FireWall-1 NG offers other protection mechanisms besides the Security Servers. Some types of attacks--including URL regular expression matching, IP spoofing, DoS (denial of service) attacks, and other network- and transport-based anomalies--are caught in the kernel without the need for Security Servers. This translates to improved protection without sacrificing performance.
FireWall-1 NG has a good mix of both performance and protection, however we think that Sidewinder with it OS type enforcement, split DNS and SMTP, and H.323 application proxies puts it over the top. If you're a FireWall-1 user, try to eke out some more protection without hitting performance too much.
FireWall-1 Next Generation Feature Pack 3, Check Point Software Technologies, (800) 429-4391, (650) 628-2000. www.checkpoint.com
Symantec Enterprise Firewall with VPN 7.0 | Microsoft Internet Security & Acceleration Server 2000 | WatchGuard Technologies Firebox 4500
Symantec Enterprise Firewall with VPN 7.0
Symantec Enterprise Firewall (SEF) offers somewhat better protection for HTTP traffic than Sidewinder but lacks NetMeeting filtering options. Its performance was much slower compared with the other firewalls we tested. SEF performed at well below 100 Mbps with HTTP application scanning enabled. The management station is on par with Check Point's and its logging is some of the best we have seen.
Regarding application-proxy protection, SEF is no slouch. It blocked all our attempts to pass malformed HTTP, DNS and SMTP traffic. SEF also can block traffic based on URL filtering on a per-rule basis by adding the http.urlpattern directive into the Advanced Services tab of the rule. Once that was done, we saved and reconfigured the firewall and it began to block URLs matching the pattern. For example, to block Unicode traversal on our unpatched IIS5 Web servers, we entered Unicode patterns, such as scripts/..%c0%af.., that we wanted to block. Likewise, any URI string can be matched. Both features are welcome stopgap measures for known attacks. SEF comes with a sample pattern file that contains most of the common patterns.
Like the Sidewinder, SEF also blocks SMTP relay attempts as well as SMTP source routing. SEF in unique in that it can detect what appear to be telnet connections to Port 25 and drop the connection. This is probably because telnet connections send one character at a time whereas real SMTP clients send all the strings at once.
To realize the benefits of cloud-native software, an application must actually be cloud-native—designed to run in the cloud, interacting with disaggregated cloud services, fully manageable as code—to deliver the expected benefits.
By combining resources and expertise, the AI-Enabled ICT Workforce Consortium will offer a blueprint for how industries can adapt to an AI-dominated future.
IT leaders should heed the guidance of cybersecurity insurance providers who think businesses should prioritize security education, incident preparedness, regular internal audits, and ongoing vulnerability scanning and patching.
