Security: Business Supplement

Staff writers | Nov 8, 2007 3:16 PM
Do you have a business or are in charge of a business’ tech security? Get some tips from PC Authority’s experts.
Hello and welcome to our business section. This month our topic is ‘security’ -- a broad spectrum of sub-topics if ever there was one so we’ve drawn together a wide variety of technologies and expert opinions to present to you.

First off, our Online and Security expert, Davey Winder, tells us exactly how indestructible data stored on a hard disk can be. If you thought infernos and explosions and even bullet holes could render data unreadable – think again. You’ll be amazed at what’s really required.

We’ve also got reviews of various Internet security appliances from the likes of Cisco, Juniper Networks, Finjan and Check Point. These can be a great help for protecting both wired and wireless networks in your organisation as well as maintaining virus, spam and dodgy-URL protection. We also review a high-quality Sony IP camera which our reviewer claims, ‘even Spiderman couldn’t get past’ as well as software from Kaspersky and Panda which will monitor your networks for potential intrusions.

Plus, we have an introduction from Secure Computing, our new, little sister publication which specialises in all of the above topics and more. Finally, we’ve some real-world advice about keeping data secure on USB memory keys and some useful tips on not getting burgled.

As ever we welcome any feedback you have, but we’re particularly interested to know your feelings on our business sections, which are a relatively new feature of PC Authority. Please send any comments to editor@pcauthority.com.au.

Index
1. Introduction
2. Extreme data erasure
3. Cisco Catalyst 3750G
4. Kaspersky Enterprise Space Security 6
5. Sony IPELA SNC-RX550P
6. Panda Malware Radar
7. Juniper Networks SSG 5
8. Check Point UTM-1 450
9. Finjan Vital Security NG-1100
10. Introduction to SC
11. Protection... in a flash
12. Paul Ockenden’s guide to burglary

Extreme data erasure

One question I’m asked a lot these days almost everywhere I go is “how do you securely erase data before disposing of a computer?” My answer is somewhat reminiscent of Jon Honeyball’s infamous network-resilience chainsaw test; namely, “using my random axe”, although I guess that requires some explanation. Way back in 1999, Sun Microsystems founder Scott McNealy was asked at a press conference about the failure of his newly launched system to protect a consumer against being tracked when connected to a network, and he replied “you have zero privacy, get over it!”

In the eight years that have passed since then, nothing has changed for the better, despite improvements in encryption technology, mainly because such improvements have been matched by equivalent advances in malware. In particular, by the rise of the clandestine spyware application, which has been nothing short of spectacular. When it comes to privacy on the internet, no matter what you do to reduce your online footprint, the only truly foolproof way to prevent your data trail being spread far and wide is never to go online – in fact, never even to switch your PC on at all. Sure, you can minimise the impact of your travels and shrink your footprint somewhat by treading lightly within your browser client, routing all requests via an anonymous proxy, deleting locally held history and temporary internet files and so forth. But you can’t erase that footprint completely: it isn’t possible to traverse the web like a ghost if you expect to be able to do anything vaguely useful or interesting while there.

They ARE out to get you

Why am I deliberately inflaming your already-paranoid anxieties about privacy? Simply because in this evermore connected world, it’s all too easy to focus solely on the issue of online privacy and to forget that one of the staples of the identity fraudster’s diet lies far closer to home, right on your desk in fact. Your PC, or rather its hard drive and any other external storage device attached to it, is the single most valuable component in your data-gathering cycle. It’s where your digital identity resides, containing everything you are and everything an identity thief (or a corporate competitor, or even just a nosy neighbour) needs to extract the essential “you” from “it”. Sell your PC, or its old and defunct external drive, or the old hard drive you’ve just upgraded, and you’re almost certainly selling some of your data along with it. Take your PC to the local dump for recycling – which is wholly to be encouraged by the way, so please don’t let this scare you off recycling your IT kit – and your data stands a good chance of being recycled, too, even if you deleted all the personal files or formatted the drive before disposal.

The problem lies in the way the operating system deals with such files: instead of physically removing the data, it merely erases the pointers to that data, thus rendering it invisible to the user and other applications, and enabling them to overwrite their own data into that now “unused” space. But it’s only invisible until someone with the right tools attempts to see it, which is how data-recovery software works. It isn’t rocket science – such software just opens the logical path where the deleted file used to be to discover the disk sectors where the data will still reside unless it happens to have been overwritten. This can be achieved as simply as searching for some known text string, filename or even file type – hugely handy when you accidentally format your digital camera’s storage card, and enabling you to successfully recover most if not all of the images you thought you’d lost. But it’s equally handy for someone examining the hard drive of the second-hand computer they just bought on Ebay or courtesy of some recycling scheme...

