Features

Old hand BorderWare has decided to focus on one particular area of network security - email. Whereas most companies are happy enough to bundle email in with the rest of its internet traffic and allow the firewall to handle all of it, BorderWare's MXtreme MX-200 appliance specifically focuses on the problems of email traffic.

SonicWALL is another well-known name in the firewall arena, offering a range of products suitable for anything from the home user to the high-end of the market.

Stonesoft produced its own firewall a few years ago and has shown that it really understands the high end of the market.

The EdgeForce firewall with Performance Module 1 enabled incorporates a flexible demilitarised zone (DMZ) via a third port. This gives the ability to host public servers (email, FTP and web) from behind the firewall, and with this feature, non-authenticated access to servers behind the firewall can be granted, yet the private network itself is still completely shielded from the internet.

Symantec is a very old name in the security business, but it is not going to rest on its laurels. Its software-based Enterprise Firewall with VPN has had yet another upgrade since the last time we looked at it, and it offers quite a few new features to what was already a very powerful application. The application is also available pre-loaded on one of Symantec's distinctive bright yellow appliances if you prefer.

At the small or home office end of the market we have the ZyWall 100 Internet Security Gateway. When we looked at the ZyWall 50 appliance in the VPN Group Test last year, we had a few concerns, such as build quality. This issue has clearly been addressed, since the ZyWall 100 is a robust yet compact device with a simple and attractive design.

In this review we are not so concerned with remote access as such, but more with the security and ease of use for the teleworker; a growing breed of employee. But this still means a high level of control and security.

Putting a firewall in the home office should be a natural thing to do. After all, you are not only protecting your user but also the data that they will be working on, and probably holding, on their machine. This security is just as important as the security in the main office, as liability on data and business-critical information could otherwise be breached with ease. This is where a small but powerful appliance from a developer with experience in both the enterprise and SOHO markets is going to come in very handy.

This hardware solution is suitable for both the hardened teleworker or a small office environment. It brings with it not only a stateful inspection firewall, but also the protection of a VPN. For the user logging into an enterprise, MD5 authentication comes into play. This ensures encrypted communications and also foils any attempt to steal the SonicWALL password.

We have looked at solutions that are purely based within the teleworker's domain, but we are also taking the view that some organizations of the larger variety may wish to impose server-based network and system security solutions on their remote users.

Either as a closed environment or as a service, Endeavors Technology's Magi Enterprise is a peer-to-peer security solution ideal for end users who have little or no experience with installing security solutions, but who are charged with telecommuting on a regular basis. From the administrator's viewpoint, removing any end-user problems can make the whole job of securing the data flow far easier.

This solution is again reliant on enterprise management, but for the teleworker who requires a standalone solution BlackICE PC Protection is still available. RealSecure Desktop Protector (formally known as BlackICE Agent for Workstations) is the enterprise version.

In the past we have looked at pcAnywhere, which has been a consistent runner in past telecommuting group tests. This time around Symantec has supplied its Client Security.

In the Gateway Security product, Symantec has come up with a range of gateway appliances, each of which combines firewall, anti-virus, virtual private network (VPN), content filtering and intrusion detection in one rack-mounted system that is 1U high.

The Schlumberger DeXa.Badge is not so much a single product, more of a secure identity philosophy. Potential use of the associated chip cards could range from simple intranet/internet secure login, to a full blown certificate-based enterprise deployment for local and remote access, physical access control and other related applications.

NetScreen uses multi-method detection (MMD) in its IDS appliance, which also includes intrusion prevention options. MMD integrates stateful signature analysis with the detection of protocol anomalies, traffic anomalies, IP spoofing, layer 2 and SYN-flood attacks. Plus, it includes detection of 'backdoor' exploits and a network honeypot. The NetScreen IDP-100 is rated at 200Mbits/sec throughput, offering a choice of eight Fast Ethernet or two separate gigabit monitoring ports.

This is a network-based IDS, supplied as an appliance. There are four versions of the NID-300 series - the difference being in the number and speed of the Ethernet interfaces. The top-of-the-range model has two 10/100Mbit and two gigabit network interfaces. One of these interfaces is always reserved for management, but the remainder can be used for monitoring. In this way, a single NID-300 can monitor load-balanced or failover WAN connections. By separating the management and monitoring interfaces, NID-300 can operate in stealth mode, as the monitoring interface does not respond to any network traffic or requests from any service on the monitored network.

RealSecure 7.0 is the result of the integration between RealSecure and the BlackICE NIDS sensor technology. It runs on a dedicated machine and acts as a NIPS sensor to monitor a network segment, looking for intrusions or suspicious activity. If an intrusion is suspected, it can respond by recording details of the event. It can notify the network administrator, reconfigure the firewall, or terminate the event.

StealthWatch employs a completely different approach to traditional IDS, based on signature recognition. Instead of looking for signatures, it 'learns' what kind of activity is normal on your network and looks for abnormal events. Behavior-based IDS has some advantages over signature-based IDS, because less processing power is required and previously unknown attacks can be detected.

This software network-based IDS product requires a dedicated machine running Solaris 8 on either Sun SPARC or Intel hardware. The hardware specification depends on the amount of traffic to be monitored, and gigabit monitoring interfaces are supported. We were supplied with a pre-installed system running on a Dell PowerEdge rack-mounted server - however, customers would have to provide their own hardware; prices quoted are for software only.