- 10 ways the Chinese Internet is different
- Hacker writes rootkit for Cisco's routers
- Verizon snares $678 million federal network deal
- Cisco loses $2 million order to Nortel
- HP buys EDS for $13.9 billion
The Payment Card Industry Data Security Standard (PCI DSS) is a set of industry regulations imposed by the major credit card companies to ensure the safety, security, and integrity of cardholder data. Any business that processes, stores, and transmits cardholder account data must comply with this complex new standard, and must be able to demonstrate that compliance through automated and manual audits of their systems. This white paper looks at the key challenges and requirements of PCI DSS as it relates to Microsoft Windows and Active Directory, and shows you how a third-party software solution can help with PCI compliance.
Get the latest on storage technologies that allow IT professionals to better cope with new IT demands. Learn how storage technologies can help you successfully tackle e-Discover, regulatory compliance, green data center initiatives and the data explosion. Get all the details now.
There are many compelling reasons for virtualizing Windows and Linux applications. Virtualization improves server utilization by allowing you to run multiple workloads on a single physical server. It reduces the number of physical servers you have to maintain, while allowing you to use less physical space and power while still improving scalability. All of these capabilities translate directly into lower costs, less complexity, and greater flexibility in your mixed IT environment. Register below to learn more and be entered to win an Archos 605 Portable Media Player.
SonicWall's new PRO 1260 Enhanced gear combines the brains of its popular TZ-series firewalls with the body of a 25-port managed 10/100M bit/sec switch .
Because the PRO 1260 - released last week - runs an enhanced version of SonicOS software, each port on the firewall can be configured with its own security zone. You can set up an individual firewall for every system in the company's Internet DMZ. This keeps the DMZ from turning into a free-for-all if any one system sitting behind the firewall is cracked because inter-system traffic can be fully controlled.
In our exclusive Clear Choice test, we found the PRO 1260 lives up to its flexibility promise. However, performance issues indicate this firewall might not be the right fit for inter-LAN traffic or Internet connections faster than 3M to 5M bit/sec.
The PRO 1260 offers the features you expect from an all-in-one firewall, including IPSec VPN, firewall-based anti-virus and content filtering, and in-line intrusion-detection and -prevention capabilities. SonicWall also has included e-mail filtering that can block certain types of attachments. Add to these optional features the traditional stateful packet filtering firewall and network address translation (NAT ) capabilities, and you have a traditional small and midsize business firewall package.
While other firewall vendors have commonly built small Ethernet switches into their products, SonicWall provides the capability to treat each port as a separate security zone with its own security policy, NAT rules and even bandwidth management allotments. Because there are 27 ports all told - 24 for the individualized zones, one for an up-link and two dedicated for optional WAN and DMZ usages - that's a lot of control and flexibility.
|
The PRO 1260 uses a Web-based administrative GUI (although a command-line interface exists via the serial port). SonicWall has taken great pains to make the set of firewall rules viewable (and editable) in any one of three formats - a zone-by-zone grid; a list picked by zone; or just a long list of all rules.
Although we found the GUI easy to use, managing a long security policy would be tedious because of the inability to reuse rules across zones. For example, if you wanted to put the same rule in 20 different zones, you must enter it 20 times. Worse, if you wanted to change it, you must change it 20 times.
We tested the PRO 1260 by putting it in front of 16 production servers, which creates 16 zones and 16 security policies (See "How we did it" ). SonicWall keeps the vendor-specific jargon during setup to a minimum, which made it easy to configure and use the PRO 1260.
Click to see: Filtering performance
We discovered immediately, though, that the PRO 1260 is not a high-performance system. Initially, we turned on everything, including anti-virus and intrusion prevention. We found that the PRO 1260 cannot keep up with a heavy load with all its features enabled (see graphic, above). In discussing these preliminary results with SonicWall, engineers explained the PRO 1260's target is a moderate-bandwidth environment, such as a 3M bit/sec cable modem or dual-T1 network. This contrasts with published performance rates at 90M bit/sec on the company's site.
One important performance consideration for the PRO 1260 is that system limits apply to all traffic that crosses zones. Thus, if you wanted to perform high-speed backups between zones, for example, you would find the speed of the PRO 1260 limiting internal traffic.
We also tested the PRO 1260 as a pure switch by putting two ports in one zone and not applying any security policy. In this case, we had no performance limitations, and the firewall handled our nearly 100M bit/sec load without problems.
|
|||||||||||||||||||||||||||||
|
|
|
|
|||||||||||||||||||||||||||
|
|
|
|
|||||||||||||||||||||||||||
Another significant feature in the PRO 1260 is bandwidth limiting. Configured on a per-port basis, this can be used to spread traffic loads out. We found that the feature worked well as long as the offered load and the desired load weren't too far apart in terms of speed (see graphic ).
We tested this feature by setting four ports to max out at 512K bit/sec each, which should have limited total load to 2M bit/sec. In the range between 2M and 4M bit/sec offered load, the SonicWall held actual bandwidth to 2M bit/sec However, once we tried to push more than 4M bit/sec of traffic through the box, the bandwidth-limiting feature didn't function correctly, letting much more than 2M bit/sec through the firewall.
SonicWall's PRO 1260 is a huge step forward in high-port-density firewalls. For about $100 per port, SonicWall can add excellent security management to large numbers of devices. For networks with moderate-speed Internet connections and inter-zone traffic, the PRO 1260 is an inexpensive way to add fine security granularity in a variety of environments.
Click to see: Keeping bandwidth at bay with Sonic Wall
| NetworkWorld, Inc. | About Network World, Inc. | Advertise | Careers | Contact us | Terms of Service/Privacy | Reprints and links | Partnerships | Press room | Subscribe to NW |
| IDG, Inc. | CIO | Computerworld | CSO | Demo | GamePro | Games.net | IDGconnect.com | IDG World Expo | Infoworld | JavaWorld.com | LinuxWorld.com | MacUser | Macworld | PC World | Playlistmag.com The Industry Standard IDG List Services |
 |
Copyright © 1994-2008 Network World, Inc. All rights reserved. |