Security shot to pieces

If you talk to certain ex-members of the security services in the US, they’ll happily tell you their standard method of decommissioning a hard drive is to shoot it full of holes: what’s known in the trade as a “dead granny” after a popular (but not factual) tale. However, that drive isn’t the only thing that’s full of holes, because their belief that the data held upon it is now safe from recovery is similarly perforated. I’ve been present in the clean room of a professional data-recovery operation and watched computers that have been under water for days, incinerated beyond recognition in fires, or even crushed under falling masonry, and yet their data could still be successfully recovered. Techniques like Magnetic Force Microscopy (MFM) and Magnetic Force Scanning Tunnelling Microscopy (MFSTM) can be used in such extreme circumstances to grab an image of the magnetic field at the surface of the disk by measuring the force gradient as a function of position when a magnetic tip attached to a cantilever is moved across its surface. I’ll admit your average identity thief or opportunistic hard drive explorer isn’t going to have either the funds or the technical training to operate MFM hardware, but the example serves to show that raw data can be retrieved if it’s deemed valuable enough.

The more alert among you will have caught on by now that the crucial factor determining how much data can be recovered is directly proportional to how much of that data has already been overwritten. So whereas the golden rule of data disaster recovery is always “don’t do anything that might overwrite your original data” (including, ironically enough, installing a newly purchased data-recovery program, as installing that might easily overwrite the data you’re hoping to save), the reverse principle holds for secure data disposal: “do everything you can to overwrite your data in as random a fashion as possible.” Typically, this will involve replacing the original data with a totally random string of bits, and most data shredders can achieve this by making a single pass of the file concerned.

Of course, if the original data is overwritten only once, or even twice for that matter, it remains relatively easy to recover from an expert’s perspective, because they’ll subtract what they expect to be able to read from what’s actually being read. Consider, for example, the sentence “the haumn mnid deos not raed ervey lteter by istlef, but the wrod as a wlohe, which is why yuo can raed this” and you’ll get the idea. Computer software isn’t as clever as the human brain, but it can still guess what the original data would have been if only a small part of it’s been overwritten. That’s why the official US Department of Defense “file sanitization directive” standard requires three passes for data erasure. Naturally enough, the NSA and our own intelligence services are far more paranoid, demanding a seven-pass bleaching of data (when they’re not leaving their laptops in the backs of taxis, that is).

Data that’s been overwritten randomly a large number of times can still be recovered – remember there’s no such thing as 100% security – so long as new data hasn’t compounded the puzzle by being written to exactly the same original location. But you can make life so difficult for would-be data thieves, not to mention so expensive, that unless you lead a very, very interesting life indeed nobody is going to bother trying. That’s why my erased data is more trashed than secret squirrel’s – I routinely employ a free application called Eraser (www.heidi.ie/eraser), which lets me use the Gutmann 35-pass methodology, but even that isn’t safe enough for me. To make life really difficult for the potential data thief, whenever I physically dispose of a computer I always remove the hard drive before taking it to the recycling centre – they only get the rest of the computer, while I let Gutmann have a first go at trashing the data before getting out a large woodsman’s axe. Clever random data overwriting combined with this brute force smashing of the disk platters with the axe allows me to sleep at night knowing that the secrets of my hard drive won’t fall into the wrong hands.

Index
1. Introduction
2. Extreme data erasure
3. Cisco Catalyst 3750G
4. Kaspersky Enterprise Space Security 6
5. Sony IPELA SNC-RX550P
6. Panda Malware Radar
7. Juniper Networks SSG 5
8. Check Point UTM-1 450
9. Finjan Vital Security NG-1100
10. Introduction to SC
11. Protection... in a flash
12. Paul Ockenden’s guide to burglary

Cisco Catalyst 3750G

This integrated LAN controller delivers a sophisticated, versatile wireless network management solution

When we looked at the wireless security solution from Airespace a few years ago, we liked its tough stance on wireless intruders. Evidently, Cisco thought the same, as it acquired the company shortly afterwards and merged it into its rapidly expanding wireless product portfolio. One of the end results is the Catalyst 3750G integrated wireless LAN controller, and in this exclusive review we see what Cisco has been up to with the Airespace products and technology.

The product is an amalgamation of Cisco’s wireless LAN controller and its Catalyst 3750 switch. At its foundation are 24 copper Gigabit Ethernet ports, all of which are 802.3af PoE enabled, and the switch has a meaty 32Gb/s switching backplane. The primary purpose of the Gigabit ports is to facilitate the distribution of Cisco’s Aironet access points. These act as the system’s eyes and ears on the wireless network, but only those running the LWAPP (lightweight access point protocol) are supported.

LWAPP is designed to take the strain out of configuration, as the access points link directly to the controller unit and, once validated, receive all configuration settings from it. For testing, we used Aironet 1130 AG access points and found that all web management has been removed, so the units can’t be accessed directly. In fact, we saw the power of this system sooner than expected, since Cisco inadvertently supplied access points configured with a US country code. Our ‘foreign’-configured controller saw them immediately, warned they’d been disassociated and powered them off remotely after a few minutes without us doing a thing.

With a Catalyst switch at its foundation, initial configuration is pleasantly swift. You get the full benefit of the browser-based Cisco Device Manager and the Smartports feature that impressed so much is evident here. You also get Cisco’s Network Assistant (CNA), which offers a wealth of wizards for swiftly implementing general network security.

