SSL appliance on tap from Check Point

Check Point is coming out with a Secure Sockets Layer remote-access appliance that screens for malicious code that might compromise corporate resources being accessed by remote users.

Check Point is coming out with a Secure Sockets Layer remote-access appliance that screens for malicious code that might compromise corporate resources being accessed by remote users.

Called Connectra, the appliance sits between corporate servers and the Internet, setting up SSL sessions with remote computers via their Web browsers and proxying the sessions through to the servers. This remote-access method, also used by other vendors, is generally a simpler and less-expensive alternative to IPSec remote access, which requires installing a client on the remote computer.

Connectra competes with SSL products from Aventail, Cisco, Juniper (formerly NetScreen Technologies), Nortel, Whale Communications and others, but adds Web-filtering capabilities that seek malicious executable code that could compromise data on corporate servers.

“Many Web applications are not well coded because they have been written quickly,” says Phil Schacter, vice president and director of Burton Group. “This leaves them vulnerable to buffer overflows and other attacks because of weaknesses in the applications.” Other vendors such as Teros and NetContinuum sell gear designed to specifically handle these attacks.

Check Point says the Malicious Code Protector feature is similar to what F5 Networks does on its FirePass SSL remote- access appliances. F5’s Content Inspection Engine can detect buffer overflow and SQL injection attacks and filter them, the company says. Malicious Code Protector works for Intel-based servers, and Check Point is working on support for Sun servers, the company says.

“I doubt it’s the same level of attack protection as Teros or NetContinuum,” says Michael Suby, an analyst with Stratecast Partners. “Nonetheless it’s more protection than you’ll get from other SSL VPN vendors.” Plus remote users must authenticate to the Connectra box, so the machines are “semi-trusted” and less likely to be the source of attack, he says.

Connectra also includes software that gives remote users who connect via an application-layer, browser-based SSL session the ability to access corporate networks at Layer 3. To do this requires downloading an ActiveX agent that Check Point calls SSL Network Extender, which is similar to agents other vendors including Aventail, F5 and Juniper offer.

SSL Network Extender and Web Intelligence software can be bought separately to be deployed with Check Point’s existing VPN-1/Firewall-1 software.

With Connectra, Check Point is including technology that scans the remote machine making the SSL connection to make sure the machine is secure. Check Point acquired the scanning software when it bought Zone Labs, which called the software Integrity. The Adaptive Endpoint Security software, which must be loaded on the remote machine, scans for malicious code such as spyware and keystroke loggers. Based on what it finds, Connectra can adjust the user’s access rights.

Endpoint security lacks cache cleaning that wipes out caches and files on the remote machine at the end of a session, a feature other vendors have, Suby says.

Connectra, which will be available in three configurations, is scheduled to be available in June, and SSL Network Extender is slated for July. Pricing has not been set. Web Intelligence software pricing ranges from $5,000 to $20,000 depending on how many Web servers it is protecting.