group

The EdgeForce firewall with Performance Module 1 enabled incorporates a flexible demilitarised zone (DMZ) via a third port. This gives the ability to host public servers (email, FTP and web) from behind the firewall, and with this feature, non-authenticated access to servers behind the firewall can be granted, yet the private network itself is still completely shielded from the internet.

Symantec is a very old name in the security business, but it is not going to rest on its laurels. Its software-based Enterprise Firewall with VPN has had yet another upgrade since the last time we looked at it, and it offers quite a few new features to what was already a very powerful application. The application is also available pre-loaded on one of Symantec's distinctive bright yellow appliances if you prefer.

At the small or home office end of the market we have the ZyWall 100 Internet Security Gateway. When we looked at the ZyWall 50 appliance in the VPN Group Test last year, we had a few concerns, such as build quality. This issue has clearly been addressed, since the ZyWall 100 is a robust yet compact device with a simple and attractive design.

Either as a closed environment or as a service, Endeavors Technology's Magi Enterprise is a peer-to-peer security solution ideal for end users who have little or no experience with installing security solutions, but who are charged with telecommuting on a regular basis. From the administrator's viewpoint, removing any end-user problems can make the whole job of securing the data flow far easier.

This solution is again reliant on enterprise management, but for the teleworker who requires a standalone solution BlackICE PC Protection is still available. RealSecure Desktop Protector (formally known as BlackICE Agent for Workstations) is the enterprise version.

This hardware solution is suitable for both the hardened teleworker or a small office environment. It brings with it not only a stateful inspection firewall, but also the protection of a VPN. For the user logging into an enterprise, MD5 authentication comes into play. This ensures encrypted communications and also foils any attempt to steal the SonicWALL password.

We have looked at solutions that are purely based within the teleworker's domain, but we are also taking the view that some organizations of the larger variety may wish to impose server-based network and system security solutions on their remote users.

We looked at version 3.0 of this product in the virtual private network Group Test last year, and it is good to see it being evaluated as a firewall this time around. Astaro might not be a familiar name to most people, but it deserves to be if it continues to produce products such as this.

Swedish company Ingate may be a relatively new name in the firewall market, but its products have been getting an extremely positive reaction. The Ingate 1400 appliance is its solution for the medium-sized business; it is a black, 1U rack-mounted appliance, with four Ethernet ports, a COM port and a simple LED display.

Back in the world of software, we have Microsoft's entry in the firewall market. Microsoft Internet Security and Acceleration Server (ISA Server) is a fully-featured firewall with a number of bells and whistles that add considerable functionality and security.

Clavister is a fairly new name in the security market, but its high-end firewall appliances are impressive enough to ensure that will not be the case for long.

Blade has made quite a name for itself over the last year or so with the development of its Blade IDS Informer application, which monitors the performance of your intrusion detection system and ensures that it is running to the best of its abilities. The company has now extended this with the release of Firewall Informer, which performs a similar function for your corporate firewall.

In the past we have looked at pcAnywhere, which has been a consistent runner in past telecommuting group tests. This time around Symantec has supplied its Client Security.

This solution is supplied as software, desktop or rack-mounted. Each network sensor is a separate appliance, handing high-availability, high-security 10/100 or gigabit monitored segments.Running on a hardened OS, based on Red Hat Linux, in a small installation it can be managed using a web-based interface, software or optionally as an appliance.

StealthWatch employs a completely different approach to traditional IDS, based on signature recognition. Instead of looking for signatures, it 'learns' what kind of activity is normal on your network and looks for abnormal events. Behavior-based IDS has some advantages over signature-based IDS, because less processing power is required and previously unknown attacks can be detected.

This software network-based IDS product requires a dedicated machine running Solaris 8 on either Sun SPARC or Intel hardware. The hardware specification depends on the amount of traffic to be monitored, and gigabit monitoring interfaces are supported. We were supplied with a pre-installed system running on a Dell PowerEdge rack-mounted server - however, customers would have to provide their own hardware; prices quoted are for software only.

This product concentrates on hard disk data encryption. However , it does include a VPN client integration for IPCrytor VPN gateways, which is a remote access solution. Encryption may be in relation to your own local hard drive, or a specific directory or folder on the corporate LAN.

First, allow us to congratulate Datakey on a most comprehensive and clearly written set of user guides. This is an important factor for many users and yet so often overlooked in contemporary products. For those as yet unfamiliar with smartcards and tokens, this can be very helpful and save them a lot of time as they progress along their own particular learning curve.

The Schlumberger DeXa.Badge is not so much a single product, more of a secure identity philosophy. Potential use of the associated chip cards could range from simple intranet/internet secure login, to a full blown certificate-based enterprise deployment for local and remote access, physical access control and other related applications.

NetScreen uses multi-method detection (MMD) in its IDS appliance, which also includes intrusion prevention options. MMD integrates stateful signature analysis with the detection of protocol anomalies, traffic anomalies, IP spoofing, layer 2 and SYN-flood attacks. Plus, it includes detection of 'backdoor' exploits and a network honeypot. The NetScreen IDP-100 is rated at 200Mbits/sec throughput, offering a choice of eight Fast Ethernet or two separate gigabit monitoring ports.