Low-cost firewall appliances challenge pricey security platforms

Free Newsletters

Log-in | Register

Low-cost firewall appliances challenge pricey security platforms Our attack tests show that simplicity doesn’t always come at the expense of speed and a strong defense
By Oliver Rist , Wayne Rash August 08, 2003			E-mail Printer Friendly Reprints Slashdot It!

For businesses large and small, firewalls mean more than network security, they also mean unknown amounts of network downtime during configuration and loads of extra expense for consultants and hardware fees. If you need more than traditional firewalling, such as the ability to secure IP telephony or protect application traffic, the solutions become even more expensive and difficult to configure.

Free IT resource

TechNet: More ways to know it, share it, and keep it running.

Sponsored by InfoWorld

DOWNLOAD REPORT


Looking for this InfoWorld Special Report in one complete, printable format? Download it for free. >> Special Report: Firewalls

Enter the firewall appliance. Previously, these machines represented basic firewall functionality with a concentration on increasing ease of use, thus allowing ordinary IT mortals — instead of expensive network security specialists — to configure and manage them. Now, along with offering straightforward setup, these devices have gotten smarter, incorporating the ability to defend against certain application-layer attacks, and branching out into areas traditionally reserved for more advanced and resource-hungry security products.

How far have firewall appliances come? To find out, we tested three in this roundup — the low-cost Ingate Firewall 1400; the even more affordable Toshiba Magnia SG20, which runs Astaro Security Linux; and the pricier Nokia IP380, which incorporates Check Point’s firewall and VPN software. To help flesh out the key differences between the appliance and the traditional firewall router, we also reviewed one of the latter, the Enterasys XSR-3250. The Enterasys promises tremendous power and flexibility, and like the Nokia, it has a price to match.

We tested our firewalls using Ixia Communications’ Ixia 1600 traffic-generation chassis and WebLoad testing software. WebLoad not only establishes throughput baselines based on real-world traffic flows but also generates a variety of attack streams. We tested each firewall’s performance and defense capabilities by generating stateful traffic, using a mix of protocols and seeing how each responded to four application-layer attacks: the Ping of Death, Smurf, Syn, and Teardrop.

In addition to evaluating performance under load — how well the firewall continued to process legitimate traffic while under attack — we scored our four competitors on the basis of the total volume of traffic it could handle, the amount of effort and time required to configure the device, and the quality of the tools the vendor provided for long-term device management.

Among our appliance contenders, the Toshiba stood out in all categories, including performance, ease of use, and price. The Ingate performed adequately, but it was a step or two behind the Toshiba in performance, security, and manageability. The Nokia also performed well but not as well as expected, considering its high-end Check Point software and high price tag, and the difficulty of configuring it without Check Point expertise. The Enterasys security router performed as expected; as is the Nokia, it’s expensive and difficult to configure, but it blew the doors off the appliances in our performance tests.

Firewall Phone Home

Ingate’s Firewall 1400 is the company’s midrange product aimed at medium to large networks. It performs all the standard firewall functions you’d expect. You can use it to deliver DHCP services, perform NAT, and support as many as 100 VPN tunnels. And of course, the Firewall 1400 also performs packet filtering and stateful inspection. Equally important in today’s environment, the device is designed to handle DoS (denial of service) and DDoS (distributed denial of service) attacks by dropping the offending packets.

Configuring the Firewall 1400 is fairly simple, although it could be a little easier. Unlike the Toshiba appliance, in which setup is accomplished entirely from the supplied Web browser interface, Ingate forces you to first access the box via a console cable to set basic IP addressing and password information at the command line. After basic setup, further configuration and management is handled by an easy-to-use Web-based GUI. This isn’t the sexiest GUI on the planet; using it feels a lot like filling out tax forms on the Web. But it’s functional, intuitive, and complete.

