Network security is on every IT manager's mind these days, and vendors have responded with a wide variety of Windows NT-based firewalls. When you need to choose one, the decision often comes down to the solution's flexibility, diversity of features, and integration methods. Platinum Technology's SessionWall-3 4.0 shines in both areas with a well-rounded feature set, an easy-to-read display, and respectable reporting. SessionWall-3, an intrusion-detection solution, can be used alone or with existing protection technologies.
SessionWall-3 can proactively detect intrusions, denial-of-service attacks, and viruses, and can screen Java and ActiveX applications. It is a very sophisticated network analyser that will take action against events based on its defined rules.
It uses promiscuous monitoring to look at the traffic passing over the network rather than just handling traffic passing through a single point, as do most firewall gateway technologies. Although other products, such as ISS RealSecure and Elron Internet Manager, also use promiscuous monitoring, SessionWall-3 stands out with a more rounded set of functionality and features that almost warrant placing it in a category by itself.
SessionWall-3 has been on the market for some time, and Version 4.0 significantly improves upon the product's prior versions, adding the capability of tracking users by user ID instead of IP or Message Authentication Code address. This functionality lets SessionWall-3 track and manage users' traffic from any workstations they're using. It also adds dramatically to SessionWall-3's reporting capabilities, which are clear and concise.
For instance, SessionWall-3 can determine a user ID from the negotiation of a Telnet session, and subsequently track and log that activity via that ID. As an added layer of protection and integrity, SessionWall-3 logs are digitally signed for sec-urity. Also, its logs contain more information than the usual firewall log, including e-mail content e-mail attachment content, and URL content.
SessionWall-3's administrative interface is well-designed. You can display individual user session data by client, server, or type of traffic.
One neat feature is SessionWall-3's session monitoring of Web traffic. When I reviewed a user's Web session, SessionWall-3 displayed thumbnails of a visited Web page in the right-hand pane of the display, which I could click to retrieve that page for further review. This will save administrators the trouble of manually typing or pasting URLs into separate browser windows.
Also slick in Version 4.0 is SessionWall-3's expanded response capability, garnered via its new capability to reconfigure Cisco routers and other protection devices, such as Check Point's Firewall-1. With this feature, you will not have to perform manual configurations.
SessionWall-3 can also detect malicious Java and ActiveX applets, identify viruses, perform URL blocking for unapproved Web sites, and send administrative alerts via e-mail, pager, an on-screen message, or even a fax.
Unlike many firewall architectures, which actively manage traffic at a single network border, SessionWall-3 takes the opposite course by monitoring traffic passively. This means network traffic does not have to be routed directly through SessionWall-3 for it to be able to perform analysis and actions on that traffic. SessionWall-3 can manage traffic on any network segment that it can see and dynamically build specific rules based on content, which are then applied to subsequent user sessions.
The product's reporting on the monitored traffic is very good. The graphically presented information is easy to read, and drilling down let me analyse individual user sessions. I could also schedule reports to be generated automatically and exported to HTML format.
I installed SessionWall-3 on a machine loaded with NT Workstation 4.0 and Service Pack 3. I configured my test network to use two hubs, two segments, and one router for Internet access. The workstation had two network interface cards, one on each network segment. In this way, SessionWall-3 could manage traffic on both segments. Although I used hubs during my tests, SessionWall-3 can also be used on switches with promiscuous or diagnostic ports. It also supports Token Ring and FDDI networks.
Installing SessionWall-3 was straightforward work, requiring only that I choose a directory and enter a licence key. I then started SessionWall-3, which immediately began tracing network traffic based on default parameters. The first time I used the software, I used a blank administrative password to log in, and then I redefined the password to control access to the interface.
I could also define additional administrative users for SessionWall-3 and refine which data those users could view within the interface.
With administrative users defined, I defined the rules by which SessionWall-3 would monitor and manage traffic. I could define rules based on internal or external traffic, by network subnet, by range of addresses, by domain, by host, by user, and more. The product integrates seamlessly into NT networks, so defining rules by user did not require that I redefine users within SessionWall-3.
SessionWall-3 is a well-rounded product with a great deal of functionality and flexibility. If you don't already have a firewall, intrusion-detection system, or content-screening tool, you should give it a look. And if you do have a firewall but are contemplating the addition of an intrustion-detection system or content-screening type of tool, you'll find SessionWall-3 a worthy addition.
The Bottom Line
Summary: This is a well-rounded security platform that delivers firewall technology, intrusion detection, content screening, session blocking, and more.
Business Case: SessionWall-3 saves IT managers time and money through its flexibility and capacity to act as a singular defence system or as a complement to existing protection systems. It lets you avoid buying, integrating, and managing a diverse array of third-party products.
Pros: Soup-to-nuts security. Cancels (resets) unwanted user sessions. Respectable reporting.
Cons: Resource intensive.
Platforms: Windows 95/98, Windows NT 4.0 with Service Pack 3 or later.
Price: Comprehensive pricing for different models available from the company.
Tel 1300 360 990