Secure Computing's Sidewinder G2 earned our Editor's Choice award. Sidewinder is tops at combining protection and performance, though its reporting capabilities still need work.
Sidewinder G2 Sidewinder G2 is the first new version from Secure Computing since the purchase of the Gauntlet firewall from Network Associates. Sidewinder still installs with a hardened BSDI 4.3 OS with type enforcement, but nearly all configuration is done through the installation wizard or the Sidewinder management GUI. Gone are the days when you had to be a Bind/DNS/Sendmail guru to properly set up the firewall. Secure Computing has done a nice job of easing the product's installation process while preserving its security strengths.
About the only security problem we found is that the HTTP proxy doesn't support URL string pattern blocking. Such support is handy as a stopgap to block the latest URL-specific worm while you are patching your Web servers. But aside from a couple of foibles, Sidewinder still strikes a nice balance between protection and performance.
Sidewinder's protections come from its application proxies. It provided the best protection mechanisms for both H.323 and DNS. Sidewinder can selectively block H.323 codecs and T.120 functions, such as chat, application sharing and videoconferencing. This provides much finer control over how H.323 is used.
For DNS protection, Sidewinder uses a hardened Bind 9 DNS server and it can be configured as a hosted split-DNS or transparent-DNS proxy. Split DNS makes a noncaching DNS server available to the outside world that is used to resolve only those addresses that are published. A second caching DNS server is used for internal clients trying to resolve hosts both internally and externally. Splitting the DNS means external users will never reach internal DNS servers. An added benefit of using Bind 9 is that when the DNS server gets a response to a query that contains an alias (CNAME) to another host name, the DNS server will try to resolve the alias rather than trust the response. That blocked our attempt to poison our internal DNS server. In all the other firewalls we tested, cache corruption of our internal DNS server was successful.
The management GUI is radically different from earlier versions of Sidewinder and does take some getting used to. The only real down side is rule management. Firewall rules are created and then added to groups. Groups are combined into a firewall policy. The order of the groups and the order of the rules in the groups determines the rule order in the resulting policy. When we viewed the active policy, we couldn't edit any of the rules nor could we determine what group a rule belonged to. We had to keep track of it ourselves. We have enough details to remember--the admin console should do that for us. Also, the real-time logging still leaves much to be desired. Manually scanning syslog entries is fine for experienced administrators, but not for novices.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
