Two Companies Release NT-Based Firewalls

The names Raptor and Gauntlet spur prehistoric and medieval images, but their modern day implementations are anything but out of date. Two network security companies have unleashed these new measures to protect Windows NT-based networks. Each company is boasting that its own homegrown technology is designed to improve different facets of the firewall.

Axent Technologies Inc. (Rockville, Md., announced Raptor Firewall, which includes a "perimeter spreading" tool that manages distributed firewalls from one NT workstation. Network Associates Inc. (Santa Clara, Calif., announced version 3.0 of Gauntlet Firewall for Windows NT. Touted as an "Adaptive Proxy" firewall, Gauntlet Firewall is designed to improve speed and security with the same product.

Wes Wasson, director of product marketing for Network Associates’ security division, says the common trade-off in the firewall industry has been either speed over authenticity or vice versa. "For most customers, that's not an acceptable trade off," Wasson says.

There have been two different systems that analyze the data that hits a firewall. The first approach is packet-filtering, which allows the firewall to scan the address header of each message and make a decision based on the information in that header.

This progressed to a method called application proxy, which, as Wesson describes, "starts from the other direction." When communication is attempted, the message is moved up the stack to the application level -- such as FTP, HTTP or Telnet. At the application level, more data can be analyzed than just the address header. After communications protocols are cleared, the firewall then proxies the connection, meaning it establishes one connection to the host and the other to the client.

Wesson explains that once this hand off is secured then all subsequent packets can go through at the network layer, eliminating the continuous need to read the headers of all the messages coming through. Asked if this opens the network up to virus vulnerabilities through an open channel, Wesson says that as long as the administrator has virus scanners tied into the firewall, then any attachments will be tagged to be scanned before opened.

Although more thorough, application proxies take a longer time than packet filtering. Network Associates, however, has developed adaptive proxy technology that adds dynamic packet filtering to the mix. The dynamic packet filter in an adaptive proxy firewall allows proxies to request notification of new connections. The proxy can then examine specific connection information and tell the dynamic packet filter to either reject the connection, forward it, or absorb it to the application level.

The proxy for each new connection automatically adjusts the dynamic packet filtering rule base. In addition, dynamic packet filtering allows proxies to specify which connections should be automatically forwarded without notification. When a connection is terminated, the dynamic packet filter ensures that security will not be compromised in future connections by automatically removing the connection rule and requiring a new decision to be made for subsequent connections.

Ray Suarez, product manager for Axent's Raptor, says the Raptor firewall not only protects the corporate office, but also the branch offices. Using what he calls "perimeter spreading," Suarez says Raptor includes a management console that is very familiar with Microsoft Management Console. "Now you can go to an NT machine and see all of the [network security] details in an Explorer-like environment," says Suarez. "Microsoft is really pushing Microsoft Management Console for user interfaces."

Axent, traditionally a security company, has been focused on providing comprehensive security management with its Raptor Firewall. It can be integrated with Axent's security products, such as Intruder Alert and Defender.

Other features of Raptor Firewall include enhanced e-mail security for Microsoft Outlook '98, Outlook Express 4.x and Netscape Communicator desktop e-mail clients, and additional application proxies that are fully H.323 compliant. In addition, the Raptor Firewall supports WebNOT and NewsNOT for filtering Web and Usenet groups, and MIMEsweeper for content scanning and anti-virus protection. The Raptor Firewall logs files by information that includes session duration, byte counts, full URLs, user names, and authentication methods. System administrators can use this information to generate detailed statistical and session trend reports by exporting this data to the Telemate.Net reporting system.

Network Associates' Gauntlet 3.0 for NT incorporates plug and play proxy support, which enables customers to add and update new proxies on the fly as they become available, rather than waiting for custom patches or new versions of the firewall software. The new Gauntlet also features preconfigured security policies to help customers install the firewall and a program called Event Orchestrator to help integrate third-party applications with the firewall. The new NT version of Gauntlet also includes integrated anti-spam protection.

Network Associates acquired Gauntlet when they bought Trusted Information Systems in February, just two months after Axent acquired Raptor Systems and its Raptor technology in December 1997.