Continued
1 | 2 | 3 | 4 | Next Page »

Nokia IP380

Nokia Americas, nokia.com

Very Good 7.3

criteria	score	weight
Security	8	25%

Management	8	20%

Ease-of-use	6	15%

Scalability	8	15%

Setup	6	15%

Value	7	10%

Cost:
$9,995 base price; $9450, unlimited Check Point Firewall-1/VPN-1 License

Bottom Line:
Nokia's IP380 may not be an appliance, but it still represents a robust firewall and VPN concentrator for high-end businesses. Its dependence on Check Point's Firweall-1/VPN-1 platform means not only added licensing costs, but also that a skilled Check Point administrator is required to configure it. Nevertheless, this security platform can protect anything from a small business to a large enterprise network.

About our Reviews and Scoring Methodology

Enterasys XSR-3250 Security Router

Enterasys Networks, enterasys.com/

Very Good 7.7

criteria	score	weight
Security	9	25%

Management	8	20%

Ease-of-use	6	15%

Scalability	9	15%

Setup	6	15%

Value	7	10%

Cost:
$9,995 base price; $1,495, firewall featrue set; $5495, VPN feature set

Bottom Line:
A classic security gateway, the Enterasys XSR-3250 is powerful and pricey. If you don't require appliance-like ease of configuration and management, this machine is worth a look. Thanks to GbE capability, it easily led the field in our performance tests, including performance under attack.

About our Reviews and Scoring Methodology

Toshiba Magnia SG20

Toshiba America Information, shoptoshiba.com/

Excellent 8.6

criteria	score	weight
Security	8	25%

Management	9	20%

Ease-of-use	9	15%

Scalability	8	15%

Setup	9	15%

Value	9	10%

Cost:
$2,295 base price

Platforms:
n/a

Bottom Line:
Combining Toshiba's well-muscled hardware platform and Astaro's secure Linux distribution, this product not only surprised us in benchmark testing, but also had the most polished and easy to use Web-based management system we've seen to date.

About our Reviews and Scoring Methodology

Ingate Firewall 1400

Ingate Systems, ingate.com/

Very Good 7.1

criteria	score	weight
Security	7	25%

Management	7	20%

Ease-of-use	8	15%

Scalability	5	15%

Setup	8	15%

Value	8	10%

Cost:
$3,400

Bottom Line:
Ingate's firewall appliance features an easy-to-use Web-based management GUI that can control every aspect of the firewall's configuration and operation, although it's not quite as polished as Toshiba's interface. With performance typical of an appliance, the Ingate managed to defend against all four of our attack scenarios, but overall throughput was significantly hampered by two of them.

About our Reviews and Scoring Methodology

E-mail

Printer Friendly

Reprints

Slashdot It!


	Oliver Rist is a senior contributing editor at InfoWorld. • More of Oliver Rist's column • Oliver Rist's Weblog Newsletter Check out all of our free newsletters! Enter e-mail address: Wayne Rash is an InfoWorld senior contributing editor.

TOP NEWS:

» Four quick tips for choosing an IM security product
71 percent of businesses will invest in real-time messaging this year. If you're one of them, be sure to protect your enterprise

» Forrester analysts ID hot IT jobs
Research group finds 16 IT roles with a promising future

» Nvidia claims 10 hours of HD video on Tegra chip
The Tegra 600 and 650 can be used with hard disk drives and are designed partly for mobile Internet devices

» Database vendors add Google's MapReduce
Greenplum and Aster Data Systems will support Google's programming technique, developed for parallel processing of large data sets across commodity hardware

» Network management: Tips for managing costs
New technologies, changing requirements, and ongoing equipment maintenance and upgrades cost money, but there are ways to manage expenses

» EMC targets SMBs, branch offices with new low-end storage
Celerra NX4 highlights include thin provisioning, snapshot technology for data recovery and backups, and Web-based console for management of storage volumes

REMOTE ACCESS: MAINTAIN SECURITY AND DECREASE THE BURDEN ON IT
Join this interactive webcast to discover how IT Managers can control access rights, end-user security settings and end-point authorization. Sponsor: Citrix(R) GoToMyPC(R) Corporate

» Click here to view this Webcast

The Path to Enterprise Security
This is your comprehensive guide to Enterprise Security. In it you'll find solutions to the most pressing security threats facing you and your company. Learn the latest on insider threats and how to effectively minimize risk within your organization. Sponsored by Nokia

