VelociRaptor scares off network intruders
SECURING SENSITIVE corporate data is a challenge for all businesses, but particularly so for small to midsize companies and branch offices of large corporations. Because both technical expertise and financial resources are a little tighter in these environments, it is difficult to deadbolt smaller corporate networks. And a poorly implemented solution is worse than no solution at all, as it lulls a company into a false sense of security.
That is why VelociRaptor, a new firewall hardware appliance from Axent Technologies and Cobalt Networks, is such an appealing find. The unit supports roughly 45Mbps in full-proxy mode, which is on the low end for large scale enterprise usage, preventing us from giving it our top score of Excellent. But VelociRaptor is a reliable and easy-to-use network guard for midsize companies, enterprise branch offices, business-to-business partners, and remote user connectivity, earning it a score of Very Good.
VelociRaptor comprises a hardened-off Linux 2.0 OS, four Ethernet network adapters, and the popular Raptor 6.5 Firewall and PowerVPN in an easily installed 1U-high server appliance. The proxy firewall sports four 10/100 Ethernet network interfaces, two primary separating inward-and outward-facing topologies, and two auxiliary ports, suitable for adding extra connections to Web sites or business partners.
VelociRaptor is a cut above Cisco's Secure PIX, thanks to its straightforward graphics console for consolidating management of multiple fiirewalls. And unlike Check Point's VPN-1, it delivers application-level filtering and a far easier installation.
But don't let VelociRaptor's ease of use fool you. This little box packs in VPN capabilities for implementing encrypted site-to-site tunnels (as well as remote site-to-site) through an additional IPSec VPN client purchase, a variety of authentication competencies, and protection at the IP, circuit, and application levels.
We slid VelociRaptor into our network well within the 30-minute average setup time touted by Axent. First we entered preliminary IP and gateway information into the front panel LCD display to begin communication on the network, after which the unit generated a series of passwords to allow local and remote access. The front panel could then be locked to prevent unauthorized access. Next we installed the management console software, establishing a connection to the unit, and ran several wizard-driven setup routines, which allowed us to implement security policies.
VelociRaptor provides several helpful wizards for configuring site-to-site and remote-to-site connections. The product required only a modest degree of technical expertise and was up, running, and guarding our door within minutes.
Going beyond mere protocol-level protection, VelociRaptor also embraces IP, circuit-level, and application-level protection. The product's filtering capabilities monitor the validity of TCP/UDP (User Datagram Protocol) communications (such as HTTP, FTP, telnet, and SMTP) to defend against backdoor infiltration and buffer overrun spoofs.
In addition to NAT (network address translation), VelociRaptor's Generic Service Proxies support multiports and port ranges to accommodate a variety of custom e-business requirements. A variety of user authentication methods is available, including common gateway authentication, Radius and TACACS (Terminal Access Controller Access Control System), two-factor tokens, and X.509 digital certificates. VelociRaptor can even interface with PKI (public key infrastructure) solutions from Entrust.
VelociRaptor's self-monitoring feature constantly polls the internal OS to ensure a secure environment and will take action to thwart any malicious procedures detected. The product also watches for suspicious activity on the network pipeline.
When tested by a self-imposed denial-of-service attack, VelociRaptor slowed to a crawl but impressively shrugged off the attempt by closing down the offending connection.
The Microsoft Management Console-style plug-in offered access to all of VelociRaptor's configurable parameters and provided an aggregate look at all policies and real-time monitoring statistics across multiple units.
The product provides two serial connections: one to add a local terminal emulator and one to allow a direct interface to your UPS (uninterruptible power supply) backup. VelociRaptor also provides e-mail or pager alerts to notify administrators of peaked threshold levels or malicious activity, database importing for gateway authentication and VPN accounts, and the capability to remotely push software upgrades to the unit.
All told, this firewall and VPN appliance does a solid job of protecting your network and securing communications between remote sites and users. It will also save you money by replacing your existing secure leased lines with a less expensive solution. VelociRaptor represents an ideal firewall appliance packed with features that should make it a top consideration in your branch office's or growing network's security detail.