SOHO Firewall Routers: ISDN Branch Office Security

By Mike Fratto our customizable newsletter, sends you security alerts, product updates and software patches on the products you use. Sign up now at www.networkcomputing.com /express/  Like charity, security begins at home. The strongest firewall and the best-laid security policy won't protect data from threats from within your organization. An effective plan also must provide security for remote locations that can open additional connections to your corporate network through the Internet. But firewalls are too costly to distribute to remote offices and they can be difficult to manage. Additionally, remote offices typically don't need dedicated circuits--they need dynamic bandwidth. To view the Report card. To fill this gap, many vendors offer relatively inexpensive firewall routers. To test these devices, we asked vendors for products that offer ISDN connectivity with bandwidth on demand, multiprotocol routing and bridging, as well as firewall functionality fo r less than $3,000. We tested 11 devices in Network Computing's Syracuse University lab: ADC Kentrox's PACESETTER SOHO, ADTRAN's Express XLT, Ascend Communications' Pipeline 75 with Secure Access Firewall, Chase Research's IOLINK-LITE, D-Link Systems' D-LinkOFFICE DI-1135 Bridge/Router, Livingston Enterprises' PortMaster ISDN Office Router, OpenROUTE Networks' GTSecure 70 Firewall Router, RAD Data Communications' WEB RANger, Ramp Networks' WebRamp IP, 3Com Corp.'s OfficeConnect NETBuilder and ZyXEL Communications' ZyXEL Prestige 128 Extra ISDN Remote Access Router. The Hot Issues Security shouldn't be left to automated systems. Until someone comes up with a smart tool for analyzing IP traffic and detecting attacks, your best defense is event logging and alerting. These features are critical for detecting trends and hard-to-discover attacks, such as spoofing and port scanning. While nearly all of the devices we tested offered SNMP traps for common events, such as ISDN connections and boot up, none had SNMP traps based on security events. Security reporting was left to syslog entries or event reporting on the terminal. We also were interested in how well each of the devices performed with and without the benefit of compression. And in particular, the kind of performance hit each took when firewall filtering was activated; none of the devices dropped more than 2 percent when firewall filtering was enabled. With compression enabled, Chase Research's IOLINK-LITE could take the heat, with more than 40 KB per second throughput, while 3Com's OfficeConnect NETBuilder and Ramp Networks' WebRamp IP, which lack stands-based compression, were hurt in our performance testing. When the packets stopped flying, Ascend's Pipeline 75 with Secure Access Firewall took top honors mainly because of its tight security, ease of management and configuration, and excellent reporting features.

For the Side Bar on Firewall Options For The SOHO How We Tested Firewall Routers The Firewall Routers features chart , in Acrobat format. Other Reviews Five Stunning Midrange DLT Libraries Put Your Data Down on Tape By David A. Harvey Related Articles ISDN Connectivity ISDN Router/Hub Combination Devices: A Complete SOHO Solution? SOHO to the Enterprise: End-to-End or Dead End? Making The Connection With ISDN Routers Connecting With SOHO Remote-Access Servers