Tools for fending off attackers

Like a feudal lord trying to keep the barbarians from storming the castle walls, you have to protect your organization’s networked environment against hackers, viruses and the many other threats. To help you maintain your defensive arsenal, here’s a sampling of some recently announced security products.


According to research firm IDC, the firewall appliance market alone will have 50 per cent of the total firewall market by 2003. Analysts also predict huge growth opportunities in the small and medium size enterprise (SME) space, as more than 65 per cent of U.S.-based SMEs will be connected to the Internet by 2001 (IDC). Ninety-nine percent of all U.S. businesses – -more than seven million – are classified as SMEs.

Internet security software product supplier PGP Security, a Network Associates business in Santa Clara, Calif., says their line of PGP E-ppliances provides an advanced and scalable security solution for networks ranging in size from a single remote user to a large enterprise with thousands of users. The new line is described as incorporating firewall and virtual private network (VPN) capabilities with web-based management for easy deployment and manageability.

PGP says enterprises are choosing hardware solutions over software because they are more cost efficient and easier to deploy and manage. The company reports that with the current need in many companies for seasoned IT professionals, especially the small to mid-size organizations that make up the majority of the broadband market, customers are looking to PGP Security to provide solutions that do not require a great deal of administrative time. PGP claims cost-effective appliances are similarly attractive to managed service providers who gain strong benefits from the efficiencies inherent in delivering and managing solutions around limited, defined sets of hardware rather than the infinite configurations that can be deployed using software-based solutions.

PGP E-ppliances offer an ICSA-certified firewall integrated with IPsec VPN capabilities, anti-virus protection, content filtering and IP address management. The virtual private networking (VPN) enables remote users to share information securely, the company says.

PGP E-ppliances are based on the technology of SonicWALL, a provider of Internet security solutions, and can be customized. Starting price is US$595. Additional security capabilities including virus-scanning and content filtering are available as extra subscription services.


The BorderWare Firewall Server from BorderWare Technologies Inc. of Mississauga, Ont., is said to eliminate vulnerabilities and costs associated with a separate firewall and operating system. It uses packet filtering, circuit-level and application-level gateways to secure and control all inbound and outbound traffic. BorderWare claims the strong defaults and intelligent user interface protect against misconfiguration — noted as a common source of vulnerability — and provides flexibility for meeting local requirements.

BorderWare has announced a revised roadmap for their Firewall Server to speed up delivery of its new features, reduce the requirements for complete upgrade installments and introduce new innovations without compromising ongoing improvements. Feature Pack update packages will be made available with new features and functions from time to time in the form of software patch files that can be applied to the Firewall Server without requiring a reinstallation.

The first Feature Pack, Pack A due out in January, is said to allow BWClient connections to be made via an IPSEC tunnel to the firewall’s internal interface. This is designed to allow remote administration over IPSEC without requiring strong authentication. This feature can be disabled if required, the company says. Support for rack-mount and “headless” systems will be improved by adding serial console support. This will allow the current console interface to operate using any ANSI compatible terminal or terminal emulator and allow remote console operation using a terminal server interface. DHCP support will be added to the external interface of the firewall. This is intended to improve usability in environments where IP addresses are allocated dynamically, such as cable Internet services. BWClient will be enhanced to support directly saving and restoring the firewall configuration data.

Future Feature Packs are to be released in March, June and July of this year, the company says.


RSA Security Inc., with its Canadian head office in Toronto, has released its Web Security Portfolio designed to help address the broad e-security needs of organizations worldwide. The Security Portfolio is described as a family of products and services intended to allow organizations to work with a single vendor to help them safely conduct e-business transactions.

According to RSA, it focuses on the need for security solutions in the Web space and offers a wide range of authentication, privacy, integrity, authorization, audit and non-repudiation solutions for addressing the unique security needs of developers and enterprises. RSA claims it provides encryption technology for protecting applications and information, two-factor authenticators for ensuring with whom they do business, and public key infrastructure (PKI) software for securely conducting digital transactions

Organizations that want to secure Web-based application information as it flows over the Internet, as well as while stored, can use RSA BSAFE software development kits to enable encryption, secure communication and PKI functionality within their applications, RSA says. Companies that want a secure means of knowing who they are doing business with can use RSA SecurID authenticators to help ensure only the appropriate person is accessing the information, the company claims. Organizations that want to deploy digital certificates and invest in a PKI can choose RSA Keon Software for securely conducting digital transactions.


Consumer security application service provider Corp. of Sunnyvale, Calif.,

has launched its .NET initiative, describing it as a new managed application service to provide desktop security, helpdesk and productivity services to corporations over the Internet. The .NET initiative is intended to provide a collection of Web-based application services that are completely managed and maintained by, accessible via a browser at anytime and from anyplace on the Internet and rapidly deployable across geographically diverse business units within the corporation.