» Click here to download now

- Special Advertising Partners -

WHITE PAPERS

Server Virtualization Planning: 10 Best Practices - Server virtualization allows you to consolidate multiple applications and operating systems onto fewer platforms, saving...
Accelerating Virtualized Environments - Is your organization grappling with the performance challenges of virtualization and IT consolidation? Download this Whitepaper...
Securing the Converged Enterprise II - Securing the converged enterprise has become a multidimensional discipline requiring a centralized, defense-in-depth approach...
Grant Thornton Achieves 99.7% Tracking of Remote Assets - Learn how one of America's largest accounting firms simplified IT asset management nation-wide to reduce loss rates, achieve...
Protecting Data on Laptops: Why Encryption Isn't Enough - Missing laptops continue to be the number one cause of data breaches. Most incidents of theft are the result of careless...
7 Essential Steps to Achieve and Measure Optimal Security Risk Reduction - Whether protecting 5 servers or 5,000, organizations must be able to measure the security status of their infrastructure...

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

Find out when the latest white paper is available:

INFOWORLD MARKETPLACE

Deliver REMOTE SUPPORT Easily. Try WebEx FREE! - DOWNLOAD WEBEX SUPPORT CENTER FREE! Deliver efficient, effective support. CRUSH SUPPORT LOG JAMS!
Migrating to an IP-VPN? XO Can Make It Happen - Learn the five critical success factors with a free whitepaper from XO Enterprise Solutions.
Sign up to TRY WEBEX SUPPORT CENTER FOR FREE! - Get your FULL FEATURED trial here. Share documents and applications, address support challenges.
IP Networks Boost Secure Health Communications - AT&T provides secure communication to keep health care moving forward.
Why a CMDB? - IT best practices (ITIL) have shown the benefits of a CMDB. Click for whitepapers.

» BUY A LINK NOW

TECH WATCH

What's the 411 on GOOG-411?
Just as Google has become synonymous with "performing a Web search," 411 is understood to mean "information" -- as in "what's the 411?" I was thus surprised to discover, from a billboard, no less, that the king of search is taking on the ...

Apple HTML source reveals 'iPhone Extreme'
"This one's a stretch..." reports AppleInsider. Um, yeah. Reporting on HTML code sightings of product names could be called a stretch, but iPhone Extreme has a ring to it. Now, that sounds like the product Apple should have released first, rather ...

COLUMNISTS

Unified under law

(InfoWorld) - In the litigious world we live in, deploying a unified communications platform in your enterprise could...

» MORE COLUMNISTS

MORE INFOWORLD BLOGS

Open Sources

Product Management
When I joined MySQL four years ago, there was quite a lot of debate about product management. We didn't actually have ...

Zero Day

Botnet herders tending smaller flocks
New research backs up the theory that botnet operators are keeping their networks smaller in a continued effort to keep ...

• Advice Line
• Database Underground
• The Deep End
• Enterprise Mac
• Geeks in Paradise
• Grid Meter
• The Gripe Line
• InfoWorld Daily
• Inside IT
• IT Troubleshooter
• ITXtreme
• Open Sources
• ProdBlog
• Real World SOA
• Reality Check
• Security Adviser
• SMB IT
• The Storage Network
• Tech Watch
• Virtualization Report
• Zero Day

RESOURCE CENTER	advertisement
Ads by techwords beta See your link here

GOVERNMENT IT & POLICY
•	'If you don't go after the network, you're never going to stop these guys. Never.'
•	From the State Department, All the News for Inquiring Minds
•	TechPresident, the Internet Citizenry's New Consensus Taker

