group

We looked at version 3.0 of this product in the virtual private network Group Test last year, and it is good to see it being evaluated as a firewall this time around. Astaro might not be a familiar name to most people, but it deserves to be if it continues to produce products such as this.

Swedish company Ingate may be a relatively new name in the firewall market, but its products have been getting an extremely positive reaction. The Ingate 1400 appliance is its solution for the medium-sized business; it is a black, 1U rack-mounted appliance, with four Ethernet ports, a COM port and a simple LED display.

Back in the world of software, we have Microsoft's entry in the firewall market. Microsoft Internet Security and Acceleration Server (ISA Server) is a fully-featured firewall with a number of bells and whistles that add considerable functionality and security.

Old hand BorderWare has decided to focus on one particular area of network security - email. Whereas most companies are happy enough to bundle email in with the rest of its internet traffic and allow the firewall to handle all of it, BorderWare's MXtreme MX-200 appliance specifically focuses on the problems of email traffic.

SonicWALL is another well-known name in the firewall arena, offering a range of products suitable for anything from the home user to the high-end of the market.

Stonesoft produced its own firewall a few years ago and has shown that it really understands the high end of the market.

The EdgeForce firewall with Performance Module 1 enabled incorporates a flexible demilitarised zone (DMZ) via a third port. This gives the ability to host public servers (email, FTP and web) from behind the firewall, and with this feature, non-authenticated access to servers behind the firewall can be granted, yet the private network itself is still completely shielded from the internet.

Symantec is a very old name in the security business, but it is not going to rest on its laurels. Its software-based Enterprise Firewall with VPN has had yet another upgrade since the last time we looked at it, and it offers quite a few new features to what was already a very powerful application. The application is also available pre-loaded on one of Symantec's distinctive bright yellow appliances if you prefer.

At the small or home office end of the market we have the ZyWall 100 Internet Security Gateway. When we looked at the ZyWall 50 appliance in the VPN Group Test last year, we had a few concerns, such as build quality. This issue has clearly been addressed, since the ZyWall 100 is a robust yet compact device with a simple and attractive design.

CyberGuard has a long and impressive track record in the firewall market, providing solutions from the desktop to those suitable for the high end, such as data centers. The SL2000 is positioned at the high end and, while certainly not the cheapest firewall in this Group Test, is worth every penny.

Clavister is a fairly new name in the security market, but its high-end firewall appliances are impressive enough to ensure that will not be the case for long.

In the past we have looked at pcAnywhere, which has been a consistent runner in past telecommuting group tests. This time around Symantec has supplied its Client Security.

Blade has made quite a name for itself over the last year or so with the development of its Blade IDS Informer application, which monitors the performance of your intrusion detection system and ensures that it is running to the best of its abilities. The company has now extended this with the release of Firewall Informer, which performs a similar function for your corporate firewall.

This product concentrates on hard disk data encryption. However , it does include a VPN client integration for IPCrytor VPN gateways, which is a remote access solution. Encryption may be in relation to your own local hard drive, or a specific directory or folder on the corporate LAN.

First, allow us to congratulate Datakey on a most comprehensive and clearly written set of user guides. This is an important factor for many users and yet so often overlooked in contemporary products. For those as yet unfamiliar with smartcards and tokens, this can be very helpful and save them a lot of time as they progress along their own particular learning curve.

The Schlumberger DeXa.Badge is not so much a single product, more of a secure identity philosophy. Potential use of the associated chip cards could range from simple intranet/internet secure login, to a full blown certificate-based enterprise deployment for local and remote access, physical access control and other related applications.

NetScreen uses multi-method detection (MMD) in its IDS appliance, which also includes intrusion prevention options. MMD integrates stateful signature analysis with the detection of protocol anomalies, traffic anomalies, IP spoofing, layer 2 and SYN-flood attacks. Plus, it includes detection of 'backdoor' exploits and a network honeypot. The NetScreen IDP-100 is rated at 200Mbits/sec throughput, offering a choice of eight Fast Ethernet or two separate gigabit monitoring ports.

This is a network-based IDS, supplied as an appliance. There are four versions of the NID-300 series - the difference being in the number and speed of the Ethernet interfaces. The top-of-the-range model has two 10/100Mbit and two gigabit network interfaces. One of these interfaces is always reserved for management, but the remainder can be used for monitoring. In this way, a single NID-300 can monitor load-balanced or failover WAN connections. By separating the management and monitoring interfaces, NID-300 can operate in stealth mode, as the monitoring interface does not respond to any network traffic or requests from any service on the monitored network.

RealSecure 7.0 is the result of the integration between RealSecure and the BlackICE NIDS sensor technology. It runs on a dedicated machine and acts as a NIPS sensor to monitor a network segment, looking for intrusions or suspicious activity. If an intrusion is suspected, it can respond by recording details of the event. It can notify the network administrator, reconfigure the firewall, or terminate the event.

StealthWatch employs a completely different approach to traditional IDS, based on signature recognition. Instead of looking for signatures, it 'learns' what kind of activity is normal on your network and looks for abnormal events. Behavior-based IDS has some advantages over signature-based IDS, because less processing power is required and previously unknown attacks can be detected.