The next step is to configure the controller, and the switch Device Manager provides a quick link to its web interface, which hasn’t changed too much from its Airespace days and is consequently very easy to use. This kicks off with a quick-start wizard, which runs through setting up the service and management ports along with the interfaces for communicating with the access points. The homepage opens up with a status overview of all wireless clients, Aironet APs and those that are providing 802.11a/b/g services. You can see at a glance if rogue clients and APs have been identified, and selecting the latter will reveal those clients associated with it. We found the Aironet APs to be remarkably efficient: they identified no fewer than 14 active APs and two ad hoc networks over a wide area within our offices, and listed all their details.

Policies are used to manage security, QoS and wireless services, and these can be deployed to selected APs. QoS policies allow you to do things such as limit the number of users who can associate with certain APs, while security policies can enforce encryption and authentication.

A smart feature is the containment policies, which use the Aironet APs to beat rogue APs, clients and ad hoc networks into submission. They stop clients associating with rogue APs by sending out false signals and can use deauth packets to force clients to disassociate with rogue APs. However, containment policies can get you into a lot of trouble if not used responsibly, so the controller has these de-activated by default and provides plenty of warnings if you choose to go down this route.

Things get even more interesting with Cisco’s WCS (wireless control system) software, as this provides a full mapping service, allowing you to keep a close eye on the location of APs and wireless clients. The Aironet APs provide RF signal strength measurements, which are incorporated into a central database and used by WCS to identify wireless client and AP locations. Importing drawings of your building layout into WCS allows you to customise it and provide accurate heat signature-style mappings of radio coverage and even signal leakage through windows.

Cisco’s additional location-tracking appliance allows you to track wireless clients and build up a map showing location and movement. The system uses features such as RF fingerprinting and can highlight the physical location of rogue access points and networks. However, the possibilities go way beyond this, as combining these with third-party products and technology such as RFID tagging allows you to create a complete tracking system for goods and company assets.

During testing, we found the 3750G extremely interesting to work with thanks to its easy management and range of wireless security features. The price tag puts this device firmly in the mid-sized business and enterprise sectors, but small businesses should note that Cisco also offers a lower-cost 2106 controller, which delivers a similar level of features and supports up to six access points.

Index
1. Introduction
2. Extreme data erasure
3. Cisco Catalyst 3750G
4. Kaspersky Enterprise Space Security 6
5. Sony IPELA SNC-RX550P
6. Panda Malware Radar
7. Juniper Networks SSG 5
8. Check Point UTM-1 450
9. Finjan Vital Security NG-1100
10. Introduction to SC
11. Protection... in a flash
12. Paul Ockenden’s guide to burglary
Kaspersky Enterprise Space Security 6

Extra protection features in the client software make this release even better value.

Kaspersky Labs has a solid track record in providing antivirus protection for networked Windows workstations, Exchange servers and file servers. The latest release builds on this success, extending its coverage to include Linux, Samba and Novell NetWare systems as well. It retains the same architecture as the previous version, using network agents reporting back to a central management system, with each agent monitoring the activity of the local antivirus software. Agents can generate warnings at the central management system if the resident scanner detects a virus or suspicious activity. The agents receive downloaded data such as virus signatures from the management server to update the local scanner, and can initiate functions such as system scans on command from the central management console.

All the systems are controlled using Kaspersky’s Administration Kit software. As before, this is implemented as a set of wizards and a Microsoft Management Console plug-in, providing control and reporting facilities for all the managed systems, and allowing the creation and deployment of software packages to both new and existing systems. Customised reports can be created if required, although the range of preconfigured reports available should answer most needs. Reports can be produced in HTML or in normal print format. Systems can be arranged into groups for easier management, and each group can have an administration server assigned to it to distribute network traffic more evenly.

We upgraded part of our version 5 installation using the wizards provided, and the system happily managed both versions of the software on workstations and servers. This is good news for larger installations, since it allows for a gradual rollout over time rather than the “big bang” approach that often causes problems. This is especially useful where the new workstation software is concerned. While the Windows file server software continues to confine itself to virus-scanning duties, the workstation client has more features than before.

It now offers a whole battery of extra protection options: antispyware, antiphishing and antispam features are all available, as well as pop-up blocking and antihacker features including a firewall and intrusion detection system. Each feature has its own set of configuration options. We were impressed by the antispam system, which not only detects text-based spam using a self-training algorithm, but can also detect spam in images and from the contents of the mail header. Further antispam protection is provided by black and white lists, and various tuning options. There’s also an option to scan incoming mail at the server before it’s downloaded, enabling the user to inspect and delete suspect mail before it reaches their system.

All these extra features require more input from the user and, where version 5 was unobtrusive, version 6 can be positively garrulous at times, especially when high-activity email accounts are involved. However, the extra features in the client software avoid the need for separate protection programs, providing savings in processing power, administration and costs, making the whole package even more attractive.

Index
1. Introduction
2. Extreme data erasure
3. Cisco Catalyst 3750G
4. Kaspersky Enterprise Space Security 6
5. Sony IPELA SNC-RX550P
6. Panda Malware Radar
7. Juniper Networks SSG 5
8. Check Point UTM-1 450
9. Finjan Vital Security NG-1100
10. Introduction to SC
11. Protection... in a flash
12. Paul Ockenden’s guide to burglary


Sony IPELA SNC-RX550P

Doesn’t do so well in low light, but it delivers a splendid range of surveillance features and wide area of coverage.

