Network Computingwww.networkcomputing.com

 The sun is out, the birds are singing and we're lacing up our 'blades for a few hours of skating. Rollerblading is rough on the feet--your toes take a lot of abuse encased in stiff plastic and mylar netting.

For relief, well-padded cotton socks do the trick--a simple, functional, utilitarian solution. Just slip 'em on and forget 'em.

Network security solutions would do well to follow this example: Keep it highly functional and simple in design. Add thorough logging and secure management, and it's much easier to tailor your security architecture.

To view the Report card.When it comes to network security, firewalls solve many problems--and raise some, too. They keep the bad guys out, but also block legitimate users, or at least make it more difficult to gain access.

You could open holes in your firewall to let authorized users access resources from outside the network, but you also risk intruders sneaking through. Many firewalls have custom clients that will secure traffic over the firewall, but they add management complexity.

Here's where you can take a page from the 'bladers' book, and look for well-chosen socks--Socks 5, or the Authenticated Firewall Traversal protocol. It provides a way to securely allow users access across a firewall, regardless of direction, via a standard protocol. (For more information about Socks, see "Socks Version 5: The UnFirewall" at www.networkcomputing.com/905/905ws1.html.)

Socks 5 proxies sit between users and network servers. Unlike standard network requests, in which users access servers directly, users connected to a Socks 5 server pass (or proxy) requests to the server--end users never are connected directly to servers that are proxied. In this model, the Socks 5 proxy server can enforce user-access control policies, such as filtering destinations based on address and domain name. It also allows for content filtering.

Like all network and security devices, Socks servers require specific features for successful deployment: strong management, thorough logging and robust security. If you leverage network services such as user directories and SNMP management, it's a good indication that you'll be able to install and scale the server with little impact on your network.

For this review, we requested Socks 5 proxy servers that support RFC 1928, Socks Protocol Version 5 and RFC 1929 Username/Password Authentication for Socks 5. While you have the option to implement Socks 5 without authentication, doing so essentially defeats the purpose.

We tested Aventail Corp.'s Aventail VPN Server 2.6, Deerfield.com's WinGate 2.1 and Netscape Communications Corp.'s Proxy Server 3.5. Aventail's VPN Server took top honors with exceptional support for strong authentication and encryption, excellent access control, leverage of network services and a host of other features. Deerfield.com's WinGate and Netscape's Proxy Server both support RFC 1928 and RFC 1929, but neither offers data encryption or strong authentication via Socks 5.