VelociRaptor: A Simple but Tough Network Security Guard

 
 
By Francis Chu  |  Posted 2000-12-18
 
 
 

VelociRaptor: A Simple but Tough Network Security Guard


Security-conscious companies with limited budgets and small IT staffs should consider Axent Technologies Inc.s VelociRaptor firewall appliance to provide powerful network security with straightforward setup and management.

The VelociRaptor appliance is armed with Axents latest Raptor firewall (Version 6.5) and Axents PowerVPN, preinstalled in a Cobalt Networks Inc. RaQ appliance. Given Raptors record in the enterprise world as a highly secured firewall, the appliance is a solid buy. eWeek Labs believes VelociRaptor is best suited for small and midsize businesses, branch offices, and ISPs (Internet service providers) that require strong network security and desire the easy setup and manageability of an appliance.

The VelociRaptor, which shipped last month, is sold in either Cobalts RaQ3 or RaQ4 box. Each has a slim 1.75-inch form factor that will appeal to space-conscious ISPs. Each Cobalt system runs on an embedded Linux 2.2 operating system kernel that Axent has hardened to eliminate security holes.

The RaQ4 unit that we tested came equipped with an Advanced Micro Devices Inc. K6-2 450MHz processor, 256MB of RAM and four 10/100M-bps Ethernet ports. The less-expensive RaQ3 version has the same number of ports but has a 300MHz K6-2 and 128MB of RAM.

Axent prices the VelociRaptor based on the number of protected systems with unique IP addresses. For 25 or fewer addresses, the RaQ3 version is priced at $4,995. The RaQ4 version, with support for unlimited IP addresses, is available for $14,995. Axents prices are lower than those of Intel Corp.s NetStructure 3130 firewall/VPN (virtual private network) appliance, which costs $20,000, and Cisco Systems Inc.s PIX 520 firewall appliance, which is priced around $19,000. Differences in hardware contribute to the price differential. The Intel appliance has faster processors and more memory.

VPN Is No Speedster

The VelociRaptor boasts strong firewall capabilities, but its VPN performance—55M bps with Triple DES (Data Encryption Standard) encryption—is not up to par with competing appliances. Companies seeking a high-performance VPN appliance should evaluate Intels NetStructure 3130, which boasts throughput of more than 90M bps with Triple DES encryption. In addition to its higher price, though, the NetStructure 3130 has a less-secure stateful firewall. (For eWeek Labs Nov. 20 review of Intels NetStructure 3130, go to www.eweek.com/links.)

The Raptor firewall built into the VelociRaptor uses application proxies to allow network traffic through the firewall. Proxy-based firewalls are more complex than firewalls that rely on packet filtering and stateful inspection, but they can provide tighter security and more granular control by monitoring and filtering the application data.

The VelociRaptor appliance includes proxies to support IP protocols and services, including Network News Transfer Protocol; Common Internet File System, for secure connections to Server Message Block resources; and H.323, the IP-based multimedia standard. The VelociRaptor supports GSPs (Generic Service Proxies), which allow administrators to create generic secured proxies with nonstandard ports to accommodate legacy or proprietary protocols.

The use of GSPs gives companies the flexibility to apply VelociRaptors highly secure proxies to virtually any Web traffic without having to turn to less-secure stateful inspection systems.

In tests, setup of Axents device was a straightforward, two-step process. The first step was to configure the network interface for use with the RMC (Raptor Management Console). Using the LCD screen and buttons on the front panel, we were able to quickly configure the port with an IP address. Once the port was configured, the box generated the RMC, the SRL (Secure Remote Login) and the root passwords that we needed to log on to the appliance.

Managers Have Options

With the interface configured, we could log on to the VelociRaptor through either an RMC or SRL client to complete the setup. The RMC is based on Microsoft Corp.s Microsoft Management Console, so it must be installed on a system running either Windows NT or Windows 2000. We installed the RMC on Windows 2000 Server on a system inside the trusted network. The VelociRaptor can also be managed remotely using the SRL client via an encrypted connection. The administration console is well-presented and easy to use.

As was the case with the setup process, management of the VelociRaptor was simple. From the RMC we logged on to the VelociRaptor and used its setup wizards to easily configure basic Web access using HTTP and FTP and e-mail access using SMTP.

The VelociRaptor firewall was rock solid. We detected no security holes or vulnerabilities when we ran port scans and a variety of common hack attacks using a Nessus.org remote security scanner on a Linux-based computer outside the firewall.

Axents Continuous System Hardening feature makes the Raptor firewall highly impervious to attacks. It enables the VelociRaptor to scan continually for unsecured or unauthorized activities, disable the suspicious sessions, and log their occurrence.

Axents PowerVPN provides the VelociRaptors VPN capabilities. PowerVPN encapsulates packets using IP Security and authenticates users by means of certificates or private keys. PowerVPN also supports DES and Triple DES data encryption.

VelociRaptor Firewall Appliance 1


.0">

VelociRaptor Firewall Appliance 1.0

USABILITYB
CAPABILITYB
PERFORMANCEC
INTEROPERABILITYB
MANAGEABILITYB

Combining Axents Raptor firewall and PowerVPN in one easy-to-deploy appliance, the VelociRaptor provides solid protection for small-to-midsize networks that dont need a high-performance VPN.

SHORT-TERM BUSINESS IMPACT // Packaged as a Cobalt RaQ appliance, the VelociRaptor can provide immediate protection for small networks with minimal deployment effort.

LONG-TERM BUSINESS IMPACT // The VelociRaptors support for GSPs will prevent obsolescence by allowing companies to quickly adopt new e-commerce protocols.

Application proxies provide strong firewall protection; easy-to-use management console; small form factor.

Does not scale; lacks hardware redundancy.

Axent Technologies Inc., Rockville, Md.; (301) 258-5043; www.axent.com

Rocket Fuel