INTERNET/WAN NETWORKS
From the May 2004 issue of Communications News
Security products
Vulnerability testing
The Network Security Inspector is a vulnerability assessment scanner that offers low cost, quick installs and fast results. A point-and-click graphical interface allows administrators to rapidly obtain information on the security status of their Microsoft operating systems and applications. The solution uses an automatically updated database that complies with the Mitre common vulnerabilities and exposures list and contains the latest SANS/FBI top 20 vulnerabilities. It also uses the latest CERT, CIAC and FedCIRC advisories. Prioritized vulnerability reports can be customized to include details for selected machines or entire networks.
Sunbelt Software
www.rsleads.com/405cn-312
Small-business firewall
The
Gateway Security 300 Series is a high-performance, low-maintenance firewall
appliance for small businesses. It combines comprehensive security, a
reliable Internet gateway and a secure wireless LAN option in one solution.
The security component includes a stateful inspection firewall, secure IPsec
VPN connectivity, intrusion detection and prevention, content filtering, and
policy enforcement for Symantec-supported antivirus clients. The network
component supports high-speed Internet sharing, routing and redundancy,
along with an optional secure WLAN access point. An intuitive installation
wizard simplifies use, and LiveUpdate technology helps simplify maintenance.
Symantec
www.rsleads.com/405cn-313
Patch management
Designed to help administrators implement patch-management controls within an organization, HFNetChkPro 4.5 can be configured to automatically scan a network, install patches and e-mail the results, including graphs and patch validation, moments after patches are available from vendors. The solution includes a custom scheduler that ensures scans and deployments happen exactly when they are desired. The software tool features an easier-to-use interface with navigation buttons and offers a patch-at-a-glance function that shows the overall patch status for all machines on a network. Administrators can specify exactly what machines to include or ignore when doing large domain or IP-range scans, and patches can be cached locally to conserve bandwidth. In addition to support for Windows, the product also allows customers running Red Hat Linux to scan the network for Linux operating system vulnerabilities.
Shavlik Technologies
www.rsleads.com/405cn-314
E-mail filtering
Message Inspector 4.3 is a spam and e-mail filtering solution that helps manage, filter and, if necessary, block unauthorized inbound, outbound and interoffice communication. The software features a comprehensive signature database that is reviewed and updated daily. Automatic white lists can be configured to accept e-mail from all recipients of outgoing messages sent by the user, reducing false-positive results and increasing user satisfaction. The solution also has a database to detect phishing e-mail attacks, and supports LDAP, a full quarantine management system and distributed deployment.
Zix Corp.
www.rsleads.com/405cn-315
Interior network protection
The Mi40 Inverted Firewall appliance is designed to actively defend a network’s interior, stopping network threats before they cause widespread damage. The device compliments existing firewalls, IDS/IPS, antivirus and HIDS/HIPS by identifying, slowing and containing unknown threats the other solutions cannot address. Residing out of band on a switch port, the device can identify when and where hacker reconnaissance has found holes in perimeter security solutions, helping show traffic exploiting incorrectly configured firewall rules. Virtual decoys with realistic OS and IP personas can be set up to provide false data to reconnaissance scans and to camouflage real network devices.
Mirage Networks
www.rsleads.com/405cn-316
Spam filtering
Spam Manager 2.0 is an enterprise-class, high-performance, antispam and content-filtering component designed to assist administrators in reducing the impact of spam messages and unsolicited mail traffic on their networks. Intended for use with the company’s Antigen 7.5 for Microsoft Exchange and Antigen for SMTP Gateways, the solution incorporates the Mail-Filters SpamCure engine, multiple filtering methods and spam signatures to protect mission-critical messaging and collaboration servers. The SSM 2.0 is a robust, feature-rich and highly customizable solution for e-mail administrators looking to reduce incoming spam and other unwanted e-mail. Signatures are created, maintained and updated multiple times a day. Additional filters include real-time black/white list lookup, DNS lookup, sender/domain filtering, rules-based message body scanning and subject line filtering.
Sybari Software
www.rsleads.com/405cn-318
Database access monitoring
SQL Guard is a non-intrusive, network-based data access security appliance that deters unauthorized access to critical data residing in corporate relational databases. SQL Guard delivers continuous visibility into all network-based access to distributed databases, enabling organizations to gain precise knowledge about the who, what, when and how of activity between all internal/external users and distributed relational databases. The network appliance sits in front of the database to monitor all access activities by inspecting information from the network, applications and SQL/database layers. This approach enables a global network view from outside of the database without degrading network, application or database performance by stealing valuable CPU cycles from servers or introducing latency into database queries.
Guardium
www.rsleads.com/405cn-317
Exchange server scanning
NOD32 Antivirus for Exchange Server offers easy installation, user-friendly graphical interface and a fast scanning rate that makes a minimum impact on system resources. Advanced heuristics detect new e-mail worms without the need to update a virus signature database. The software scans archives, self-extracting archives and run-time compressed files. It also offers multithreaded background virus scanning, so it does not interrupt any other processes running on the server. A predictive priority-based scanning queue determines which messages to check first, scanning the body of the message, as well as all routing messages when the server is used as a gateway. The solution is also available for multiple other platforms, including Linux.
Eset Software
www.rsleads.com/405cn-321
Traffic analysis
Mazu
Profiler v3 is designed to complement existing infrastructure, providing
real-time insight into how an extended network is actually used.
Administrators can use the data to plan and protect the network. The 2U
Linux device uses sensors within the network perimeter to detect malicious
activity that bypassed front-line defenses. The system offers threat
detection based not on signatures, but on traffic profiling of actual
network behavior. The product allows administrators to specify and monitor
acceptable usage policy and access policy using both heuristics and
rule-based alerts. By analyzing changes from normal network behavior, the
system can detect anomalies and provide detailed reports.
Mazu Networks
www.rsleads.com/405cn-319
Centralized auditing
STAT DVM is an enterprise vulnerability-assessment tool that can pinpoint exploitable vulnerabilities across large distributed networks from a single command-and-control site. The solution provides a single enterprise-wide view of critical network weaknesses before they can be exploited. Dividing the work across several remote scanning nodes results in multiple paths of parallel vulnerability scanning, which places less of a burden on network traffic than if a single scanner were checking the network. The tool uses auditing to track devices and vulnerabilities, offering less impact on the network than active probing.
Harris
www.rsleads.com/405cn-320
File-sharing blocking
Enforcer v3.1 is a perimeter security solution designed to prevent unsanctioned access to instant messaging (IM) and peer-to-peer (P2P) file-sharing networks. New features deliver dynamic protection against the latest protocols, support for segmented networks and enhanced integration with corporate directories to identify unverified users trying to access IM and P2P services. The product offers dynamic protocol updates, eliminating system downtime and administrative resources typically required to keep current with the latest IM and P2P services. Because it uses a passive pass-by architecture, unlike in-line devices, it does not impact network performance or act as a single point of failure.
Akonix
www.rsleads.com/405cn-322