For
CyberwallPLUS will protect your network from denial-of-service attacks, including SYN flooding, IP Spoofing, Land, Smurf & Fraggle, Ping of Death and Teardrop.

Against
None.

Verdict
This is an ideal product for a global, corporate network, with a firewall to address the security vulnerabilities of each network component. If you are concerned about system overheads on your perhaps already overstretched network, you will be interested to know that CyberwallPLUS's stateful inspection runs as a kernel-mode application at the core of the operating system.

CyberwallPLUS is in fact four products in one, providing network security from the perimeter down to the server level. A straight talkin', straight shootin' sheriff for your Windows NT/2000 servers in an electronically open organization. A "king of the wild frontier" as it were. Not the twitchy, bandy-legged sheriff, but the mean guy with the long coat, the long rifle and the long cigar.

In one sense, it is quite unusual to be reviewing a product of this stature because I cannot believe there is any manager of a corporate network who does not have a fairly decent firewall system in place. On the other hand, perhaps the current in-situ firewalls are not hitting the high C's and some worried network managers need to go back to the Ladybird Guide to computer security and start over again with a different product. I don't envy them this task, but if it's got to be done, it's got to be done. Perhaps I would prefer to be the lucky jerk who has just got around to examining the whole concept of firewalls for the very first time. At least he or she only has to do, and not undo first. Not that I am suggesting that everyone rush out and buy CyberwallPLUS; this is an independent review after all, not a sales pitch.

As I already mentioned, CyberwallPLUS is really four different firewalls, each addressing the security requirements of different yet vulnerable components of your network. CyberwallPLUS-SV protects your information and application servers from network-based attacks and intrusions by Internet, intranet and extranet users, while CyberwallPLUS-WS is a desktop security solution with an ICSA certified packet filter engine, allowing you to implement security policies that hide and protect desktops from network intruders. CyberwallPLUS-IP will secure your high-speed Internet connections, providing you with fine-grain access controls, network address translation, comprehensive traffic logs and intrusion detection. Finally, CyberwallPLUS-AP will secure your high-speed departmental LANs. Operating as a transparent bridge, it supports 10/100Mbps Ethernet and will secure IP and non-IP protocols.

The important thing to remember is that these are all packet-filtering firewalls employing the stateful inspection algorithm, and offering real-time intrusion prevention. As it says on the box, "hacking a computer or network should be hard and protecting one should be easy." With the proliferation of "how to hack" sites giving step-by-step instructions that should be the envy of many heavy-duty security product user manuals, one wonders who will win the battle for simple instructions.

Notwithstanding, CyberwallPLUS does come with pre-defined security templates, a Windows NT/2000 type user interface and a central management utility, which might earn it some type of military decoration.

Doubtless, the above formula is exactly what an enterprise network needs today. In fact, Network-1 and I seem to be in agreement when it comes to understanding (or should I say trying to understand?) what passes for a network today. In the old days (three to five years ago!) things were simpler, but now the neural network of the brain must seem simple in comparison to some enterprise-wide configurations, crossing borders and continents, and utilizing every piece of hardware and software under the sun. As I have said before in this magazine, network security is not email security, web security or remote access security. It's not even all these rolled into one. It is an entity unto itself, incorporating all of the above, but with so many exceptions, inclusions, permutations and special cases that really, a security guide could be written for every network in existence and be unique in each case. The traffic is moving both ways, but congestion is on the increase and navigation is becoming more and more daunting.

Network-1 point out that traditional firewalls were designed more for Internet security than network security, focusing only on IP perimeter traffic, but that now this is not enough. With the proliferation of e-commerce, network perimeters have in effect dissolved and consequently firewalls "are too rigid to adapt to the complexity of internal networks where multiple protocols are the standard." So, CyberwallPLUS has in fact evolved in tandem with network evolution itself.

The multi-level security provided by CyberwallPLUS targets the data link, network, transport and application layers. Data link filtering deals with traffic-based source and destination addresses, while network packet filtering looks at traffic based on protocol identifiers, and on source and destination addresses contained within the protocol's packet. Transport packet filtering targets traffic based on protocol identifiers, and application packet filtering, the packet traffic based on the application identifier contained within a protocol packet. The protocols page (screen) has an icon for each layer mentioned for ease of selection and configuration. So, for instance, if you select a network layer protocol, such as IP, the entries show the transport layer protocols available for IP. If you select a transport layer protocol, such as TCP, the entries show the application layer protocols available for TCP. CyberwallPLUS intrusion detection tools specifically target three main types of intrusion: unauthorized access through neglected IP, UDP and TCP protocol ports, unauthorized access through the use of unrecognized hosts and unauthorized network probes.

Traffic filtering encompasses stateful packet filtering and stateless packet filtering for both connection-oriented and connectionless protocols. While the connection-oriented protocol is inherently stateful and therefore suitable for stateful inspection, CyberwallPLUS "wraps" a virtual connection around connectionless protocols to give them a transactional state in order that their source and destination can be recorded. The benefit of stateful inspection is that a wide range of application traffic can pass securely through the firewall, while rogue programs cannot interfere with connections or hijack sessions once a connection is made. A timeout connection period is also recorded for any packet allowed across the firewall. If this is exceeded, the connection is closed, thus trapping connectionless protocols such as ICMP for stateful packet inspection.
 

SC On-Line
SC Magazine
www.scmagazine.com