There may be plenty of PTZ (pan, tilt, zoom) IP cameras on the market, but the majority have one thing in common: their limited coverage gives them blind spots. Sony’s latest IPELA SNC-RX550P aims to remedy this, as it’s one of the first PTZ cameras to provide continuous 360-degree panning plus a full 90-degree tilt.

There’s much more to this camera, as it’s fast with a 300-degree/sec pan speed and it’s also designed to work in light levels down to 0.15lux. Zoom capabilities are excellent, as the camera offers a 26x optical zoom plus a 12x digital zoom, and local image storage gets a boost as the camera has a CompactFlash (CF) slot behind a cover at the front that accepts CF media cards. Low-speed wireless connections are available, as it can also use Sony’s optional SNCA-CFW1 802.11b ($269) wireless network card. Two-way audio is supported with line in/out sockets, and motion detection also comes into the frame.

The bundled IP Setup utility makes light work of installation. It displays all available Sony cameras and allows you to modify their IP address and the HTTP port used for browser access, while network bandwidth restrictions can be applied. Note that the camera has a two-pole contact for power and Sony doesn’t include a power supply. However, Network Webcams advised us its price does include an external power supply.

The camera supports only Internet Explorer, and the homepage opens up a well-designed interface with a live view and manual image controls alongside. You can use a control pad to move the camera or simply point and click within the live image. We like the panoramic view underneath, as you can use this to zero in quickly on any location within the entire viewing field. Sony provides a utility that creates the panorama and uploads it directly to the camera.

Image quality has always been Sony’s Achilles heel, but at this price we can accept no compromises. Fortunately, the SNC-RX550P delivers a clean, sharp picture with good colour balance. The optical zoom offers remarkable levels of detail, although the digital zoom doesn’t add extra value. Up to 25fps is supported at the maximum resolution of 640 x 480 pixels, and we found motion was conveyed well at this speed. However, the camera didn’t handle low light levels well, and for this we’d recommend the Axis 221 or Panasonic’s WV-NP1000.

Motion detection gets a makeover, as an intelligent mode analyses the last 15 frames to reduce the likelihood of small movements triggering the camera. Alternatively, you can use intelligent object detection, which identifies objects that haven’t moved for more than 40 seconds and removes them from the detection equation. If you need to prove that an image was recorded from a particular camera, you can now use digital signatures, although this requires an optional firmware upgrade.

Sony’s IP cameras have never been particularly competitive on price and are usually beaten on image quality by Axis cameras. The SNC-RX550P is on the pricey side, but it offers a far superior picture and its high-speed, continuous pan allows it to reach those parts other IP cameras can’t.

Index
1. Introduction
2. Extreme data erasure
3. Cisco Catalyst 3750G
4. Kaspersky Enterprise Space Security 6
5. Sony IPELA SNC-RX550P
6. Panda Malware Radar
7. Juniper Networks SSG 5
8. Check Point UTM-1 450
9. Finjan Vital Security NG-1100
10. Introduction to SC
11. Protection... in a flash
12. Paul Ockenden’s guide to burglary
Panda Malware Radar

A useful malware scanner that can provide an extra line of defence when you need it.

Although we tend to be wary of internet-based systems that offer to scan your systems for malware, in this case the idea makes sense. The software’s strength lies in its Collective Intelligence system, based on servers in a number of data centres. This collects information from a variety of sources, including Malware Radar users and other companies, in much the same way that some intrusion-detection and content-filtering systems do. This information is used to identify new threats and generate signature files for use in a subsequent audit run, which means every new run will use the latest available data.

As part of its auditing process, it not only scans files but also running processes for suspicious patterns of behaviour. Although some resident scanners offer this option, they can often generate false alarms, whereas Panda Malware Radar makes use of its internet resources and refers the pattern back for analysis. It will only generate an alarm if the pattern is found to be consistent with an identified threat.

The software doesn’t simply scan for malware and report the results. It can detect rootkits and also examine each computer’s OS and produce an analysis of possible vulnerabilities, such as an inoperative or out-of-date virus scanner or missing software patches. It provides intelligent information rather than stark warnings. When it detected “netcat” on one of our systems, it reported it as possible malware, but indicated it might be present legitimately, which it was.

Not content with simply finding and reporting malware, it also offers the opportunity to disinfect any affected systems. The software needs to load agents onto each system to be audited. The agents can be distributed and installed to each detected system using the distribution tool provided. Since most antivirus and antimalware software downloads new definitions and sometimes software at regular intervals, Malware Radar isn’t inherently any less safe, as it does it all at the same time. The software agents remove themselves from each system when the process is over, and the reports can be downloaded to a local system for examination. None of the software’s activities should cause any problems with installed scanners during installation or operation, and it certainly didn’t conflict with our resident Kaspersky antivirus software. Reporting is comprehensive, and provides both executive summaries and detailed technical reports.