Sponsored Technology Links
CA - Plan IT better, Manage IT better. CA - Manage your IT more effectively. HP - Manage servers from a single interface-HP Insight Dynamics-VSE Intel - Processor-enabled Virtualization. That's IT as it should be. Microsoft - Get the virtualizing power of Windows Server 2008 with Hyper-V Citrix - Have you invested in your staff lately? Get them Citrix trained. Microsoft - Microsoft SQL Server 2008. Read Case Studies & Try for Free Fluke - Your Guide to Troubleshooting Application Problems Nortel - Nortel data networks can save you up to 40% on energy costs. Microsoft - Learn about the software-based VoIP solution from Microsoft. Xerox - Print for pennies per page with Xerox color! Click to learn more. AT&T - Machines That Speak: The Machine-to-Machine Wireless Network AT&T - AT&T Article: Reinventing the Telephone with VoIP AT&T - New from AT&T: Discover Fixed-Mobile Convergence Now AT&T - AT&T Business Continuity Survey on Risk Management AT&T - The Top 10 Best Practices for Server Virtualization Planning AT&T - Securing the Converged Enterprise I AT&T - Securing the Converged Enterprise II AT&T - An AT&T White Paper: Enterprise IPTV Solution AT&T - An AT&T Article: When Content is King Villanova University - Prepare for CISSP(R) or CompTIA(R) Certification - 100% Online! AT&T - Maximizing Mobility in Communications AT&T - The Spirit of Innovation: 100 IT Leaders Speak Out InterSystems - Use Ensemble - quickly create composite applications. Rackspace - Rackspace: The True Value of a Hosting Provider AMD - The Future is Fusion. Only from AMD. Learn more. Symantec - Symantec(TM) Network Access Control: Comprehensive Network Access Control		Oracle - Nucleus Report: Who's ready for SMB? Symantec - Enterprise-class Disaster Recovery for Virtual Server Environments EMC - Read about the CX4 in ESG's Report, CLARiiON Improves Again Adobe - Delivering On The Promise Of eLearning Active Endpoints - Get ActiveVOS. Design, develop, deploy, manage services-based apps. Eaton - Distributing Power to Blade Servers Radware - Business-Smart Automation for Optimizing Your Virtualized Data Center HP - Secure your network with HP's thin client computers. AppAssure - 3 Best Practices for Reducing Exchange Downtime Electric Cloud - Agile Development: 5 Steps to Continuous Integration Oracle - Best Practices for Successful SOA Governance MKS - Get Power and Simplicity of UNIX while working in Windows HP - HP Color LaserJet CP4005n printer. Now $899. SHOP NOW Dell - Dell Latitude: Battery life up to 19 hours. Learn more. Equallogic - Flexible, Scalable, Enterprise Storage for Virtual Infrastructures Equallogic - Four Steps to Disaster Recovery and Business Continuity Using iSCSI HP - Get Extreme Storage for Extreme Business with HP. Dell/Equallogic - PS Series Best Practices Deploying Microsoft(R) Exchange Server 2007 in an iSCSI SAN Dell - Windows Vista: A Cyber Security Shield HP - HP LaserJet P4014n printer Starting at $699 after $100 IS. SHOP NOW HP - HP LaserJet M3035 MFP series Starting at $1,599. SHOP NOW HP - HP StorageWorks products-control, consolidation and confidence. Platespin - Consolidated Disaster Recovery Using Virtualization Platespin - 8 Phases of a Successful Consolidation Initiative AMD - Renowned Engineering Institution Chooses AMD Processor-Based Servers AMD - Watch this flash demo of the Quad-Core AMD Opteron Processor AMD - HP and Oracle deploy unbreakable computing infrastructure Qwest - Learn how Qwest voice and data solutions can save you time.

	HOME NEWS BLOGS PODCASTS VIDEOS TECHNOLOGIES TEST CENTER EVENTS CAREERS	About \| Advertise \| Awards \| RSS \| Contact Us
Copyright © 2008, Reprints, Permissions, Licensing, IDG Network, Privacy Policy, Terms of Service. All Rights reserved. InfoWorld is a leading publisher of technology information and product reviews on topics including viruses, phishing, worms, firewalls, security, servers, storage, networking, wireless, databases, and web services. CIO :: ComputerWorld :: CSO :: Demo :: GamePro :: Games.net :: IDG Connect :: IDG World Expo Industry Standard :: IT World :: JavaWorld :: LinuxWorld :: MacUser :: Macworld :: Network World :: PC World :: Playlist

TOP NEWS:

» Technology White Papers Library

Technology White Papers by Topic

Technology White Papers E-mail Alert

TECH WATCH

COLUMNISTS

MORE INFOWORLD BLOGS

Sponsored Technology Links