our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at www.networkcomputing.com /express/

To view the Report card.
But as necessary a tool as a firewall is, it's not a panacea for a much more complicated set of issues. For example, once you select a firewall, plan to spend a lot more time figuring out how much access you want to provide through it. You also need to get a handle on the OS vulnerabilities on each individual system, because even the best firewalls must permit some degree of access that, if subverted, would make everything inside fair game to prying eyes. Fortunately, several tools can help you with this awesome task (see "Holy Intruders!: IP-Based Security Auditing Tools," at www.networkcomputing.com/913/913r1.html).

In the time since we last reviewed firewalls (see "Fortifying Your Firewall" at www.networkcomputing.com/803/803f1.html), new vendors have jumped in to capitalize on increased recognition among users of the need for these security products. This time, we decided to focus on firewalls with excellent performance and management features that would make them suitable for installation in enterprise environments. We identified eight vendors we thought could meet these criteria and sent each an invitation, clearly outlining our testing requirements. Seven of the eight--AXENT Technologies (which presented Raptor Firewall), Check Point Software Technologies (FireWall-1), Cisco Systems (PIX Firewall 520), CyberGuard Corp. (Firewall), NetGuard (Guardian), NetScreen Technologies (NetScreen-100) and Secure Computing Corp. (SecureZone)--accepted and came to one of our Real-World Labs® at Syracuse University. Only Network Associates declined to submit a product; the vendor did not give a reason for its decision.

After investigating the products' performance and management features, and their respective abilities to distinguish between valid and unauthorized network access, we felt that all seven give the maturing firewall market a good name. Check Point's FireWall-1 offered the best overall performance, management and logging features, and it receives our Editor's Choice award. Check Point's superlative firewall policy management occurs via an interface that simplifies administration through its practical use of color and graphics. In addition, its logging and monitoring were superior.

We were also very impressed with AXENT's Raptor and its powerful proxy applications. But all seven of these best-of-breed products have something valuable to offer; your individual needs will ultimately determine which is best for you.

Each vendor installed its product on the OS and hardware platform it preferred. Check Point, AXENT and CyberGuard all offer Unix and NT versions and had to choose between them. Given our emphasis on performance, we were not surprised when all three vendors selected Unix. CyberGuard and Secure Computing arrived with their own "hardened" versions of Unix installed on Intel platforms. Only NetGuard presented an NT-based product for testing. Cisco's PIX, which also happened to use Intel hardware, runs its own proprietary OS and is essentially a "black box" solution. Another black box solution was presented by NetScreen, which uses proprietary ASICs.