Although there are a number of companies offering antivirus and malware-detection solutions, Panda Malware Radar scores due to being completely online. Costs are comparable with other resident solutions, but several products might be needed to provide the same breadth of coverage. It isn’t intended to replace resident scanning software but to complement it, providing an in-depth analysis based on the latest available information. Since its software is downloaded afresh each time, it would be useful in situations where the existing precautions may have been bypassed by the latest malware exploit, or by software introduced by a member of staff.

Given the growing numbers and sophistication of malware exploits, a system that offers to check for the latest of them without expecting you to replace your existing defences has to be worth a try.

Index
1. Introduction
2. Extreme data erasure
3. Cisco Catalyst 3750G
4. Kaspersky Enterprise Space Security 6
5. Sony IPELA SNC-RX550P
6. Panda Malware Radar
7. Juniper Networks SSG 5
8. Check Point UTM-1 450
9. Finjan Vital Security NG-1100
10. Introduction to SC
11. Protection... in a flash
12. Paul Ockenden’s guide to burglary
Juniper Networks SSG 5

Anti-spam features are basic, but the SSG 5 offers a security solution priced right for small businesses.

Juniper has always offered a fine range of UTM security appliances for branch offices, but above-average prices have made them an expensive choice for SMBs. The latest SSG (secure services gateway) appliances aim to remedy this oversight, and in this exclusive review we look at the entry-level SSG 5.

Usefully, the SSG 5 can be customised, with the base product offering an SPI/NAT firewall and support for site-to-site and mobile client IPsec VPNs. All other features can be licensed separately and you have antivirus, antispyware and antiphishing scanning courtesy of Kaspersky, antispam by Symantec’s Brightmail, the SurfControl URL-filtering service, and Juniper’s own intrusion detection and prevention. Juniper also offers deep inspection functions with its protocol anomaly detection and stateful signature inspection. These come from its IDP platforms, with the former comparing protocols with their RFC to ensure they conform and the latter looking for known attacks in each packet.

The model on review comes with support for 802.11a/b/g wireless and an integral ISDN TA for backup duties, although Juniper also offers V.92 modem and RS-232 serial port options. If you want the UTM functions, you’ll need the extended version with 256MB of memory, although the module is accessible from a panel below the unit. Installation is quick, aided admirably by plenty of wizards, and the appliance uses zones to bind interfaces together. We opted to place one port in a trusted zone for our LAN users, another exposed to the internet in an untrusted zone and a third for wireless access. Policies control traffic between zones, and for each one you decide which security functions are enabled. It’s worth getting your objects defined first, as these define single IP addresses or ranges, a service, a local username and password or a time schedule. The wireless AP supports up to 16 SSIDs and with WPA in force, up to four can be active simultaneously. Drop down to WEP and only one can be active.

The antispam function supports SMTP, so will only scan email being sent to an internal server. It’s designed to support existing anti-spam services and uses Symantec’s IP-based blocking lists and custom black and white lists. If a suspect message is detected, you have options to drop it or tag the header or subject. Profiles control the content filtering and antivirus scanner, so you can use different actions across your policies. Both Kaspersky and SurfControl worked well during testing, and the former can be applied separately to FTP, HTTP, IMAP, SMTP and POP3 traffic and used to limit file download and attachment sizes. However, the warning web page sent to users contains only a simple text message, and can’t be customised with company logos or advisories on AUPs in force. Reporting is also limited, as the appliance provides basic system logs, interface counters and details of the wireless interfaces. To manage multiple appliances and for more detailed reports, you’ll need Juniper’s optional NetScreen-Security Manager software.

The SSG 5 offers good value, especially as the user licence is unrestricted. Although anti-spam and reporting are weaknesses, it delivers a fine range of security services and is particularly versatile.

Index
1. Introduction
2. Extreme data erasure
3. Cisco Catalyst 3750G
4. Kaspersky Enterprise Space Security 6
5. Sony IPELA SNC-RX550P
6. Panda Malware Radar
7. Juniper Networks SSG 5
8. Check Point UTM-1 450
9. Finjan Vital Security NG-1100
10. Introduction to SC
11. Protection... in a flash
12. Paul Ockenden’s guide to burglary

Check Point UTM-1 450

Check Point delivers a superb range of network-security measures for mid-sized businesses, but at a price.

Check Point’s latest UTM appliances aim to deliver the same industrial-strength protection as its larger enterprise-level products, but at a price point more suited to mid-sized businesses. The UTM-1 450 is the entry point of this family of three and is recommended for up to 250 users.

The UTM-1 450 delivers eight key services, with Check Point’s well-respected Firewall-1 at the top of the list. This can identify and control applications such as IM, P2P and VoIP. It’s augmented by web URL filtering, a web application firewall, anti-virus, anti-spyware and IDS, plus you get support for both IPsec and SSL VPNs. Note that full anti-spam scanning isn’t included. For installation, simply point a web browser at the appliance’s internal network port and follow the Quick-start wizard. This took us just five minutes, and then we used the internal and external ports to place the firewall in between our test LAN and the internet. The appliance has another port that provides DMZ services, while the fourth can be used to connect to another appliance for high availability.

