Last spring when Novell rolled out "Novell Security Manager powered by Astaro (NSM)," I took the company to task because it appeared that the security appliance was more comfortable with Microsoft's Active Directory than with Novell's own eDirectory (see link below).
After writing that newsletter I spoke to officials at Novell who assured me that better integration with eDirectory would be coming in the next release.
Astaro has now released the latest version of its Astaro Security Linux Unified Threat Management software (the basis for the Novell product), and - guess what - according to the press release, it "provides enhanced integration with Novell eDirectory for highly configurable and customizable identity management and remote access security."
Now it's not going to be as easy as simply doing an upgrade to your NSM with the Astaro software. Well, nothing is ever THAT simple. But there will be an upgrade for NSM later this year that will incorporate much of the new features in the Astaro product.
<aside> Unfortunately, whenever a vendor bundles in products from a partner, the vendor always seem to be one version behind the partner's own releases. Generally, this "bundling in" should only be a short-term solution while the vendor either works on its own product or simply acquires the partner and its technology.</aside>
For those of you using Astaro's Unified Threat Management product, this upgrade should be already in your testbed with a view to rolling it out real soon. In addition to the tighter integration with eDirectory, the new release features:
* Linux Kernel 2.6 - Astaro Security Linux 6.0 utilizes the new Linux Kernel 2.6, which also supports new hardware and devices, giving you a wider choice of platforms.
* Session Initiation Protocol (SIP) Proxy - This increases flexibility, security and performance when supporting VoIP communications.
* Anomaly-Based Intrusion Protection - Astaro's Intrusion Protection application now includes a stronger barrier against "zero-day-attacks" - the malicious threats that attack enterprise networks before signatures have been developed. To guard against these attacks, the product monitors the behavior of "normal" traffic via statistical and heuristic analysis and identifies anomalies that indicate a possible new attack.
* Transparent Firewall Mode - To allow seamless integration into existing networks, Astaro Security Linux can now be installed in transparent (bridge) mode, eliminating the need to reconfigure IP space from currently assigned addresses.
* Time-Based Packet Filter and Surf Protection - Packet and URL filters can now be configured for specified time periods, for example to allow a specific group access to specific servers only from Monday through Friday, from 8 a.m. to 5 p.m.
* Policy-Based Routing - In addition to normal routing, which is based on the destination IP address, traffic can now be forwarded based on source IP address, source and destination port. With this feature, traffic can be spread over multiple Internet uplinks to improve application performance and use of bandwidth and to control costs.
For those of you without some form of perimeter security this could be just the right tool for you. And it should run on top of the SuSE kernel in Open Enterprise Server. This is a free upgrade for those with Version 5 of the product (and a valid maintenance agreement) and starts at approx. $300 (for 10 users) if purchased new. Browse to http://www.astaro.com/firewall_network_security/security_facts to get all of the details.
Learn more about this topicWhy Novell's latest security appliance is sending the wrong messages
Network World, 03/15/05