A Technology Review By: Brent Huston bhuston@microsolved.com Disclaimer
Product names contained within are
the copyright and trademark of their respective companies. For company names, please see the last slide of this presentation. Agenda • What is an appliance firewall? • What technologies do they employ? • What were we looking for? • The successes we had • The problems we discovered • The future of network appliances • Summary of information What is an appliance firewall? • Integrated hardware solution • All software, including OS comes pre-loaded on the platform • Network “black box” approach to security Evolution • Originated as firewall features added to routers • Basic packet filtering – Source, Dest., Protocol • Application specific proxies • “Stateful Inspection” • Appliance firewalls What technologies do they employ? • Network Address Translation (NAT) • Most use packet filtering rules to determine packet access • Some use “stateful inspection” to manage connections • Some application proxy support – A few allow custom proxy creation *BONUS* Some Have Other Helpful Features • Built in application servers - mail, web, ftp • DHCP support • Built-in VPN capability - p2p and client based • Strong authentication support • URL/content blocking • DMZ configuration • Email alerting • SNMP support Management Functions • Web based was easiest to use and allowed greatest flexibility • Custom applications provided some ease, but lacked true remote management ability • Direct cable solutions were poor and inflexible • Worst case was a direct custom cable via SLIP Our Mock Deployment Goal: Locate an appliance firewall that could protect our medium size business (500 users) from the Internet – Ease of deployment and management – Provide adequate security for internal systems – Allow external access to our mail and web servers – Alert us in the event of an attack “Bonus” Features • Good documentation • Ease of maintenance • Real time reports • Content blocking • SNMP alerting • VPN between branches • Failure recovery Our Security Desires • Extensive logging of successful connections, rejected packets and suspected attacks • Immunity to Denial of Service attacks • Protection against information gathering probes • Initial deny all ruleset for access The Starting Field Located 23 vendors whose products were appliances as defined by our process Our Successes In no particular order... • Phoenix Adaptive Firewall • SonicWALL/DMZ • PIX Firewall • Firebox II • Interceptor Phoenix Adaptive Firewall Pros: Cons: – Excellent setup process – Crashed twice during using front panel rule application and – Management via web changes based JAVA applet – Access control ruleset – Many logging options management is a bit – Alternate command confusing interface allows access to underlying Linux OS SonicWALL/DMZ Pros: Cons: – Excellent management – Cheap, lightweight feel interface and package design, – Integrated DHCP afraid we were going server to break it – Predefined ruleset for – Logging could be more most common robust, and sometimes applications misses events – Good documentation – Upgrade process is firewall replacement Interceptor Pros: Cons: – Easy setup and – Nmap determined management underlying OS – Includes security – Logging failed to auditing software notice port scans – Excellent reliability – No ability to build and resistance to custom application Denial of Service proxies attacks PIX Firewall Pros: Cons: – Configurable and – Setup and useable logs configuration is very – Great documentation complex – Amazing failover – Initial setup is serial capability cable only – Stable and resistant to – Requires Windows NT Denial of Service to administer via GUI attacks – No application proxies Firebox II Pros: Cons: – Configuration and – Management is via a management is easy dedicated application – Robust security and – Documentation was a Denial of Service bit unclear attack resistance – Adequate logging – Visual status determination is excellent Some Discoveries • Several products were significantly less than what we considered a firewall – Some performed only NAT with no logging or access controls – Some were only point to point encryptors • Logging, in general, was poor compared to other firewall platforms Other Issues • Most of the devices featured management that was difficult to use or “kludgy” at best • Most of the devices had no automated system to manage failure • Most of the devices did not notice or log attempted attacks in any format other than rejected packet information Long Term Issues • Upgrade process for most products is replacement • Most appliances do not offer high speed connectivity options The Future of Network Appliances • Better management and configuration processes • More configurable logging • Integrated intrusion detection software • Improvements in alerting methods Summary of Findings • Appliance firewalls can serve as a good resource for small and medium size businesses • They can provide adequate security with ease of deployment and management • They possess excellent width of product options but may lack in product depth Companies and Products • Phoenix Firewall by • PIX Firewall by Cisco Progressive Systems Systems • SonicWALL/DMZ by • Firebox II by Sonic Systems WatchGuard • Interceptor by Technologies Technologic, Inc.
Please Contact Vendors Directly for Product
Information Thank You! • Thank you for attending today, please contact me if you have any questions or comments at bhuston@microsolved.com • This presentation is copyright MicroSolved, Inc., 1999. All rights reserved. • Complete results whitepaper will be available at www.microsolved.com