Sidewinder G2 Sidewinder G2 is the first new version from Secure Computing since the purchase of the Gauntlet firewall from Network Associates. Sidewinder still installs with a hardened BSDI 4.3 OS with type enforcement, but nearly all configuration is done through the installation wizard or the Sidewinder management GUI. Gone are the days when you had to be a Bind/DNS/Sendmail guru to properly set up the firewall. Secure Computing has done a nice job of easing the product's installation process while preserving its security strengths.
About the only security problem we found is that the HTTP proxy doesn't support URL string pattern blocking. Such support is handy as a stopgap to block the latest URL-specific worm while you are patching your Web servers. But aside from a couple of foibles, Sidewinder still strikes a nice balance between protection and performance.
Sidewinder's protections come from its application proxies. It provided the best protection mechanisms for both H.323 and DNS. Sidewinder can selectively block H.323 codecs and T.120 functions, such as chat, application sharing and videoconferencing. This provides much finer control over how H.323 is used.
For DNS protection, Sidewinder uses a hardened Bind 9 DNS server and it can be configured as a hosted split-DNS or transparent-DNS proxy. Split DNS makes a noncaching DNS server available to the outside world that is used to resolve only those addresses that are published. A second caching DNS server is used for internal clients trying to resolve hosts both internally and externally. Splitting the DNS means external users will never reach internal DNS servers. An added benefit of using Bind 9 is that when the DNS server gets a response to a query that contains an alias (CNAME) to another host name, the DNS server will try to resolve the alias rather than trust the response. That blocked our attempt to poison our internal DNS server. In all the other firewalls we tested, cache corruption of our internal DNS server was successful.
The management GUI is radically different from earlier versions of Sidewinder and does take some getting used to. The only real down side is rule management. Firewall rules are created and then added to groups. Groups are combined into a firewall policy. The order of the groups and the order of the rules in the groups determines the rule order in the resulting policy. When we viewed the active policy, we couldn't edit any of the rules nor could we determine what group a rule belonged to. We had to keep track of it ourselves. We have enough details to remember--the admin console should do that for us. Also, the real-time logging still leaves much to be desired. Manually scanning syslog entries is fine for experienced administrators, but not for novices.
When it comes to performance numbers, the Sidewinder can handle a ridiculous number of concurrent connections--30 KB, second only to the Firebox 4500. Microsoft's ISA came in at a respectable 10 KB. The rate for connections per second came in at 800 in our testing. Sidewinder did a bit better than Check Point's FireWall-1 in the bandwidth test with HTTP application filtering enabled. However, when we ran the same test using stateful packet filtering, it only yielded an increase of 10 Mbps. In comparison, FireWall-1's stateful packet filtering screamed. After working with Secure Computing engineers, we determined the bottleneck was with memory allocation, for which we had no workaround.
REPORTS
Analyize In-Line NAC strategies and products.
ANALYTICS Plan and design your enterprise blade server deployments
InformationWeek U.S. IT Salary Survey 2008
Salaries for business technology professionals are falling. Here's what you need to know in order to make good hiring decisions and personal career choices. Purchase Today: $299
Sidewinder G2 Sidewinder G2 is the first new version from Secure Computing since the purchase of the Gauntlet firewall from Network Associates. Sidewinder still installs with a hardened BSDI 4.3 OS with type enforcement, but nearly all configuration is done through the installation wizard or the Sidewinder management GUI. Gone are the days when you had to be a Bind/DNS/Sendmail guru to properly set up the firewall. Secure Computing has done a nice job of easing the product's installation process while preserving its security strengths. 
Sidewinder's protections come from its application proxies. It provided the best protection mechanisms for both H.323 and DNS. Sidewinder can selectively block H.323 codecs and T.120 functions, such as chat, application sharing and videoconferencing. This provides much finer control over how H.323 is used.
REPORTS
ANALYTICS
Follow 
