By Chet Heath  |  Posted 2003-03-13 Print this article Print

-Specific Security Method #2 -- External Appliance Boxes"> External appliance boxes refer to independent, off-the-shelf appliances that reside outside the server and provide firewall & VPN services. While not necessarily server-specific in all cases, in that they may service a collection of desktops and servers on a network, they may be configured and used closely-coupled with individual servers. Examples include products from Examples include: Nokia (IP330 & more), SonicWALL (Tele, Pro and GX series), and Netscreen (5, 25, 50, 200 Series). Advantages:
  • They are quickly installed into racks and configured for operation.
  • Can be very high-performance devices using specialized ASICs and/or high-speed embedded processors, and include fast internal buses to process very large numbers of concurrent secure connections, VPN tunnels, etc.
  • They are totally independent of the system that they protect, being truly independent systems with their own CPU, RAM, and network interfaces. No dependence on the servers OS. No cycles are given up from server performance.
  • The user selects the hardware and software as one entity. While this is easy, its not necessarily optimal.
  • Can support multiple workstations and servers.
  • In the event of failure, they can be easily bypassed by changing cables
  • Can be implemented and serviced without stopping server OS
  • Hardware Complexity – adds another failure point in-line to the process as follows:
    1. The failure rate of either the power supplies or file systems (both fairly high failure rate items) in the appliance box is additive to the failure rate of the protected server.
    2. A failed external system blocks availability of the protected server and it must be restarted manually.
  • Some external appliance boxes run on proprietary hardware and software foundations
  • The cables between the appliance box and the server can be easily bypassed to defeat security.
  • May not be consistent with other management tools
  • None purpose-built for Server-Specific Security


Submit a Comment

Loading Comments...
Manage your Newsletters: Login   Register My Newsletters

Rocket Fuel