Network Security

Read Complete Research Material

NETWORK SECURITY

Network Security



Network Security

You probably have a firewall guarding your network from outside intrusion, but how do you protect your sensitive systems and data from an internal intrusion or attack? Fortress Technologies' NetFortress Heatseeker Pro distributed firewall can provide that internal layer of protection. (McClure, Scambray, 2002) Heatseeker Pro prevents attacks that originate from within a local intranet by bringing firewall-based security down to the desktop. Running on Windows 95 and Windows NT systems, it can perform authentication against Windows 95, NT, and NetWare Novell Directory Services and bindery systems. It's not meant to replace an existing Internet gateway firewall, but to extend security down to the servers and desktop.

In my testing, Heatseeker Pro fared well for its current state of development, especially when compared to Network Associates' PC Firewall. But even though Heatseeker Pro is certainly more robust than PC Firewall, the product still has plenty of room for improvement. Most notably, its Windows-based vulnerabilities limits its usefulness. (McClure, Scambray, 2002)

Distributed architecture

Because Heatseeker Pro is a distributed firewall, it runs as a desktop application on Win95 and as a service on NT systems. At its core, Heatseeker Pro employs "Winsock trapping" technology. When an application tries to contact a host service using Winsock calls, Heatseeker intercepts the request, performs verification based on the defined policies, and either allows or denies access. (McClure, Scambray, 2002)

NT blocking limited

Heatseeker Pro provides respectable functionality and easy-to-use policy definition. For instance, the product can be quickly configured to block all Java applets, ActiveX controls, and cookies. But at this time, these particular blocking features and others are not available on NT. Fortress says these shortcomings will be addressed in an upcoming version. Heatseeker allows the implementation of security rules based on users and groups and relies on Windows' or Novell's built-in user databases, which cuts back on configuration time but is only as secure as the OS's encryption schemes. (McClure, Scambray, 2002)

A drawback I noted while developing security policies is the lack of support for dynamically assigned ports. So you can't use applications such as RealAudio, which rely on dynamic port assignment. Once you've set policies, you can use the Audit application to review each user's access patterns, including dates and times of access. The Audit application can also generate graphical charts for easy review.

Simple policy setup

Overall, installing the software was easy work. The entire installation took about 2 ...
Related Ads