CyberSecurity Institute

In this report, they asked six top vendors to provide products that deliver firewall protection to the enterprise network.

The hardware alternatives offer one distinct advantage as these appliances come complete with processor, memory and embedded operating system which provides intrusion detection and prevention straight from the box.

A key feature in four of the products was the inclusion of workstations that allowed policies to be managed from the desktop. Virtually all hardware firewalls use stateful inspection which intercepts packets at the network layer, then analyses the header and contents of each packet to determine its communication state, as well as the source and destination addresses. Although basic packet filtering offers higher performance, security is reduced as most filtering mechanisms only examine packets at the network layer and are unable to determine what application they are bound for. Only the Zone Labs’ firewall product implements stateful packet inspection – a feature drawn from its popular personal firewall software.

To test installation, configuration, deployment and reporting of the central management consoles of each product we used a Pentium III 733-equipped system with 256Mb of memory and running Windows 2000 Server, while client duties were handed out to a variety of workstations running Windows 98 SE, ME and 2000 Professional.

Review: http://www.whatpc.co.uk/products/software/1133254

While Cisco is not the first wireless LAN provider to embrace Advanced Encryption Standard, its support will bring peace of mind to many IT managers who have standardized on the leading enterprise WLAN provider’s technology—especially those required to offer government-caliber security for their wireless networks.

By year’s end, Cisco will introduce “Kodiak,” an 802.11a radio module for the popular Aironet AP1200 access point, according to sources familiar with the San Jose, Calif., company’s plans. Kodiak supports the IEEE 802.11i security protocol, ratified last month, which is based largely on AES. There will be two versions of the module, one with an integrated antenna and one with connectors for remote antennas, the sources said.

Cisco also will introduce software that supports AES for Kodiak and for its 802.11g AP1100 and AP1200 access points. AES is a federally approved encryption standard based on 128-bit keys generated by the Rijndael algorithm, resulting in stronger encryption than either TKIP (Temporal Key Integrity Protocol) or the more common WEP (Wired Equivalent Privacy). AES can be difficult to implement on an existing WLAN, especially for campuses with hundreds of access points.