InformationWeek.com

Welcome Guest. | Log In| Register | Membership Benefits

September 14, 1998

Interceptor Offers Firewall Flexibility

Product offers low-priced security

By Keith Schultz

First Look

orried that a sub-$5,000 component could mean millions of dollars in losses to your company? You're not alone. Firewall security devices are a necessary evil among stressed-out IT managers, and worrying about whether you've bought enough protection can keep you up all night. When you make the decision to use a software-based firewall, you're assuming the responsibility of making sure the underlying operating system is secure--and that you've installed the firewall application and set up your security policies correctly.

Firewalls are following an evolutionary path away from the "build-your-own" software solutions to "plug-and-go" black-box hardware. This trend is nothing new; it's happened in other special-purpose devices such as the common router. Off-the-shelf firewall appliances such as the Interceptor Firewall Appliance from Technologic Inc., are designed to do one thing and do it very well.

One of the biggest firewall appliances on the market, the Interceptor Firewall Appliance ($3,995 as tested) is one of the most flexible you'll find. Interceptor is an application and packet-filtering firewall that runs on a hardened BSD Unix kernel in an industrial-strength rack-mount PC. Secure remote management, virtual private networking, and site filtering all come with Interceptor, and its alert mechanisms are the best I've seen. With its low price and solid security, Interceptor can handle everything from small "mom-and-pop" networks all the way up to carrier-class data centers.

Users familiar with Technologic's products will instantly recognize Interceptor. To test the product's protection, I set it up on a LAN made up of two separate 10-Mbps Ethernet networks. On the private (inside) LAN, I had our client PCs running Windows 95 and Netscape Navigator. On the public (outside) LAN, I had other PCs and Web servers standing in for the Internet. I scanned Interceptor using Internet Security Systems' Internet Scanner from a Compaq Proliant 800 on the outside LAN. While I didn't find any vulnerable points, Interceptor did allow most of the services on the firewall, such as the HTTP and DNS daemons, to be discovered.

Fortunately, ISS wasn't able to compromise the integrity of the firewall at any time. Interceptor comes with a standard set of predefined policies, and by using Radar--the Web-based management console--you can easily add or change a policy to suit your network's needs.

You can also have Interceptor filter URL and Network News Transfer Protocol traffic to keep users from browsing non-business related Internet sites, but this feature costs extra. Like Sonic Systems Inc.'s Interpol, another firewall appliance, you can set up Interceptor to prevent Java and ActiveX applets from entering your LAN.

Because of the nature of the operating system, you can have a wide array of network interfaces installed in the chassis. Interceptor comes with two 10/100-Mbps Ethernet adapters installed--but if you use four-port Ethernet cards, you can have up to 12 Ethernet segments in a single unit. You can also install FDDI, token ring, or T1 cards in the unit.

In the past, Interceptor didn't support network address translation, but that support is now a standard part of the system, along with Point-to-Point Tunneling Protocol and Web caching. Virtual private networking is available for Interceptor--but like the content filtering option, it costs extra.

Installation of Interceptor was straightforward but had a little twist. Before you power on your firewall, you have to create a "setup floppy" using the Interceptor Setup Wizard software. Make sure you have all of your pertinent IP information ready before you begin.

After you create the setup disk, you start Interceptor, then insert the disk in the diskette drive after you hear three beeps. This writes the initial configuration to Interceptor and sets up the IP addresses for the interfaces. The remainder of the configuration is done through Radar.

You use Radar to set your access policies, as well as impose user restrictions such as time of day and application. Radar is basically unchanged from the last time I used it: It can still be a bit hard to navigate. You can now perform all of your firewall configuration through this administrative interface.

Interceptor provides a host of administrator alerts. It will notify you by E-mail, pager, Simple Network Management Protocol, and broadcast message when it triggers an alarm. Interceptor keeps you informed of your firewall's activity by creating both daily and weekly logs. Because Radar is HTML-based, you don't get true real-time reporting. You have to refresh the view to get the most current activity.

If you're looking for rock-solid firewall protection with some added bells and whistles, all at a very reasonable price, look no further than Interceptor. Excellent protection, a wide range of network support, and terrific logging and alerting highlight this firewall appliance.

Keith Schultz is president of NetData Consulting Services Inc., a Destin, Fla.-based LAN/WAN consulting firm. You can reach him at kschultz@destin.net.