Upcoming Events

Cloud Connect
Santa Clara
Feb 13-16, 2012

Cloud Connect brings together the entire cloud eco-system to better understand the transformation we're experiencing and promises to be the defining event of the cloud computing industry. Learn about the latest cloud technologies and platforms from thought leaders in Cloud Connect’s comprehensive conference.

Register Now!

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up

Vendor NewsFeed

More Vendor NewsFeed »

Security
R E V I E W  
Application-Level Firewalls: Smaller Net, Tighter Filter

  March 21, 2003
  By Mike Fratto


>> continued from previous page

Secure Computing Corp.
TOC Issue TOC
Printer Print full article
Printer Print this page
Printer Download as PDF
E-Mail E-Mail this URL
Discuss Discuss this article
flame author Flame the author
 
  In this article
arrow
 Introduction
arrow
 Testing App-Level Firewalls
arrow
 Secure Computing Corp.
arrow
 Check Point Software Technologies FireWall-1 NG FP3
arrow
 Other Products Reviewed
arrow
 Executive Summary
arrow
 How We Tested
arrow
 Glossary & Web Links
arrow
 Report Card

Sidewinder G2 Sidewinder G2 is the first new version from Secure Computing since the purchase of the Gauntlet firewall from Network Associates. Sidewinder still installs with a hardened BSDI 4.3 OS with type enforcement, but nearly all configuration is done through the installation wizard or the Sidewinder management GUI. Gone are the days when you had to be a Bind/DNS/Sendmail guru to properly set up the firewall. Secure Computing has done a nice job of easing the product's installation process while preserving its security strengths.

About the only security problem we found is that the HTTP proxy doesn't support URL string pattern blocking. Such support is handy as a stopgap to block the latest URL-specific worm while you are patching your Web servers. But aside from a couple of foibles, Sidewinder still strikes a nice balance between protection and performance.

Sidewinder's protections come from its application proxies. It provided the best protection mechanisms for both H.323 and DNS. Sidewinder can selectively block H.323 codecs and T.120 functions, such as chat, application sharing and videoconferencing. This provides much finer control over how H.323 is used.

For DNS protection, Sidewinder uses a hardened Bind 9 DNS server and it can be configured as a hosted split-DNS or transparent-DNS proxy. Split DNS makes a noncaching DNS server available to the outside world that is used to resolve only those addresses that are published. A second caching DNS server is used for internal clients trying to resolve hosts both internally and externally. Splitting the DNS means external users will never reach internal DNS servers. An added benefit of using Bind 9 is that when the DNS server gets a response to a query that contains an alias (CNAME) to another host name, the DNS server will try to resolve the alias rather than trust the response. That blocked our attempt to poison our internal DNS server. In all the other firewalls we tested, cache corruption of our internal DNS server was successful.



SideWinder Admin Console

click to enlarge
The management GUI is radically different from earlier versions of Sidewinder and does take some getting used to. The only real down side is rule management. Firewall rules are created and then added to groups. Groups are combined into a firewall policy. The order of the groups and the order of the rules in the groups determines the rule order in the resulting policy. When we viewed the active policy, we couldn't edit any of the rules nor could we determine what group a rule belonged to. We had to keep track of it ourselves. We have enough details to remember--the admin console should do that for us. Also, the real-time logging still leaves much to be desired. Manually scanning syslog entries is fine for experienced administrators, but not for novices.

When it comes to performance numbers, the Sidewinder can handle a ridiculous number of concurrent connections--30 KB, second only to the Firebox 4500. Microsoft's ISA came in at a respectable 10 KB. The rate for connections per second came in at 800 in our testing. Sidewinder did a bit better than Check Point's FireWall-1 in the bandwidth test with HTTP application filtering enabled. However, when we ran the same test using stateful packet filtering, it only yielded an increase of 10 Mbps. In comparison, FireWall-1's stateful packet filtering screamed. After working with Secure Computing engineers, we determined the bottleneck was with memory allocation, for which we had no workaround.

Sidewinder G2, Secure Computing Corp., (800) 379-4944, (408) 979-6100. www.securecomputing.com

start top  Testing App-Level Firewalls Check Point Software Technologies FireWall-1 NG FP3 

Research and Reports

Hypervisor Derby
August 2011
Network Computing: August 2011

Video


WATCH: Box.net CEO Aaron Levie Takes On Microsoft

WATCH: HP Chairman Ray Lane: Focus On Innovation

WATCH: How OpenFlow Changes Networking


View All Videos
Previous Page First Page Second Page Third Page Next Page

Most Popular

Stories Blogs

More Stories »

Featured Whitepapers

Featured Reports

BlogRoll

TechWeb Careers