Features

Protecting a single PC from harm usually involves installing a software firewall. However, on a server the overhead this causes can be too much, hence Innominate's mGuard PCI firewall, which has its own 266MHz processor and 32MB of RAM. We tested the professional version. There is also an enterprise version with higher specifications and a greatly improved management interface.

While most firewall appliances will run a custom operating system, or secured version of Linux, Celestix has decided to use Microsoft's Internet Security and Acceleration (ISA) 2004 Server as the basis for its MSA4000 appliance. It runs Windows Server 2003 using 1GB of RAM and an 80GB hard disk. This, obviously, adds to the price of the appliance.

Think of firewalls and Check Point is inevitably the first name that springs to mind, probably followed by thoughts of huge expense. This is not the case with Check Point Express, which brings high-end firewall technology to mid-sized businesses.

SmoothWall's Corporate Guardian 3 is one of the best value firewalls on the market. Just provide your own base PC, and the installation will take care of everything else.

For the price, D-Link squeezes a lot of features into its Linux-based DFL-1100 appliance, including a SafeNet PCI VPN accelerator card and four Fast Ethernet ports.

Servers are often entry points to a network, particularly those that are internet visible. Kerio's ServerFirewall, designed for Microsoft operating systems, is designed to combat that by filtering traffic at the server.

Kerio's stateful inspection WinRoute Firewall 6 operates on Windows 2000/XP/2003. After a painless and quick installation and reboot, it is ready to run.

With individual PCs being a high risk factor in a network, a personal firewall is an important consideration, particularly when you have notebooks going in and out of the company. CrossTec's NetOp Desktop Firewall is one choice.

Symantec's Enterprise Firewall works with Windows 2000/2003 or Solaris 8/9. We installed it on our Windows Server 2003 machine with two network interfaces (a requirement of the software).

WatchGuard's Firebox X range of appliances is designed to cope with the needs of enterprises of all sizes.

Network Engines, along with Celestix and its MSA4000, is the second company in this test to use Microsoft's Internet Security & Acceleration Server in an appliance (see Celestix review for more information).

BorderWare's SteelGate SG-200 runs the company's own firewall, Firewall Server 7.1, running on the S-Core secure operating system. Rather than building an appliance from the ground up, the SG-200 is simply a PC (2GHz Intel Celeron Processor, 512MB RAM and a 40GB hard disk) in a rack-mountable chassis.

Symantec's Gateway Security 5460 is the largest, and one of the most powerful, appliances that we have had on test. It has eight Gigabit Ethernet ports, which can be configured to segregate a network or for high availability. The firewall can also be configured to load balance between a cluster, improving performance provided you have the correct license.

ZyXEL's ZyWall 35 shows that, while small in dimensions, it is not small on features. The front panel of the appliance houses two WAN and four LAN Fast Ethernet ports, while the rear of the device has out-of-band management through it is console port and a PC Card slot, so you can add 802.11g WiFi (see company website for supported cards).

Astaro's Security Linux 5.1 takes the open source Linux software and hardens it, but also adds commercial software for a complete security package. It comes with six components: firewall, VPN, anti-virus (provided by Kaspersky), content filtering, anti-spam and intrusion prevention.

Red-M's Red-Alert Pro is a wireless intrusion detection probe that senses 802.11 a, b, g, and even Bluetooth activity simultaneously. It logs security threats and feeds the details to a Red Detect server if run in managed mode, or stores it if run standalone. Red-Alert Pro keeps track of connections between known and unknown devices, making an alert whenever a new unknown device is present and informing you of which device(s) the unknown entity is communicating with. If run in standalone mode, the security logs can be accessed via a convenient and intuitive web interface. If run in managed mode, the Red Detect server handles the logs.

This is a flexible, robust, very scalable and multi-purpose wireless security solution. It provides rogue detection, troubleshooting, vulnerability assessment, intrusion detection, performance management and usage accounting. It has a standard Windows GUI with an open source Firebird database that includes a secure, password-protected interface, and can be easily configured both for a small business or a large enterprise.

Computer Associates' Wireless Site Management 4.0 is a fully featured WLAN security and management suite. The software is mainly aimed at larger organizations, but it could be implemented for any company running a wireless network.