Intro

The threat of an external attack on the corporate network is now so great that companies need to consider a firewall. There is no excuse for failing to protect data on a network and there are plenty of options on the market

Earlier this year we tested the hardware products and now it is the turn of the software firewall. We asked six top vendors to provide products that deliver firewall protection to the enterprise network.

The hardware alternatives offer one distinct advantage as these appliances come complete with processor, memory and embedded operating system which provides intrusion detection and prevention straight from the box.

As you will have to source the hardware yourself, the soft alternative costs less, but takes longer to set up. Whereas all hardware firewalls offer similar features, we found more variety and methods of operation in the software, which means it is even more important to do your research before you buy.

Symantec provided a software perimeter firewall while Entercept's dealt with server protection. A key feature in four of the products was the inclusion of workstations that allowed

policies to be managed from the desktop. A further advantage is that mobile users can leave the corporate network and still enjoy firewall protection while at remote locations.

Another notable feature is the varied filtering methods each product uses. Virtually all hardware firewalls use stateful inspection which intercepts packets at the network layer, then analyses the header and contents of each packet to determine its communication state, as well as the source and destination addresses. Although basic packet filtering offers higher performance, security is reduced as most filtering mechanisms only examine packets at the network layer and are unable to determine what application they are bound for. One product functions as an application proxy - one that sits next the operating system to intercept system and API calls. Three of the others use packet filtering. Only the Zone Labs' firewall product implements stateful packet inspection - a feature drawn from its popular personal firewall software.

To test installation, configuration, deployment and reporting of the central management consoles of each product we used a Pentium III 733-equipped system with 256Mb of memory and running Windows 2000 Server, while client duties were handed out to a variety of workstations running Windows 98 SE, ME and 2000 Professional.

Reviews

The business case

The boundary of the network is not as clear as it used to be, especially with the number of remote users out there.

A laptop may enable workers the freedom to work on the road, but

it also makes the machine more vulnerable. Even inside the network there is the threat of internal users attacking systems.

For this reason software firewalls have increased in popularity. It enables the network manager to put security where it is needed.

In the case of personal firewalls on individual machines the benefit is a clear one. If a user is out on the road and the machine gets hacked into, then there are two potential losses.

First, if the laptop is attacked there is a chance that private data may be removed. The potential damage to the company, both in image and real terms, could be immense.

Second, if a Trojan is installed the laptop represents a serious security concern once reintroduced to the corporate network. At that point the controller of the Trojan has full access to your network, including servers and other workstations. It is not worth taking the risk that this can happen.

From a server point of view, products such as Entercept help prevent the server being hacked. There is only so much that a perimeter firewall can do to stop attacks coming through. In the spate of buffer-overflows against IIS, firewalls were mostly powerless to stop the attacks as they look like genuine requests. Putting in software closer to the actual server cuts this risk down and blocks attacks as they happen.

In all cases security breaches are costly to the company. Reducing the attack profile of your company reduces the potential losses. You should identify where software firewall protection is needed in the company and think about adding that extra layer of security.

Comment on this article