[| Navigational map -- for text only please go to the bottom of the page |] [|Opinions|] This way to >>> [Image] [Security Watch] February 15, 1999 The more the merrier: 1998's Golden Guardian award given to three top security solutions Picking our first annual Golden Guardian award for[Image] 1998's best information security product, solution, or technology turned out to be much harder than we thought. We received more than 40 recommendations via e-mail in response to our request for assistance. We tallied those receiving the most votes and tempered these results with a healthy dose of our own experiences with the many great security products we looked at in 1998. Out of our deliberations came a three-way tie among related technologies, with specific products in each category sharing what will surely become one of the security industry's most prestigious awards. (We're holding our breath ... .) Not surprisingly, our thoughts, and those of our e-mail respondents, centered around perimeter security, one of the main drivers of security enhancements. Thus, our first "Goldie" award goes to technologies that help secure the unknown realm of your perimeter. We were torn between two very strong contenders in the firewall category, but because Internet Devices' Fort Knox Policy Router is the winner of InfoWorld's Product of the Year in the network hardware category, we thought we would share the wealth and cite one of our favorite products, Sonic Systems' SonicWall firewall appliance. The SonicWall brings simplicity and low cost to Internet connectivity without sacrificing security. We expect it to shine in the small- and home-office market, and eagerly anticipate its upcoming enterprise-class version. Honorable mention in the perimeter security portion of our Goldie goes to CyberGuard's firewall software and Security-7's mobile code screening device, both strong finishers in our e-mail balloting. We can attest CyberGuard for NT 4.1's strengths (see our Enterprise Networking Product Review) and look forward to some direct experiences with Security-7's products. Part two of our Goldie award goes to a technology that continued to dominate the hearts and minds of network architects in 1998 -- virtual private networks (VPNs). In particular, we were pleased in 1998 to see consensus develop around the Internet Engineering Task Force's (IETF's) IP Security (IPSec) standard for encryption of IP-layer traffic as the VPN technology of choice. Interoperability among disparate vendor implementations is improving, and throughput is increasing because ever-faster hardware resources are affecting encryption. A favorite of ours and our readers is Permit Gateway from TimeStep, which was the winner of our VPN Test Center Comparison in 1997. The Permit gateway is a hardware-based IPSec device that has fast and strong encryption, X.509 support with Entrust Technologies' certificate authorization integration, and easy-to-use setup and management software. The developing IPSec standard also is represented in the third portion of 1998's Goldie, which we bestow on the scope of open-source security solutions. Self-reliance is a central tenet of the security administrator's bible, and 1998 saw the release and improvement of some useful tools for security administrators. In the case of IPSec, the IETF's open standards deliberation process has yielded a well-scrutinized, vendor-neutral security solution for the masses. This same public-spiritedness has also given us great tools such as nmap (www.insecure.org/nmap) and L0phtcrack (www.l0pht.com). Nmap is the port scanner extraordinaire that we rely on regularly to get a quick birds-eye view of a network. Besides identifying open ports in every shape and form, nmap can identify OSes via TCP fingerprinting. The capability to send non-Request for Comment-compliant packets to an IP stack does have its downsides, however. It can hang some kernels, so use it carefully. Despite this rare condition, the capability will forever change how risk assessments are performed. With the exception of commercial vulnerability-detection tools, nothing else comes close to nmap for rapid network-security assessments. L0phtcrack has been around for a while, but its usefulness hasn't abated, and some revisions in 1998 provided exciting new features, such as Windows NT password hash capture and blistering speed improvements. L0phtcrack continues to open our eyes when we use it to assess NT Server security. Finally, we'd be remiss in ignoring OpenBSD in any discussion of top open-source security products. It registered high in our e-mail survey, and we promise to take a more active look at it in future columns. Congratulations to our Golden Guardian co-winners for 1998: SonicWall, TimeStep, and open-source solutions such as the IETF's IPSec, nmap, and L0phtcrack. For this year, we'll try to pick just one, but we hope the field will force us again to consider a multitude of robust and useful solutions. Keep your nominations in mind throughout the year, and remember to send them to [email protected] by early January 2000. ----------------------------- [Image] Stuart McClure is a senior manager, and Joel Scambray is a manager at Ernst & Young's Information Security Services. They have managed information security in academic, corporate, and government environments for the past nine years. Missed a column? Go back for more. [Image] ----------------------------- Copyright © 1999 InfoWorld Media Group Inc. | SiteMap | Search | PageOne | Reader/Ad Services | | Enterprise Careers | Opinions | Test Center | Features | | Forums | Interviews | InfoWorld Print | InfoQuote | [Image] [Image][Image] [Image]