Features

Possibly one of the most addictive aspects of the internet is instant messaging. Even if you prevent your employees from installing MSN Messenger, AIM or Yahoo, there are countless web sites that offer proprietary messaging systems that can be overlooked by some security applications.

Cobion's OrangeBox Web is a very similar product to DynaComm i:filter. Designed to integrate with a proxy server (for example, Microsoft ISA on Windows 2000/XP), it is also happy to sit on a number of popular Linux and Unix platforms. It can also be used as a proxy server in its own right if you have a small or medium-sized intranet network.

DynaComm's i:series offers a range of security solutions: DynaComm i:filter is designed to monitor and protect you from internet traffic. Covering HTTP, HTTPS, FTP and NNTP traffic, it uses a database of URLs and a rules-based strategy to enforce your internet policy.

Another policy enforcement product, but with some added features that really give it some teeth, is iomart's NetIntelligence. As well as monitoring URL requests, it also looks at the network as a whole (hardware, software and all files) and can instantly detect whether any unauthorized changes have been made, or whether any prohibited content is suddenly present.

N2H2 is generally considered to be one of the best content/URL filtering products on the market, and looking at in this group test, it is easy to see why.

NetIQ MailMarshal was the sleeper hit of the recent email security Group Test. Can this New Zealand-based software development center make it two in a row with its WebMarshal browser control? The answer is a resounding yes.

Unique in this test, the iPrism is actually an appliance. Although these tend to be more expensive than software-only products, they usually have the advantage of a fairly solid configuration since they are factory-build.

SurfControl has long been a name in internet security, with its CyberPatrol product one of the best known applications for home use, and its Web Filter application is an excellent business tool for micro-managing users' access to the internet.

SmoothWall Corporate Server is an extremely effective way of turning a PC into a dedicated hardware firewall sitting on its own hardened operating system. The company has now released a bolt-on to the Corporate Server to provide even more protection - Smooth Guardian, a multi-layered content filtering package.

Symantec Web Security is a product specifically designed to monitor the content of HTTP, HTTPS and FTP traffic. It takes the form of a proxy server that sits behind your firewall; with most firewalls it will operate transparently, but you have the bonus of integration with Check Point's FireWall-1.

While not strictly an appliance, this version of Websense is tightly integrated with all of SonicWALL's range of extremely popular firewall appliances.

If you are looking for a little more than simple content filtering, it is worth taking a look at WebWasher. Aimed at the medium to large business, it provides extensive content filtering and a number of other valuable features.

There are now many policy management tools for the control of email usage, and that need arises from the growing requirements that increasing legislation has put on companies. Policy Patrol is one such solution, ensuring that certain criteria are being met, and reducing the risk to the enterprise by monitoring communications and filtering out according to a rule set.

There are pre-set policies that allow the new installation to be put in place quickly and effectively while new policies are written.

The problem of recovering accidentally deleted files was solved largely by the implementation of the recycle bin in Windows - allowing users simply to select 'Restore' from the right-click menu. However, there are a number of users that will, without thinking about what they are doing, automatically empty the recycle bin or even use a utility that does it for them at the end of each session. In addition to this, some viruses delete files, bypassing the safety-net of the recycle bin and of course, some malicious users will deliberately remove certain files. In response to this, O&O Software GmbH has written O&O UnErase which provides the user with a means of recovering such files.

First there was Sniffer, Network Associates' traffic capture and analysis tool, which rapidly carved itself a position as the tool of choice for network engineers of all kinds. Then there was Sniffer Wireless, bringing the capabilities of the Sniffer engine to 802.11 wireless networks, a logical extension to the Sniffer brand which already supported a range of environments including LANs, remote networks and telecom networks. Now we have Sniffer Wireless PDA, porting that wireless analysis suite to a handheld platform, targeting network managers and security professionals with an overriding need for portability.

At the heavy duty end of the market, SSH Secure Shell for Windows Server offers enough security for even the most paranoid network administrator. Already recognized as one of the most popular applications for creating secure sessions in Unix, it is now available for Windows, replacing such protocols as Telnet or FTP with a hardened connectivity solution for those businesses that require more than usual security for data transfer.

One very important area of email security is encryption. Unless you are using leased lines or virtual private networks (VPNs) to transmit information, the moment an email leaves your firewall it is at the mercy of the internet. Emails can be intercepted and read without your even knowing about it, which poses a terrible risk for corporate information. However, encrypting the email does give you a high degree of ­ reassurance.

PC Guardian provides a nifty little program called Encryption Plus Email that allows you to encrypt email body text and any attachments. The email product is very easy to install - full installation of the administration program takes less than a minute. The product is designed for individual use, so the administrator installs it on each workstation, then configures it centrally and rolls out the user files across the network. Encryption Plus Email is only available for Lotus Notes and Microsoft Outlook, but since these two cover a large proportion of companies this shouldn't be a problem.

Administrators often forget that management of emails isn't simply a question of who can send or receive them, or the content. When email arrives it sits in the inbox, but who has permission to access that inbox, or other folders for that matter?

With high turnovers of employees becoming increasingly common, the stressed administrator may well lose track of individual permissions. For example, many companies usually have a set of freelance or contract email ­ accounts that can be assigned to temporary staff. The permissions required by one contractor may be far more extensive than those required by their successor, but they could very well inherit those permissions when they arrive. And human nature being what it is, inquiring minds will almost certainly take advantage of this, whether innocently or maliciously.

Although F-Secure may not be the first name in anti-virus that springs to mind, its products are among the heaviest hitters in the industry. Unlike some products which depend purely on their signature lists to be updated, F-Secure also comprises multiple scanning engines and heuristic detection techniques that make it one of the first products to detect new viruses. The company has now brought its expertise to bear in email security with F-Secure Anti-Virus for Internet Mail.

The product is available for Windows (NT and 2000). A Unix version would be nice, although there is a version for Unix which sits at the firewall level. Installation presented no headaches. However because of the way the product works, disk and memory requirements are quite high. It is also better to share the scanning across more than one scanner server to keep bandwidth usage lower.

Gordano is a company that has made the messaging arena its own. Its NTMail product was a revolution when it was first launched in 1994, and it was recently re-branded and overhauled to become Gordano Messaging Suite (GMS).

Installation is simple and straightforward, and Gordano has also ensured that the product is suitable for all major operating ­ systems. Once installed, navigation is easy: the product is logically structured with well-laid out GUIs. Both configuration and management are carried out via a web-based interface.