Firewall program aims to protect remote offices

The firewall market is a pretty wild and woolly place. You’ve got hardware and software products targeting big companies and small, being built into routers and gateways, and gunning for consumers’ desktops. Just as confusing is the variety of technologies in play. Do you want a proxy firewall; a network address translation firewall; one that employs stateful packet inspection?

Until now, the International Computer Security Association Labs (ICSA) firewall certification program has used a one-size-fits-all set of criteria to test the security of firewall devices. As a result, some lower-end products have gone uncertified, leaving small-office workers and consumers to scratch their heads over technical jargon, weigh marketing hype and worry whether their networks are suitably protected.

The good news is ICSA Labs is about to unveil Version 4.0 of the certification program, which addresses the changing market. A two-step process, 4.0 certification requires a product to pass a baseline set of criteria, and be tested against its target audience and the characteristics of the networks involved. Vendors must be tested in the residential/consumer, small office/branch office/teleworker, or traditional corporate categories.

In the residential/consumer environment, the idea is “to protect users who don’t know what a firewall is but think it’s a good idea to have one,” says Al Potter, manager of ICSA’s network security lab. To pass the test, the firewall device must be easy to configure, and safe by default. It needn’t support inbound services or include remote management features.

In the second category, the firewall device sits in the home office or branch office and is managed remotely by an IT administrator in the corporate office. Such a device must be connected and administered from the public side of the firewall through an encrypted channel, and should allow for some inbound services to an e-mail and Web server. The third category is a traditional corporate firewall, the criteria of which remains relatively unchanged.

“We shaped these categories to reflect the way they’re being used,” Potter says. “We each asked ourselves: How do I configure my firewall? The answer is, I allow everything out but nothing back in. That’s fine at home but not for the enterprise.”

Other activity at ICSA Labs includes the development of a new host-based firewall program for certifying desktop firewalls. This too will include separate modules targeting the corporate market and consumer markets.

Potter says the Labs will turn its attention later down the road to developing a module for measuring firewall performance. “Four or five years ago, the focus was on security, then on features. Now that these are a given, performance will become the primary interest,” adds firewall programs manager Brian Monkman.

Would you recommend this article?


Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.

Jim Love, Chief Content Officer, IT World Canada

Featured Download

Previous article
Next article

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.

Featured Reads