Next, you download Check Point’s SmartConsole from the appliance, which installs a range of utilities for managing and monitoring multiple Check Point appliances. By default, the appliance blocks all traffic, so we needed to create a firewall rule that allowed outbound traffic but blocked unsolicited inbound traffic. We used the SmartDashboard tool, which provides a neat row of tabbed folders for each function. We particularly liked the fact that you can create network objects, services, users and groups in the left pane and drag and drop them directly into the Security and NAT entries.

Anti-virus measures are courtesy of Computer Associates eTrust, and can be applied to web and mail traffic. For downloads and mail attachments, you can decide which file types to scan, or block and reject files over a certain size. SurfControl looks after web-content filtering and offers 40 URL categories that can be blocked or allowed. This is configured from the same section as the anti-virus functions, and you can add your own black and white URL lists. SSL VPNs add much value to the UTM-1 450, and Check Point includes a network extender for creating virtual connections. Firewall rules are used to control which LAN IP-based resources can be accessed.

Check Point’s SmartDefense service offers protection against web and application vulnerabilities, worms and probes. It provides regular updates to the appliance along with security advisories and best practices. The Program Advisor uses a program database to identify malicious and safe apps. When an end-user application first accesses the network, the appliance will block it if it’s deemed unsafe or apply access rules.

You can access all the SmartDefense features from the SmartConsole and set up different protection profiles for each gateway.

Despite the huge range of security features on offer, we found the UTM-1 450 easy to deploy and configure. Anti-spam isn’t on the menu, but otherwise Check Point provides a powerful network-security solution that includes a raft of sophisticated monitoring and reporting facilities. It’s pricey for the size of business it’s aimed at, though, with the annual SmartDefense subscription further inflating the price.

Index
1. Introduction
2. Extreme data erasure
3. Cisco Catalyst 3750G
4. Kaspersky Enterprise Space Security 6
5. Sony IPELA SNC-RX550P
6. Panda Malware Radar
7. Juniper Networks SSG 5
8. Check Point UTM-1 450
9. Finjan Vital Security NG-1100
10. Introduction to SC
11. Protection... in a flash
12. Paul Ockenden’s guide to burglary

Finjan Vital Security NG-1100

Finjan delivers unique security measures and stiff anti-virus protection in an easily deployed and managed appliance.

SMBs looking for a web content security solution are spoilt for choice, but Finjan’s Vital Security appliances sport a number of unique capabilities. The NG-1100 is the starting point of the Vital Security family and supports up to 1000 users. It comes with Finjan’s Web Security Suite (WSS) installed, to which you can add anti-virus and URL-filtering tools.

The most prominent feature of the WSS is Finjan’s patented behaviour- blocking technology, which works at the application level to identify malicious content in web traffic. It analyses code behaviour to determine if it’s attempting anything malicious and will block it accordingly. Finjan’s Anti.dote aims to fill the gap between a new exploit appearing and a patch being made available. As soon as an exploit is discovered, Finjan creates and downloads behavioural rules to the appliance, enabling the scanning engine to look out for it and block it. Anti-spyware is the third WSS component, and Finjan employs a range of preventative measures that also includes behavioural analysis.

The NG-1100 functions as an explicit or transparent proxy. We opted for the former, which is the default. For the latter, you don’t have to configure your client’s browser, but you’ll need to redirect LAN and WAN traffic to the appliance for scanning, and you won’t be able to perform proxy-level user authentication.

Installation is handled well: point a browser at the default management port and a wizard takes you through choosing a modus operandi, licensing and configuring network ports. Although the appliance has six ports, most will use only the first Gigabit port. You can use other ports to connect different subnets, but the appliance will route between them, which isn’t desirable. After adding details of our gateway and reconfiguring our client’s browsers, we were up and running in minutes. The optional anti-virus measures are extensive. You can choose from Kaspersky, Sophos and McAfee, while SurfControl handles URL filtering. Policies are used extensively to control web access and comprise collections of rules that contain a range of conditions and actions. Usefully, a default web policy is activated once the wizard has completed, so the appliance can start filtering immediately.

Policies make the NG-1100 very versatile, as they can be applied to different users and groups. You can define users by their IP address, but we found it easy to import a list from our AD server using LDAP. Usefully, each rule within a policy can be run in a passive X-Ray mode that logs only actions. Finjan scores well for reporting, as you can create reports on anything from blocked websites to viral activity by engine, select a time period and user group and opt for HTML, PDF or Excel output.

With all the features activated, the NG-1100 is pricey for small businesses.The Panda GateDefender Integra 100 is a good-value solution that includes firewalling, email scanning and intrusion detection. Nevertheless, larger businesses that want the toughest web content security will find that this is one of the best solutions available.


Index
1. Introduction
2. Extreme data erasure
3. Cisco Catalyst 3750G
4. Kaspersky Enterprise Space Security 6
5. Sony IPELA SNC-RX550P
6. Panda Malware Radar
7. Juniper Networks SSG 5
8. Check Point UTM-1 450
9. Finjan Vital Security NG-1100
10. Introduction to SC
11. Protection... in a flash
12. Paul Ockenden’s guide to burglary

Introduction to Secure Ccomputing

PC Authority’s sister magazine, Secure Computing, helps you stay on top of security.

