Features

When 3am Labs asked us to review LogMeIn, we were not sure whether it was really appropriate for SC Magazine. The software is primarily a tool for web-based remote access and administration (there is a "network console" version for enterprise administrators, too). But it has a surprisingly broad set of security features, as well as some clever ways to tie down possible vulnerabilities in remote administration.

Astaro's Security Linux 5.1 takes the open source Linux software and hardens it, but also adds commercial software for a complete security package. It comes with six components: firewall, VPN, anti-virus (provided by Kaspersky), content filtering, anti-spam and intrusion prevention.

Protecting a single PC from harm usually involves installing a software firewall. However, on a server the overhead this causes can be too much, hence Innominate's mGuard PCI firewall, which has its own 266MHz processor and 32MB of RAM. We tested the professional version. There is also an enterprise version with higher specifications and a greatly improved management interface.

While most firewall appliances will run a custom operating system, or secured version of Linux, Celestix has decided to use Microsoft's Internet Security and Acceleration (ISA) 2004 Server as the basis for its MSA4000 appliance. It runs Windows Server 2003 using 1GB of RAM and an 80GB hard disk. This, obviously, adds to the price of the appliance.

Think of firewalls and Check Point is inevitably the first name that springs to mind, probably followed by thoughts of huge expense. This is not the case with Check Point Express, which brings high-end firewall technology to mid-sized businesses.

SmoothWall's Corporate Guardian 3 is one of the best value firewalls on the market. Just provide your own base PC, and the installation will take care of everything else.

For the price, D-Link squeezes a lot of features into its Linux-based DFL-1100 appliance, including a SafeNet PCI VPN accelerator card and four Fast Ethernet ports.

Servers are often entry points to a network, particularly those that are internet visible. Kerio's ServerFirewall, designed for Microsoft operating systems, is designed to combat that by filtering traffic at the server.

Kerio's stateful inspection WinRoute Firewall 6 operates on Windows 2000/XP/2003. After a painless and quick installation and reboot, it is ready to run.

With individual PCs being a high risk factor in a network, a personal firewall is an important consideration, particularly when you have notebooks going in and out of the company. CrossTec's NetOp Desktop Firewall is one choice.

Symantec's Enterprise Firewall works with Windows 2000/2003 or Solaris 8/9. We installed it on our Windows Server 2003 machine with two network interfaces (a requirement of the software).

WatchGuard's Firebox X range of appliances is designed to cope with the needs of enterprises of all sizes.

Network Engines, along with Celestix and its MSA4000, is the second company in this test to use Microsoft's Internet Security & Acceleration Server in an appliance (see Celestix review for more information).

BorderWare's SteelGate SG-200 runs the company's own firewall, Firewall Server 7.1, running on the S-Core secure operating system. Rather than building an appliance from the ground up, the SG-200 is simply a PC (2GHz Intel Celeron Processor, 512MB RAM and a 40GB hard disk) in a rack-mountable chassis.

Symantec's Gateway Security 5460 is the largest, and one of the most powerful, appliances that we have had on test. It has eight Gigabit Ethernet ports, which can be configured to segregate a network or for high availability. The firewall can also be configured to load balance between a cluster, improving performance provided you have the correct license.

ZyXEL's ZyWall 35 shows that, while small in dimensions, it is not small on features. The front panel of the appliance houses two WAN and four LAN Fast Ethernet ports, while the rear of the device has out-of-band management through it is console port and a PC Card slot, so you can add 802.11g WiFi (see company website for supported cards).