McAfee boasts that this launch makes them the first company to deliver a comprehensive set of IT-centric application services that allow businesses to secure, support and enhance their desktop and mobile computing platforms. The company says the .NET Initiative complements IT departments by providing businesses with several Web-based subscription offerings that are simple to deploy and manage. These tools fall under the umbrella of three service centres: Security.NET, HelpDesk.NET and Productivity.NET.

Of particular interest here is Security.NET, which is said to help secure corporate digital assets through McAfee’s security solutions. McAfee claims Security.NET provides the latest anti-virus protection, safety from hackers and prevents wireless devices from providing a back door into the network. It incorporates AntiVirus Service, Firewall Service and, for virus protection and other utilities for handheld computing device using the Palm, Windows CE and EPOC operating systems, Wireless Security Service.

Pricing for the Security.NET is US$69.95 per service, per user, per year.


Toronto-based security products provider JAWZ Inc. has launched DataGator as an application-independent method for maintaining encrypted handheld device data by working in the background to secure the data of all record-based applications. It is compatible with Palm O/S 3.0 or greater, and Handspring Visor, IBM WorkPad PC Companions, Qualcomm pdQ smartphone, Sony Clie and Symbol SPT 1700 and 1740.

The product is said to offer an option to existing security applications for the Palm that restrict access by requiring a password when the device is turned on. JAWZ notes that this front door has been easily bypassed, exposing sensitive data to a hacker or thief. In many cases, an owner had to remember to turn the device off in a certain way or do something special to protect data. Being manual, these additional steps were easily forgotten, regarded as wasting time and failed to guarantee that data was protected, says JAWZ. The company claims their product automates all these cumbersome processes while ensuring automatic encryption of all data.

Three versions are available: standard, professional and enterprise, beginning at US$39.95. The product is promoted as easy to use with installation taking less than three minutes, having a small footprint and using minimal memory resources (150 KB) in order to maximize performance speed. It only encrypts or decrypts the data on applications which the owner has opened, leaving the rest in a secure, encrypted state.

DataGator allows software to be loaded from most major computer platforms. Mac and Linux require manual installation. Once installed, it runs as if it were part of the Palm O/S and ships with its own configuration software. JAWZ sees this as of particular benefit to Palm O/S software developers as the product provides security without the need to change or retrofit any applications. Single-user license pricing is available through the JAWZ website at


“With thousands of employees using internet-enabled PDAs (personal digital assistants), companies are very concerned with what is being downloaded and delivered into their corporate networks,” said Bill Lyons, president and CEO of Finjan Software, Inc., with a Canadian office in Toronto. “Proactive behavior-monitoring of active content has come of age in this new era of malicious code attacks as companies look for new ways to improve their current security defenses and plug this large active content security hole.”

Finjan notes that active web content, including ActiveX, Java, scripts and executables, presents a security risk due to its ability to transparently steal, damage or erase files of unsuspecting computer users. The company says a new version of its SurfinShield Corporate monitors executables, ActiveX, Java and script programs in real-time for malicious activity. It automatically blocks incoming active content that breaches security policies, such as attempting to delete a file or open a network connection. New features include VB Script scanning and support for Microsoft’s ISA server and Axent’s Raptor firewall.

Finjan describes the latest version of sister product SurfinGate as a gateway security product that performs content inspection of downloaded ActiveX, Java and script programs to protect PC users inside organizations. It is said to allow companies to leverage the power of Web technologies like ActiveX, Java and scripts safely, while maintaining the integrity of their data and business. Using a patented real-time content-inspection process, SurfinGate is intended to protect companies from malicious code attacks without relying on database updates. Any action that violates the security policy is terminated and logged while users are notified with an onscreen alert. New features include Visual Basic script scanning, more firewall support and digital certificate support.

SurfinShield Corporate starts at US$59 per user; SurfinGate at US$49 per user. Volume licensing agreements are also available.


Wireless local area network (LAN) revenues are expected to grow from US$350 million in 1999 to US$2 billion by 2003, according to the Phillips Group InfoTech. Recognizing this growth potential in the wireless market, Sniffer Technologies of Santa Clara, Calif., another Network Associates, Inc. business, last November began shipping Sniffer Wireless. This wireless LAN protocol analysis product is said to be aimed at customers wanting high quality, long-term management, monitoring and analysis capabilities for higher security and maximized performance within their wireless LAN infrastructures based on 802.11b, the IEEE industry standard for wireless interoperability.

The product is said to enable users to spot potential security risks automatically. Its analysis capabilities is designed to monitor a customer’s wireless LAN application environment, such as customer relationship management and email, and determine whether sensitive data is being transmitted without appropriate encryption solutions.

The company says Sniffer Wireless will identify and resolve network problems efficiently. It says it can determine the source of network hold-ups that may cause users to experience slow response time behind their ERP, SCM and/or Internet applications. It pinpoints where customers need to take immediate steps towards problem resolution to maintain business productivity, says Sniffer. It is also designed to reduce network-operating costs by facilitating architecting a wireless LAN infrastructure that addresses users’ specific needs. Wireless only: Cdn$17,995; LAN and Wireless together: Cdn$29,995.