Firewall software options open up
Digital and a joint effort between AT&T and HP offer firewall software options with new defense tactics to guard company data.
Several companies are taking advantage of this market niche, offering firewall software options that employ new defense tactics in guarding a company's data.
Digital Equipment, IBM, Hewlett-Packard, AT&T, WatchGuard, Finjan, and Secure Computing all unveiled new security offerings at the Network+Introp trade show here.
Digital announced AltaVista Firewall 98, a new version of its Internet security software for Windows NT and Unix.
Digital is touting the product as the first proactive firewall. It offers a handful of security settings for different types of networks. As assaults on the network increase, the software automatically responds with more frequent and more sophisticated action to evade the attacks.
The latest version of its security software is Digital's response to security managers' needs for greater protection for their private networks and simpler implementation of security products, said Don Harbert, vice president of Digital's Internet Business Unit.
The AltaVista Firewall 98 also offers support for either isolated LANs or "demilitarized zones," in which systems such as Web servers, mail servers, and anonymous FTP servers are protected by the firewall but still remain accessible from the Internet.
It also lets systems administrators customize their company security policies, allowing individual employees access to as much or as little information as their positions demand. For example, only employees with a human resource job code would be given access to the human resource servers, but all employees could be granted access to product data sheets residing on a marketing server.
To further aid administrators in maintaining a secure network, the firewall provides a combination of DNS servers and DNS proxy, which allows users to first ask for access, and then be either denied or granted entry, all at the firewall's edge. Typically, users must travel beyond the firewall to query servers for permission to see various files.
And to prevent false alarms caused by regular users simply typing in the wrong password a few times, the firewall features an alarm function that is only triggered after a preset number of "attacks."
The unit can be integrated with third-party products within the whole security environment and is available for Windows NT or Digital Unix. AltaVista Firewall 98 ships in July and is priced at $2,495 for 25 nodes, $3,995 for 50 nodes, $7,995 for 200 nodes, and $14,995 for an unlimited number of nodes.
Separately, Hewlett-Packard and AT&T said they are teaming to offer a bundled firewall, server hardware, and software package called the HP and AT&T secure Internet access solution.
The package includes AT&T's WorldNet Managed Internet Service, an HP 9000 Enterprise Server, and firewall software from Check Point Software Technologies or Novell's BorderManager software.
AT&T said it is targeting the package, announced at Networld+Interop 98, at businesses that have yet to go online as well as those that need higher levels of security and reliability for their Internet offerings.
The exponential growth AT&T has accrued over its Internet backbone is the result of the growing number of businesses that operate using Web and IP services, said Kathleen Earley, AT&T vice president of Networked Commerce Services.
"This bundled solution will give businesses a single, reliable source for Internet access or an intranet solution," she said.
The package is the latest in a series of secure e-commerce products created by the alliance between HP and AT&T. No pricing information was announced.
IBM unveiled a host of offerings under the name eNetwork Software for security and directory integration. It includes a new LDAP-based directory server to store user, configuration, and security information. IBM also said it's now shipping a Windows NT version of its eNetwork Firewall, which also comes for the AIX form of Unix.
IBM's suite also includes global sign-on, KeyWorks for recovering cryptographic keys, DCE application tools for AIX, and eNetwork VPNs. IBM's networking hardware group provides support for the IPSec protocol for IBM routers, and the company said it will announce later this month enhancements to its system 390 cryptographic and network security features. IBM did not release pricing.
WatchGuard unveiled Introduces Firebox II, a new model for its family of firewall appliances, dedicated devices that provide security for network and connections to the Internet.
Firebox II, targeted at large enterprises and ISPs, offers remote configuration and updating, flash memory for updating security policies and network configurations. Through its resellers, WatchGuard also offers a service that lets customers download security software updates moments after they are available.
WatchGuard's security system--including the Firebox II plus software for firewall, authentication, remote-user and branch-office VPNs, and security management--is list priced at $4,995. The WatchGuard security system with the original Firebox lists costs $3,995 with branch office VPN as a $1,495 option.
Finjan announced version 4.0 of its flagship SurfinGate software, code-named Concorde, which is a juiced-up server offering that scans incoming content for hostile Java applets, viruses, and malicious ActiveX controls.
The new version, optimized for the speed sought by large networks, works as a plug-in to firewall software and proxy servers, including Microsoft Proxy Server. No details on pricing or availability for SurfinGate 4.0 were released, but the software was scheduled to be previewed at the show.
Secure Computing said its new SecureZone firewall, which is now shipping, is integrated with the Netscape Certificate Server for managing X.509 digital certificate management, boosting SecureZone's virtual private network (VPN) capabilities. Previously Secure said it's using Red Creek's, Ravlin VPN technology.
X.509 is a standard digital certificate, used to verify the identity of a user for security purposes such as giving access to appropriate data or parts of a network. SecureZone customers can either buy Netscape's certificate server to use as their own certificate authority, or use services offered by VeriSign and Netscape.