Two faces for the firewall
- 21 October, 1998 13:20
Network Associates (NAI) is poised to drop a bombshell on the normally staid firewall-security market with the release of a new kind of firewall technology, called Adaptive Proxy, at NetWorld+Interop in Atlanta next week.
NAI intends to remove the necessity of choosing between stateful-inspection firewalls and proxy firewalls with Adaptive Proxy, which can be configured to support either method. Stateful inspection involves cursory packet inspection and Proxy firewalls offer more heavy-duty examination.
Using a control console, users can alternate between faster throughput or stronger security based on their needs and, soon, on whether their network is being attacked.
"What this represents is a new generation of firewall technology that takes away the need to choose," said James Ishikawa, director of NAI's Total Network Security line.
"We have a new dynamic packet filter plus a control channel between the proxy layer and the application layer," Ishikawa said.
Active security service
Adaptive Proxy will complement NAI's planned Active Security system, due in January, which will let a security network's components communicate among themselves in case of attack.
The integration has the potential to automatically increase firewall security if an intruder is detected by other systems, Ishikawa said.
Although the idea of adaptive firewall technology is not new, it has not been achieved with great success or attempted from a proxy method before, analysts said.
"Most of the vendors who do the packet filtering tried to move in this direction with stateful inspection, but they didn't go far enough to produce tighter security and it's not dynamic," said Steve Foote, senior vice president of the Hurwitz Group, an analyst in the US. "A lot of security vendors on the market will monitor security. This allows you to manage it, to make a business decision on how much security is appropriate."
Adaptive Proxy will be included in NAI's Gauntlet Firewall line, including Gauntlet NT 3.0, which will ship Oct. 15, and Gauntlet Unix 5.0, which will ship in December.
NAI officials also intend to release a toolkit to allow for the creation of Active Proxy systems, but no release date has been scheduled.