ENTERPRISE SECURITY
Firewall: Check Point FireWall-1 3.0
W
ith the release of version 3.0 of FireWall-1, Check Point Software Technologies has solidified its lead in the increasingly competitive firewall market. Check Point has built its reputation on the power and flexibility of its Multilayer Stateful Inspection (MSI) architecture, which is combined with an excellent GUI that bridges the gap between security policy and reality. Check Point also continues to add to a long list of partners and third-party developers that provide enhancements to FireWall-1. Additionally, the FireWall-1 code has been ported to Bay Networks routers and Xylan Corp. switches.
By providing application programming interfaces (APIs), such as the Content Vectoring Protocol (CVP), Check Point has eased integration wit
h URL list-service vendors NetPartners (with its WebSense) and Netegrity for Microsystems (with Cyberpatrol). This makes it possible to load the URL filters provided by these vendors into Check Point's high-performance MSI engine. The CVP API also provides integration with a choice of lead
ing antivirus vendors, such as Cheyenne Software, McAfee, Symantec Corp. and Trend Micro. By press time, this technology should let FireWall-1 scan for viruses before they're downloaded from the Internet onto desktops. Cheyenne's InocuLAN antivirus software will be bundled with FireWall-1 3.0, while other antivirus products will be third-party add-ons.
Check Point has been a leader in providing quick filters for the latest Internet protocols, including RealAudio, CoolTalk, StreamWorks and NetMeeting, as a downloadable patch from its Web site, often within days of the application's release. Check Point had been lagging some of the application proxy-based products, however, when it came to more advanced filtering for prot
ocols such as Simple Mail Transfer Protocol (SMTP) and FTP. Version 3.0 changes that by providing a finer level of filtering for SMTP and FTP that rivals application proxies, without compromising performance. With SMTP, for example, it is now possible to hide "from" addresses and filter on attachments. The FTP application now allows specific restrictions on "puts" and "gets."
The new ConnectControl option provides load-balancing as well as fault tolerance for servers. The load-balancing feature lets you have one address for multiple servers behind the firewall. The load is balanced transparently among all the servers. The fault-tolerance feature lets multiple firewalls share mirrored state tables, so if one firewall fails, another can take its place.
Honorable mention CyberGuard Firewall 3.0 from CyberGuard Corp. is an application proxy-based product that provides a full set of proxies, built on an OS that's been hardened to military specifications. It also has an intuitive user interface that goes he
ad-to-head with FireWall-1's. With it, your security policy laid out nicely with a judicious use of color and graphics, and administrative chores, including networking configuration, can be accomplished without updating numerous text files and scripts. CyberGuard also gives you the option of p
erforming encryption on a hardware card, off-loading the burden from the CPU.
Check Point FireWall-1 3.0
, $2,995 to $18,900,Check Point Software Technologies, (800) 429-4391,
www.checkpoint.com
Honorable Mentions:
CyberGuard Firewall 3.0
, $9,995 to $19,995, CyberGuard Corp., (800) 666-4273 Ext. 5718,
www.cyberguardcorp.com
Sidewinder Security Server
, $6,900 to $39,900, Secure Computing Corp., (800) 692-5625,
www.securecomputing.com
Awards Table of Contents
|
REPORTS
ANALYTICS
Follow 
