Some type of firewall is absolutely necessary when connecting your network to an untrusted network, but there are always budgetary realities dictating the range of products you can afford to use. There are few low-cost solutions on the market, and Global Technology Associates (GTA) has just upgraded its low-price offering to provide a slew of necessary features that won't break the budget.
Gnatbox 2.1 is well-suited for any site that can't afford a solution that costs more than $20,000. And it is tailor-made for use in countries that have a tough time gaining valid IP address space. In countries such as Japan and here in Australia, it can be difficult and expensive to obtain valid IP addresses. So companies here lean towards using Network Address Translation (NAT), which allows the use of invalid IP addresses on the internal network. With NAT technology you can make a buying decision that includes a cost comparison of IP-address purchases v NAT software.
Gnatbox is a lightweight, National Computer Security Association-certified firewall capable of handling Point to Point Protocol dial-up connections and virtual private networking through the use of Point to Point Tunneling Protocol.
Gnatbox supports Dynamic Host Configuration Protocol (DHCP), NAT, Unix-compatible syslog facilities, and Secure Shell (SSH).
The syslog facilities can be configured to control priority levels and send information about unauthorised access attempts, system notices, open connections, closed connections, and error conditions.
DHCP support is useful in environments that employ this protocol for assigning IP addresses to client machines.
The NAT capability lets you use nonroutable IP addresses for IP addresses on the internal secured network, which adds security by obscuring the identity of a particular machine. (GTA says the Gnatbox name was derived from the software's NAT feature.)SSH support is a plus, especially if you have Unix systems on your internal network and need to allow some level of shell access to those systems. SSH accomplishes this type of access over an encrypted transport.
Gnatbox also gives you a defence against IP spoofing attacks. IP spoofing is an attack by malicious intruders to bypass security by posing as a host trusted by the firewall. Overall, Gnatbox sports many of the necessary features found in higher-end firewall products.
At the plumbing level, Gnatbox supports both 10Mbit/sec and 100Mbit/sec Ethernet, as well as FDDI networks. Gnatbox also supports cable modems attached to an external network interface and can handle as many as 16,384 simultaneous connections.
The software also has a Web-based management interface for easy access from platforms supporting a Web browser.
Installing Gnatbox is somewhat different than installing your average firewall product. Gnatbox actually incorporates its own customised operating system. It is a derivative based on Berkeley's Unix OS, and, as such, Gnatbox runs from a single floppy disk.
Overall, I found the software quite adequate for certain types of security solutions. At first glance, I thought, "How much of a firewall can you really put on a single floppy disk?" But afterwards I had decided GTA has really done a remarkable job in keeping Gnatbox powerful and lightweight at the same time.
Originally, the single-floppy approach grew out of GTA's target markets overseas and in third-world countries. And with this price and feature set, it is right on target for those markets. But it is also a solid solution for any site with a super-tight security budget.
This low-priced, feature-rich firewall is capable of running from a single floppy disk. The software supports most required network functionalityPros: Lightweight footprint; supports Point to Point Tunneling Protocol and Point to Point Protocol; user-transparentCons: Supports only a small set of specific network cardsPrice: $2495 for a single copy, which includes an unlimited client-access licencePlatforms: IntelGlobal Technology AssociatesInfo: www.gnatbox.comGnatbox 2.1 is distributed in Australia by:
Tel (02) 9882 0088 Fax (02) 9882 0098