Security Watch

Last year we predicted that our Golden Guardian award for the year's best information security product, solution or technology would surely become one of the security industry's most prestigious awards. And although Donald Trump hasn't offered to produce this year's award ceremony at one of his posh properties, we're happy to bring you the second annual installment of the Goldie.

As always, making our choice was difficult. We strive mightily to consider only products we have touched or used frequently in the last year. In looking over the solutions we reviewed in 1999, we noted a distinct trend toward personal security solutions that make our daily lives easier.

Our first Golden Guardian co-winner for 1999 is WinRoute 4.0 from Tiny Software (http://www.tinysoftware.com). If Microsoft Corp. had implemented security from the ground up in Windows, it would have included something such as WinRoute.

This tiny firewall application stole our attention this year as we delved into its superb feature set. The product is sold as a full-fledged firewall for Windows NT and includes network-address translation, DNS forwarding, Dynamic Host Configuration Protocol, Remote Access Server connectivity, user-level access, and mail and proxy servers. But it's the packet filtering that really adds the cream.

Blocking unnecessary ports on an NT system is a must for any security-minded user, especially those ports connected to the always-up world of cable and Digital Subscriber Line. For example, any default-configured NT system can be attacked ad infinitum by brute-force password guessing over TCP port 139. Until WinRoute appeared, packet-filtering rules were too complex for the average user to configure, but now practically anyone can set up and deploy packet filters at the desktop.

WinRoute is so robust that some might say its capabilities are wasted on a single-system configuration, but we don't think so. We'd happily use it for a home LAN where performance isn't an issue. But with WinRoute's capability of guarding dial-up adapters and its extraordinarily simple rule-configuration interface, no other product matches this personal firewall.

Of course, a firewall's level of security is entirely dependent on the installed packet-filtering rules, which are under the control of the firewall administrator. For those people who don't need that kind of granularity in their personal defense system, look to BlackICE from NetworkICE (www.networkice.com).

BlackICE has come a long way since its introduction earlier this year, and we've come to rely heavily on this remarkable network intrusion-detection system that sits on the host. Our favorite change to BlackICE is that it has moved beyond intrusion detection and now performs blocking at four easily understandable levels: Trusting, Cautious, Nervous, and Paranoid. As with WinRoute, no matter what setting you choose (we recommend Paranoid), all traffic originating from your own system is allowed back; thus, setting restrictive policies isn't a hindrance to productivity. We just love watching the little BlackICE system-tray icon light up all day long, and getting that feeling of satisfaction from viewing the Attack log and Intruder list (reverse-DNS resolved) as it enumerates all of those bozos who think they're so surreptitious.

For experts to novices, BlackICE is a wonderful educational tool. If you ever wondered how much of the stuff we talk about every week really goes on, BlackICE will show you inside of a month, or even faster if you have always-on high-speed Internet access. In our case, we plug into many inhospitable networks during our travels as consultants. We don't leave home without it.

Did we miss any of your favorite security products this year? Let us know at security_watch@infoworld.com.

(Stuart McClure is an independent security consultant at Rampart Security Group. Joel Scambray is a consultant at Ernst & Young. They recently wrote the security book Hacking Exposed (Osborne McGraw-Hill).)

Join the newsletter!

Or
Error: Please check your email address.

More about Access ServerErnst & YoungErnst & YoungMicrosoftNetworkICERampart Security GroupTiny Software

Show Comments