Are all-in-one firewall devices responsive to the needs of small and midsize organizations? For those who are responsible for managing the corporate network for business-to-business Today's business school is probably secure - data security is a top issue in every situation.
& nbsp; | |
& nbsp; |
One of the most effective and most commonly used tools is to use a fire wall to control external access to the intranet and to / from the network. However, investing in a firewall is expensive, especially for small and medium-sized businesses. In this case, perhaps the solution to a device that can handle every security function is the most reasonable. This all-in-one security appliance must meet the most demanding enterprise data security and security requirements without the hassle of expensive and complex equipment. add a full time staff. This is very necessary in the current state of the Internet, which is full of threats such as worms, programs that infiltrate and steal information and vulnerabilities in operating systems and applications.
The article presents the latest firewall products from three vendors in Vietnam: Check Point Safe @ Office, Juniper Netscreen-5GT Enhanced, and SonicWALL Pro 2040.
Testing shows that manufacturers not only have different definitions around security, but they also have very different opinions about what defines 'devices'.
Check Point SAFE @ OFFICE 225
Belonging to expensive security products and running the operating system, Check Point's Safe @ Office, except for the hard-to-find name, is an excellent player on the small office firewall. and family (SOHO - Small Office / Home Office).
& nbsp; | DO IN A VPN CONNECT | & nbsp; | |
& nbsp; | VPN connectivity consists of two phases, each setting up its own encryption and authentication protocol. Stage 1 establishes an IKE (Internet Key Exchange) channel. Phase 2 is the IPSec channel, which acts as an armored vehicle running along the protected phase 1 ramp. Phase 2 sends data, protecting the data under two separate encryption classes. When the first phase is finished, the heaviest part of the work is finished, with the increase in the number of channels in the second phase, which adds only a negligible load to the firewall. | & nbsp; | |
& nbsp; |
& nbsp; | & nbsp; |
In fact, it's the most configurable of the six products, more impressive when you discover it runs Check Point's most powerful and powerful Firewall 1 platform. Although running Firewall 1 inside, Safe @ Office management is not complicated, thanks to the well-designed web interface. The 'Services' tab contains most of the Safe @ Office administrative features, including dynamic DNS, dynamic VPN, and anti-virus in e-mail. These features are connected via the Internet to Check Point's servers for automatic updates and help with setup.
& nbsp; | |
& nbsp; |
Although the device is powerful enough to protect a large enterprise network, it is only in the SOHO family. Check Point limited to 10 concurrent connections (test equipment); and 10 VPN connections, including both LAN-to-LAN connections and client-to-LAN connections. With a SOHO scale, Safe @ Office makes it easy to manage network security.
Features of & nbsp; Check Point is a very stable connection. The standard of a VPN connection may be IPSec - free download from Check Point - or PPTP (Point to Point Tunneling Protocol), which means that it supports Microsoft VPN. In addition, clients can be authenticated based on an internal database or a RADIUS server. This device also allows for static routing, which means that you can have multiple subnets behind the firewall as well as routing functions.
The process of testing shows that Safe @ Office is indeed a very effective firewall. It prevents simulated attacks and repels all 'sneaky' pings from the WAN to the DMZ or LAN.
Safe @ Office has its own antivirus solution. This device transfers email messages to a Check Point server to scan for viruses, and then sends them to destination addresses. This explains why a small CPU can perform many services at the same time, but this also means that Safe @ Office can not check the downloaded viruses before installing the device.
The final conclusion? Check Point has taken the bones of its well-known Firewall product to build Safe @ Office. With a user-friendly and focused interface that handles advanced features such as antivirus, web filtering and dynamic DNS at Check Point servers, Safe @ Office has a number of sophisticated features that are low cost, in return. Users must depend on Check Point's services.
& nbsp; |
Juniper Netscreen - 5GT Enhanced
The small box NetScreen-5GT Enhanced makes a good impression by integrating all the features that users require in a security device, including: firewall, VPN, intrusion detection and antivirus. But its price is very attractive, 495USD (US price) for 10 VPN connections.
& nbsp; | |
& nbsp; |
The NetScreen-5GT Enhanced main interface is well-designed, so you do not have to dig into the inside if you just look at the firewall's state of the art and the device's ability to respond in situations. emergency. In addition to the basic functions, NetScreen also provides protection against common attacks, including WinNuke, ICMP / UDP and SYN, Java / ActiveX and much more.
This device displays pre-response attacks in the form of a menu, you can set it to just sound an alarm or start removing destructive packets, in this mode the device prevents are all common attacks in the testing process.
The antivirus capabilities of this device are also impressive. Like Check Point's Safe @ Office, NetScreen antivirus is handled by Juniper's subscription service and partner, TrendMicro. This device distinguishes the antivirus settings for webmail and POP3 / SMTP e-mail services, but it does not support antivirus for IMAP users.
Similar to the best-rated device this time, NetScreen's VPN feature has gone through a very smooth test, processing all 20 VPN channels without any hassle.
NetScreen is fully capable of protecting SOHO networks or small and medium enterprises, & nbsp; About 50 machines. This device not only supports connection to multiple ISPs for backup but also dial-up connections in the event of a WAN connection being interrupted. Another example is the Web content filtering feature that allows NetScreen to access WebSense's subscription service to create a list of blocked or accessible websites (for a fee).
& nbsp; | HOW TO TEST TEST CENTER - INFOWORLD | & nbsp; |
& nbsp; | Although manufacturers integrate different features in their 'All-in-One' firewall, the test focuses on only three core areas: VPN performance, room availability Against attacks and viruses. | & nbsp; |
The only feature not found on other devices is NetScreen's routing capability. All devices tested have static routing, but only NetScreen is able to add 'source routing' declarations, so that the user knows where the route comes from and where the source comes from. OSPF (Open Shortest Path First), Routing Information Protocol (RIP), BGP (Boundary Gateway Protocol), or static routing. This is really a function of high-end firewall integrated into an easy-to-use device.
Sonicwall PRO 2040
This medium-sized business firewall can meet all your requirements, so you can easily spot it when you get it out of the box, put it on a desk, on a shelf, or fit in a 1U rack. be whole. The SonicWALL Pro 2040 incorporates SonicWALL's new SonicOS expansion-based OS and a well-loadable hardware architecture, as long as you configure it right, of course not.
& nbsp; | & nbsp; | PRODUCTS IN THE VIETNAM MARKET | & nbsp; |
& nbsp; | & nbsp; | Security is currently a hot issue in our country, so if you are interested can find out information of products that are officially available in Vietnam through the distributors. | & nbsp; |
When used, users have to install the new SonicWALL expansion OS to take advantage of advanced features such as connecting to multiple ISPs for backup, load balancing with other Pro 2040s, setting policy based NATs and backup WAN connection.
Although it is possible to operate the Pro 2040 without the SonicOS Enhanced operating system, you must install the OS to enable the device's fourth port. This port has the functionality of a WAN, LAN, or DMZ port, or connects to another Pro 2040 device for redundancy. SonicWall is not inferior to its competitors, it also integrates anti-virus and content filtering functions.
Pro 2040 is quite satisfying, for example, it is equipped with a processor only for each encryption task so performance is no different when using AES-256 or 3DES encryption. A series of attack simulators as well as virus-blocking attempts are blocked by the firewall. However, for $ 1995 (US price), Pro 2040 should have more attractive features than NetScreen-5GT, the price is only 495 USD
Quoc Thanh
Infoworld