We know that online security is a primary concern for all. Every month, millions of computers report virus infections, causing system rebuilds and downtime; and new malware and attack methods are being discovered with increasing frequency.
To help you stay on top of the fast moving, confusing world of security, SC Magazine is a hub for Australians to stay abreast of the latest threats, vulnerabilities, and preventive systems.
Our mission is to provide IT security professionals with in-depth and unbiased information through timely news, comprehensive analysis, cutting-edge features, contributions from thought leaders and the best, most extensive collection of product reviews in the business.

  • Expert product reviews, conducted under strict lab conditions. All products reviewed are subject to real-world tests that any business or enterprise would face.
  • Comprehensive feature stories by the best writers in Australia and around the world, helping you handle all aspects of security management, from software updates to biometrics as well as insightful blogs.
  • Comprehensive statistics taken from many vendors and analysts to keep you on top of security scene.
    We invite you to see for yourself by visiting www.securecomputing.net.au today.
    To help you digest the daily news and reviews, we offer you the free, SCMagazine’s weekly newsletter.

    When it comes to network security, there are no grey areas.

    Howard Waterson, Asia Pacific Regional Manager at Centennial Software, tells SC how ‘Greynets’ are exploiting the blurred line between home and office networks

    Millions of applications are installed on company networks each day without the permission of the IT department. These pieces of software are known as ‘Greynets’. They are multiplying constantly and, with many remaining unknown to the IT team and others difficult to locate, are damaging network performance, distracting staff, and creating a hole in network defences.
    Greynets generally fall into the following four categories:

    1. Productivity applications: freeware applications, helping individuals to be more productive. Examples include: PDF viewers, non-standard web browsers, and multimedia players. Generally not a threat to network security but may cause support issues if not familiar to the helpdesk team.
    2. Non-standard hardware drivers: useful applications provided by the hardware manufacturers, such as software to connect with home wireless networks or iTunes. These can leave a computer vulnerable through open communication loopholes and may affect productivity.
    3. Lifestyle applications: what is perceived as a safe peer-to-peer file sharing application can open up the network to serious threats, both in terms of security and legal risk.
    4. Malicious applications: often unknowingly downloaded, these applications include key loggers, remote access and password cracking applications that can undermine existing security measures.

    At its least dangerous, the average Greynet is simply taking up resources, consuming disc space on local drives and within central storage systems. These Greynets reduce network performance and cost the company money. At their most dangerous, however, Greynets can attack systems or leak confidential data to third parties.
    As more staff work away from the office, laptops and smartphones are becoming host to more Greynet applications. This blurring of the line between home and office computing is increasing the Greynet problem dramatically. It is essential the threat is minimised. Four key steps to achieve this are:

    1. Recognise the threat
    2. Gain visibility of all files
    on the network
    3. Set up and maintain a watch list
    4. Engender cultural change

    Above and beyond the security holes that key loggers or password crackers present, many Greynets are indicative of reduced productivity. Games, gambling software and adult-related applications indicate that users could be spending an excessive amount of time not working.
    There is only one way to truly combat the Greynet, and that is to work closely with employees to change their habits. They are using the network everyday – keeping them informed of the dangers of downloading unknown software and working with them to ensure that music, photos and other sizeable personal files are not left lingering on the network will make the network safer and more reliable. No one is going to appreciate a heavy-handed approach.

    Index
    1. Introduction
    2. Extreme data erasure
    3. Cisco Catalyst 3750G
    4. Kaspersky Enterprise Space Security 6
    5. Sony IPELA SNC-RX550P
    6. Panda Malware Radar
    7. Juniper Networks SSG 5
    8. Check Point UTM-1 450
    9. Finjan Vital Security NG-1100
    10. Introduction to SC
    11. Protection... in a flash
    12. Paul Ockenden’s guide to burglary
    Protection... in a flash

    Davey Winder gives portable security a thumbs up.

    My professional interest in IT security overlaps rather neatly with my geeky personal interest in gadgetry, so when I recently gave a keynote speech to a select group of high-level security directors, my theme was the way hackers are using gadgets to further their social-engineering traps. They infect a cheap USB flash drive with a remote access trojan or similar malware, then drop it outside a target office, in the reception area or even at a bar or café known to be frequented by target staff. The trick is called, for obvious reasons, USB seeding. Hackers can afford to seed multiple drives because they’ve become dirt-cheap, and they can be reasonably confident that one will be picked up and plugged in thanks to human greed and curiosity. One security consultancy assessed a client company by dropping 20 infected thumb drives – 15 of them were picked up by staff and plugged into the network and the trojan activated.

    Properly patched PCs and a policy to prevent unauthorised device connection could combat this threat, but such savvy firms are still few and far between. That’s why I’m always pleased to hear about a USB flash drive that turns the tables by making security better rather than worse. The only thing I wear around my neck is a Netac OnlyDisk U220, a minuscule slice of black-and-silver loveliness measuring just 53 x 13.5 x 5.5mm and weighing only 13g (it’s no thicker than the USB connector itself).

