Feature-packed firewall software

Firewalls are essential to an adequate security plan. Milkyway Networks' SecurIT FIREWALL 4.11 for NT can help you protect your internal network, provide secure access for telecommuters, and manage your firewall remotely.

Milkyway Networks built a lot of functionality into SecurIT FIREWALL. The software's features include firewall protection, proxy services for major protocols, remote administration, applet filtering, and URL blocking.

SecurIT FIREWALL is an application- and circuit-level gateway that uses proxy servers. This arrangement provides better security than packet filters or stateful inspection systems. The firewall software uses Milkyway Networks' patented Bi-Directional Transparency technology, which lets users connect through the firewall without making a request through a proxy server. To use the software, users must provide a username, a password, source and network destination addresses, an application type, and a logon time.

Research has shown that the standard Windows NT tcpip.sys file (i.e., TCP/IP network stack) has vulnerabilities that let an attacker easily crash an NT system. When you install SecurIT FIREWALL, you need to replace NT's TCP/IP stack with Milkyway Networks' customized TCP/IP stack. Milkyway Networks built its network stack especially for firewall use. Screen 1 shows the software's TCP/IP Setup window.

The software provides proxy servers for HTTP, FTP, Network News Transfer Protocol (NNTP), Gopher, Telnet, Secure Sockets Layer (SSL), SQL*Net, RealAudio, Post Office Protocol 3 (POP3), and VDOLive. SecurIT FIREWALL also includes a generic proxy server that controls access from specialized applications (e.g., Citrix's WinFrame). In addition, SecurIT FIREWALL supports the S/Key one-time password scheme for secure remote access.

SecurIT FIREWALL comes with a Remote Administration feature, so you don't have to physically visit the firewall system to make configuration changes. The software can send email and pager alerts when firewall activity surpasses alarm thresholds. You can store the firewall's log information in an Open Database Connectivity (ODBC)-compliant database.

Java and ActiveX applets can threaten network security. SecurIT FIREWALL includes applet filtering, which blocks Java and ActiveX applets from the network.

SecurIT FIREWALL has a URL-blocking feature. The software uses NetPartners Internet Solutions' Web-SENSE—which you must purchase separately—to block users behind the firewall from accessing Web sites and FTP, Gopher, and Telnet sites.

SecurIT FIREWALL supports Network Address Translator (NAT) and as many as four NICs. You can configure the software to run in conjunction with email virus scanners, such as Norton AntiVirus. Using SecurIT FIREWALL has drawbacks: The software doesn't support IPX, nor does it provide a Virtual Private Network (VPN).

Installing SecurIT FIREWALL isn't difficult, but it's tedious. You need to configure your NT server in the per seat license mode, and you need to build your system as a standalone server. After you manually remove Microsoft's TCP/IP protocol and install SecurIT FIREWALL's hardened TCP/IP protocol stack (driver), you must reboot NT to activate the driver.

Installing the software is a simple process—you select a directory and enter a license key. I installed the Remote Administration feature on my workstation and the NT Domain Integration feature on my NT server. The NT Domain Integration feature helps to integrate the NT domain accounts into the firewall user list. This feature is a time saver because you can add NT user accounts directly into the firewall rules database. You don't have to create an account for each user manually or go through a convoluted export-import routine.

I like SecurIT FIREWALL's features and functionality. I also like the fact that I can replace Microsoft's TCP/IP stack. If you're shopping for a firewall, don't overlook SecurIT FIREWALL.

SecurIT FIREWALL 4.11 for NT
Contact: Milkyway Networks * 613-596-5549 or 800-206-0922
Web: http://www.milkyway.com
Price: $1900 for a 10-user license
System Requirements: 133MHz Pentium processor, Windows NT Server 4.0, 64MB of RAM, 2GB of hard disk space, Two or more NICs