SECURITY PRODUCTS

From the July 2003  issue of Communications News

Content security platform

The FortiGate 1000 Antivirus Firewall combines high-performance antivirus scanning with firewall throughput of 1 Gbps, content-filtering, VPN, intrusion-detection and traffic-shaping functions. The device can be deployed as a high-performance antivirus gateway in conjunction with legacy firewall, VPN and intrusion-detection systems, or as a comprehensive security solution taking advantage of the unit’s integrated security capabilities. The system provides granular security through multizone capabilities, allowing administrators to segment a network into zones and create policies between zones. Also supported are active-active and active-passive clusters to provide stateful failover and ensure high availability for mission-critical applications.

—Fortinet
www.rsleads.com/307cn-324

Firewall with VPN acceleration

Targeting the expanding needs of the small to midsize enterprise, the GB-1500 firewall appliance is powered by the company’s ICSA 4.0 Corporate certified GNAT Box System Software. The 1-U appliance features 128 MB of RAM, a 1.4-Ghz Pentium III processor, four 10/100 Ethernet interfaces and VPN hardware acceleration. The unit supports an unlimited number of nodes and concurrent outbound users, as well as 128,000 concurrent sessions. Up to 300 mobile VPN clients are allowed, with up to 500 VPN tunnels. Management of the device can be done with a console, through Windows software or through a Web connection.

—Global Technology Associates
www.rsleads.com/307cn-323

Vulnerability remediation

Hercules 2.0 is an automated vulnerability remediation tool to resolve all classes of vulnerabilities within an enterprise network. Featuring a large library of remediation signatures across Windows, Sun Solaris and Linux, the solution combines flexible automation with remediation best practices to ensure up-to-the-minute protection. Administrators can determine which vulnerabilities are resolved and when by scheduling time, date and notification of reboot options. An advanced rollback feature allows for automatic rollback of configuration changes, patches and system settings. Compliance checks and patch validation is performed across IE, SQL Server, Apache and all Office applications. Multiple Hercules servers can be managed from a single console.

—Citadel Security Software
www.rsleads.com/307cn-326

DoS protection

Three new features enhance the company’s BIG-IP products to shield any network end-point from attacks that would otherwise burn up connections and bring site and application performance to a crawl. Online certificate status protocol (OCSP) support allows the devices to validate whether or not a client should be allowed to access an application or denied, by connecting to an external OCSP responder to ensure that the client certificate is valid and has not been revoked. A new Dynamic Reaping feature tracks the high- and low-water marks to reap idle connections that are common in various network DoS attacks, preventing the appliance from being overwhelmed by traffic, regardless of the connection length. The SYN Check feature allows the BIG-IP device to act as a security proxy, providing SYN Flood protection of servers that sit behind the device. Combined with the Dynamic Reaping feature, this approach filters out the heaviest of SYN Flood and ACK attacks at either Layer 4 or 7.

—F5 Networks
www.rsleads.com/307cn-321

Security appliance

The RN20 Integrated Security Switch features a Managed Zone capability that offers multipoint-to-multipoint security to segment a LAN into multiple individually secured zones, each with its own stateful security policies in both ingress and egress directions. The unit’s single-pass, packet-scan technology allows the integration of multiple services into a single appliance, including 12 security zones, bandwidth management for QoS, load balancing, real-time server health monitoring, IP multicasting, autodiscovery and Layer 2-4 switching. The RN20 will identify and report intrusion attempts, suppress incoming or outgoing denial-of-service attacks, and selectively redirect suspicious traffic to IDS systems.

—Ranch Networks
www.rsleads.com/307cn-322