    As well as providing 1GB of storage, the Netac keeps my data safe from prying eyes thanks to hardwired 128-bit AES encryption – not just some third-party software solution stuffed onto the drive as an afterthought. If I forget my password my data is gone, at least if I forget it enough times: the default password attempt lockout is set at 255, but I reduce this to a more practical 12 attempts. If the lockout ever did get activated, the entire drive would become unusable, and I’d have to send it back to the Netac R&D team in China to have it reset and reformatted – my data would be lost forever, as it can’t be restored during this process. As far as I’m concerned, this is the only way if you really don’t want anyone else accessing your data, although for corporate use it might pose the risk of a rogue employee changing the password.

    That’s why the Stealth MXP USB flash drive I saw at the recent Infosecurity show grabbed my attention. It is, I’m told, the first RSA SecurID Ready portable three-factor authentication device. Yes, that’s “three-factor” as in biometric access control, fingerprint and authenticated ownership of the physical device itself. With up to 4GB of 256-bit AES encrypted storage it’s pretty impregnable, although unlike my Netac it’s huge as a consequence of the amount of hardware packed into it. There’s an onboard CPU to do the hardware encryption, which means it has a zero memory and processor footprint when plugged into a remote host PC. Access software provides full control over security policy, deployment and field usage for admins, while the end user gets straightforward “plug in and it’s secure” encryption – remove it from the USB connector or reboot the host PC and the stick automatically locks itself down. Each device is bound to its individual user by hardware-based biometric and password authentication, in addition to the RSA SecurID Ready software authenticator, so the business can rest easy if it’s lost or stolen.

    I’m also intrigued by the imminent release of another flash drive, the Yoggie Pico, which is designed to be a self-contained and portable internet protection device. With 13 security applications pre-installed, it claims to provide full 360-degree security for the consumer market in a rather revolutionary hands-off manner. The Yoggie itself manages the 13 security applications, including handling updates, and is activated simply by plugging into a spare USB port: anti-virus, anti-spam, anti-hacker and URL-filtering.

    Index
    1. Introduction
    2. Extreme data erasure
    3. Cisco Catalyst 3750G
    4. Kaspersky Enterprise Space Security 6
    5. Sony IPELA SNC-RX550P
    6. Panda Malware Radar
    7. Juniper Networks SSG 5
    8. Check Point UTM-1 450
    9. Finjan Vital Security NG-1100
    10. Introduction to SC
    11. Protection... in a flash
    12. Paul Ockenden’s guide to burglary


    Paul Ockenden’s guide to burglary

    Paul Ockenden gives some other important security tips.

    Here are a couple of suggestions that once heard seem head-slappingly obvious, but which most people might not have considered. The first concerns USB flash drives. I love these devices and seem to be building an ever-expanding collection in my drawer here. It amazes me how small and cheap they are now, and with ever-increasing capacity too. It can’t be too long before we’ll see one being given away free with a Sunday paper. Many people walk around nowadays with all of their most important documents saved on such a drive, which allows them to work on the files or print them off wherever they happen to be. Or maybe it’s just a backup in case their main computer dies. Either way, it’s a great use for a USB flash drive.

    The first USB flash drives were big and clunky and, although they often came with keyring attachments, most people wouldn’t have used them like that because they were too bulky. However, the new generation are quite unobtrusive when attached to a bunch of keys, and that’s where the danger starts.

    The backup of your most important documents probably includes a copy of your CV, letters you’ve sent and other documents that contain your street address, so if someone finds or steals your keys they can pretty quickly discover the door to which those keys give access. What’s more, the fact you’re carrying round a USB flash drive is a good clue that you’re a techie and there might be more stealable gadgets in your home. So my first tip is to always use the password protection that came with your USB drive. I know it’s a pain having to type in the password each time you access the drive, but a lot less of a pain than coming home to find all your kit missing. If you don’t have software to protect or encrypt the drive, at least store that archive of important documents in a password-protected ZIP file.

    My second tip is on a similar theme and concerns your sat-nav system. This might be a unit built into your car, but these days, it’s more likely to be a portable system such as a TomTom or even software running on your smartphone. Whichever type of system you have, it will probably offer the facility to program a “home” location, sometimes with the option to press a single button to route you back to your house. The problem comes back to that bunch of keys again: most people keep house and car keys on the same keyring, and the implications are obvious. If you happen to leave your keys in the car by accident or have them stolen from your pocket while in a restaurant, someone might take your car, then press the button to find your house and use the same keys to gain entry. My advice, therefore, is to program the home button to take you somewhere close to where you live, but not actually to your front door. If you happen to live anywhere near a police station, that would be a good choice!

    Index
    1. Introduction
    2. Extreme data erasure
    3. Cisco Catalyst 3750G
    4. Kaspersky Enterprise Space Security 6
    5. Sony IPELA SNC-RX550P
    6. Panda Malware Radar
    7. Juniper Networks SSG 5
    8. Check Point UTM-1 450
    9. Finjan Vital Security NG-1100
    10. Introduction to SC
    11. Protection... in a flash
    12. Paul Ockenden’s guide to burglary
This article appeared in the November, 2007 issue of PC Authority.