new technology engaged in protecting your critical data takes a fresh and enthusiastic approach to data security - ensuring that what you deem sensitive, value or trusted, is also worthy of iron clad protection within your storage infrastructure.
If you think that there's anything exciting to see as the data passes through the box, you'd be disappointed. In fact try finding CryptoStor within the Fibre Channel (FC) network or backup application and you may just hit a small snag - it's nowhere to be seen. But that's the point.

StealthWatch employs a completely different approach to traditional IDS, based on signature recognition. Instead of looking for signatures, it 'learns' what kind of activity is normal on your network and looks for abnormal events. Behavior-based IDS has some advantages over signature-based IDS, because less processing power is required and previously unknown attacks can be detected.

In this Group Test we have looked at a number of solutions, all designed to manage your critical policy management and to ensure corporate policy is adhered to across even the largest networks.

This particular solution is for Windows 2000 users only; it sets, manages and backs up policies across your whole network without the need for agents. Designed specifically to replace the built-in utilities that are provided with Windows 2000 networks, it also allows the management of multiple domains in unison.

We've looked at PoliVec Builder in the past, a policy development tool from the same stable. Part of the PoliVec suite, PoliVec Enforcer integrates seamlessly with its policy development tool counterpart to keep the enterprise secure.

Therefore, policy can be locked down to stop system changes and policy non-compliance from weakening the protected network infrastructure. Extensive reporting enables a precise picture of your network and real-time monitoring ensures that notification of problems can be dealt with in a timely fashion.

Policy enforcement is only as good as your management system allows, so a serious vulnerability could go unnoticed without prior knowledge of the problem.

Security Expressions allows deployment using no-agent technology to ensure that, once installed on either Windows NT or 2000 systems, the administrator can add machines within a group, that are required to adhere to the policies that pertain to that group.

Sygate Technologies says that its policy enforcement ensures remote connections over a VPN are not exposed to hijacking of data. It ensures remote authentication is only made if the user conforms to the policy set in force. This makes a lot of sense.

What Sygate Secure Enterprise provides is the ability to maintain certain rules, even for remote users. These include whether their firewall is current and configured correctly, if the remote user's anti-virus is up to corporate specifications and, equally important, up to date. These are just a few example of areas where compliance may be required.

The basis of any policy management tool is the ability to manage its users and to recognize potential problem areas. Some do this without agents and others prefer to manage policy enforcement with agents residing on both workstations and servers. This is the case for Symantec Enterprise Security Manager, which uses the agents as its means of communication between its networked machines, enabling timely updates and compliance reports.

Symantec Enterprise Security Manager has already established itself in the policy management solutions market. This particular solution ensures that policies are intrinsically complied with throughout the organization, as well as maintaining system security through recognizing changes that could affect the security of the network.

Using control information files (CIF) the product can be managed from a central console, but in a large organization you may require more than one. Agents provide the means for the information to be collected across a distributed network to ensure updates are accomplished at regular intervals. Changes can be identified and the appropriate action taken, while logs and reports may be generated for further analysis.

Recently acquired by NetIQ, VigilEnt Policy Center provides a policy management tool that ensures users are aware of their responsibilities while providing solid policy control across the company network.

This is a corporate-level security solution and requires a user database to allow you to import users so that user groups can be established. The policies can then be set for these groups, with users being required to answer questions to establish understanding and compliance. Logs are kept to view user input and also to define problem areas. This performance-related system means that users know how to use company data and they learn what is required of them, while the administrator can see statistics and reports. Users not complying can be identified and an email can be sent to them to remind them of its significance. This ensures that not only do your employees comply with your policies, but your company can prove compliance with the regulators and specifically with ISO 17799.

You can stipulate certain user rights to allow for policies to be reviewed prior to publication and distribution. But of course you may use pre-written policies, amend them or create your own, as required by your own particular corporate needs.

Each enterprise will look long and hard at how they implement their corporate security policy. While many administrators look to implement an enterprise-wide solution, some may look to deliver specific policy management features for areas that their particular enterprise rates as high risk.

This means that in order to deliver policy management across all electronic communication a specific policy solution will be required that specializes in this particular function.

Unlike the other products in this Group Test Web Inspector is neither system policy management or email policy management, but in fact an internet compliance tool that uses policy to set its users' boundaries. Suitable as a single installation for the smaller enterprise, this solution easily scales up to a distributed deployment over a large network.

Policy starts with access control, ensuring that users only have the rights assigned by the administrator in line with your corporate policy. Whether you choose to assign the same rights across the network or drill down your policy into user groups, sites, or individual users or workstations, is your choice. Policies can be created to suit your needs and ensure that only the web pages that your company deems necessary are viewed within work hours, allowing for the organization to permit safe surfing on non-business sites at stipulated times.

There are now many policy management tools for the control of email usage, and that need arises from the growing requirements that increasing legislation has put on companies. Policy Patrol is one such solution, ensuring that certain criteria are being met, and reducing the risk to the enterprise by monitoring communications and filtering out according to a rule set.

There are pre-set policies that allow the new installation to be put in place quickly and effectively while new policies are written.