Upcoming Events

Executive conference

Cloud Connect March 16-18

Comprehensive thought leadership for executives, IT professionals and developers. Topics include: the ROI, cost and economics of on-demand computing; Migration strategies to move from on-premise to cloud-based IT; Vertical cloud specialization, tailoring features and architectures to specific applications, industries, and customer ecosystems

More Events »

Subscribe to Newsletter

  • Keep up with all of the latest news and analysis on the fast-moving IT industry with Network Computing newsletters.
Sign Up




Seven Firewalls Fit for Your Enterprise

By Peter Morrissey
our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at www.networkcomputing.com /express/
 We hardly need to tell you that firewalls are an important first line of defense against unauthorized attacks on your network. You're aware that without one, the very same networking that provides such easy access to vital data for your enterprise users also provides a convenient opportunity for anyone else on the network to poke and probe for known vulnerabilities or find new ones. This convenient access, coupled with the notoriously flimsy security features in operating systems such as Unix and NT, adds up to a disaster just waiting to happen. Any firewall will give you a centralized point from which to control that access; a good firewall will also let you achieve the delicate balance between desirable and undesirable data accessibility.

To view the Report card.
But as necessary a tool as a firewall is, it's not a panacea for a much more complicated set of issues. For example, once you select a firewall, plan to spend a lot more time figuring out how much access you want to provide through it. You also need to get a handle on the OS vulnerabilities on each individual system, because even the best firewalls must permit some degree of access that, if subverted, would make everything inside fair game to prying eyes. Fortunately, several tools can help you with this awesome task (see "Holy Intruders!: IP-Based Security Auditing Tools," at www.networkcomputing.com/913/913r1.html).

In the time since we last reviewed firewalls (see "Fortifying Your Firewall" at www.networkcomputing.com/803/803f1.html), new vendors have jumped in to capitalize on increased recognition among users of the need for these security products. This time, we decided to focus on firewalls with excellent performance and management features that would make them suitable for installation in enterprise environments. We identified eight vendors we thought could meet these criteria and sent each an invitation, clearly outlining our testing requirements. Seven of the eight--AXENT Technologies (which presented Raptor Firewall), Check Point Software Technologies (FireWall-1), Cisco Systems (PIX Firewall 520), CyberGuard Corp. (Firewall), NetGuard (Guardian), NetScreen Technologies (NetScreen-100) and Secure Computing Corp. (SecureZone)--accepted and came to one of our Real-World Labs® at Syracuse University. Only Network Associates declined to submit a product; the vendor did not give a reason for its decision.

After investigating the products' performance and management features, and their respective abilities to distinguish between valid and unauthorized network access, we felt that all seven give the maturing firewall market a good name. Check Point's FireWall-1 offered the best overall performance, management and logging features, and it receives our Editor's Choice award. Check Point's superlative firewall policy management occurs via an interface that simplifies administration through its practical use of color and graphics. In addition, its logging and monitoring were superior.

We were also very impressed with AXENT's Raptor and its powerful proxy applications. But all seven of these best-of-breed products have something valuable to offer; your individual needs will ultimately determine which is best for you.

Each vendor installed its product on the OS and hardware platform it preferred. Check Point, AXENT and CyberGuard all offer Unix and NT versions and had to choose between them. Given our emphasis on performance, we were not surprised when all three vendors selected Unix. CyberGuard and Secure Computing arrived with their own "hardened" versions of Unix installed on Intel platforms. Only NetGuard presented an NT-based product for testing. Cisco's PIX, which also happened to use Intel hardware, runs its own proprietary OS and is essentially a "black box" solution. Another black box solution was presented by NetScreen, which uses proprietary ASICs.


For an Adobe Acrobat format version of theFirewall Features Chart, click here.


For the Side Bar on

How We Tested Firewall Performance

The pros and cons of proxies and stateful inspection


Related Links

NAV Now Reduces Mail-Borne Viruses
September 15, 1998

Wanted Dead or Alive: The Antivirus Shoot-Out
September 15, 1998

ADI-4500 VPN Switch Is a Mixed Bag
October 1, 1998

Improving Data Access Security
October 15, 1998

RFP: Managed Firewall Services
November 1, 1998


Other Features

NT 5.0: Everything But thr kitchen Sink
By Art Wittmann
NT 5.0 Testing: Nice Faucets, Lousy Plumbing
By James E. Drews and Mike Lee

Company Directory
to browse our data, starting with a particular company.

Network Computing Links
allows you to request additional product information from our advertisers.

Print This Page


e-mail E-mail this URL

Best of the Web

Data deduplication: Declawing the clones

Data deduplication is emerging as a critically important new arrow in the storage administrator's quiver to answer hard questions about the increasing problem in storage growth costs.

Quick Read

Compression, Encryption, Deduplication, and Replication: Strange Bedfellows

One of the great ironies of storage technology is the inverse relationship between efficiency and security: Adding performance or reducing storage requirements almost always results in reducing the confidentiality, integrity, or availability of a system.

Quick Read

WAN Optimization Whitelists and Blacklists

Optimization is a fantastic way of saving money and creating really happy customers at the same time, but it doesn't work flawlessly for all applications.

Quick Read

WAN Optimization as a Managed Service: It's Not About the Cost

This insight examines how organizations outsourcing their WAN optimization initiatives to a third-party go about achieving their goals for application performance, reducing operational costs, and streamlining enterprise infrastructure.

Quick Read

  Sponsored Links

Premium Content

Next Generation Data Center, Delivered, November 17th
NWC


Salary

Video