The most recent articles from PC Magazine

NEC Touch Pass

Alex Arias — 2004-01-27T11:32:06.000Z

Alex Arias, PC Magazine, Tuesday 27 January 2004 at 11:32:06

Fingerprint recognition software thats worth getting your hands on.

The use of biometrics is becoming ever more popular in enterprise environments, because of the problems inherent in remembering passwords or other authentication data. NEC's Touchpass provides a powerful biometric authentication system based on fingerprint recognition.

The system is based on a patented matching algorithm and works by extracting data points from a scanned fingerprint image. These are encrypted and stored in a secure location. With this method, a secure set of data points are held rather than an individual's actual fingerprint images.

Installation is simple on any Windows NT/2000 or above server running Active directory. It ties directly into the directory structure and adds an extra tab to each user's properties. Each user scans in their fingerprints - a short process - and all 10 digits can be stored.

The client software can be deployed using Microsoft's SMS. Once installed it replaces the usual Windows login prompt, requesting a finger print scan for authentication. This takes a little time to get used to but again is a simple process.

Touchpass works with a number of scanning imaging devices. Each has a varying degree of accuracy-and the choice depends on your environment - NEC can advise on this.

Although it is an enterprise product, it can easily be deployed in smaller environments. Features such as replication to backup domain controllers mean it is fully scaleable. NEC will also tailor the product to suit varying security requirements.

Touchpass provides a relatively simple, if expensive, way of reducing the administrative burden of maintaining passwords.

Apart from improving security, the potential administrative cost savings should be attractive for corporate customers.

Contact: NEC

www.nec.co.uk/necnss.asp

Specifications:

OS: Windows NT4 or above
Capture device interface: Parallel, PC Card, USB
False acceptance ratio: (FAR) 0.0002 percent (1 in 500,000 attempts)
False rejection ratio: (FRR) 0.05 percent (1 in 2,000 attempts)
Price: Sold on number of perpetual client licenses - 1,000 users around £100,000 (ex. VAT)

KaVaDo InterDo

Alan Stevens — 2002-07-08T14:13:43.000Z

Alan Stevens, PC Magazine, Monday 8 July 2002 at 14:13:43

A useful tool in the fight to keep your server secure.

As essential as they are, all the firewalls featured this month operate mostly at the network level.

HTTP requests, typically carried unfiltered by most firewalls, can still be used to manipulate known server vulnerabilities, tamper with cookie information, manipulate URLs and so on. It's these application-level issues that InterDo, from Israel-based KaVaDo, addresses.

The software that makes up InterDo is installed and run on a Windows NT 4.0 or 2000 server, with the main components running as background services. For optimum protection, the host system should be a dedicated server, although InterDo can reside on the same system as a protected web server, if required.

It can also be bought pre-installed on an Intel-based server appliance (from £14,300 ex. VAT) ready to plug straight into the local area network and begin working.

One of InterDo's key features is its ability to protect almost any HTTP 1.0 or 1.1 based application running on any platform. HTTPS support is also provided.

However, protection isn't automatic and a fair amount of configuration is needed, which can vary from a couple of hours for a single application on one server to several days for more complex distributed applications. Fortunately, the process isn't difficult and help with deployment will normally be included in the price.

Configuration is done via a custom Java-based console. The first step is to define one or more tunnels linking the internet with the web server/s on the protected network, done by specifying the IP addresses and ports to monitor and connect to.

Next, applications are defined by providing the paths to their web server directories with any not specified covered by a catch-all default security policy.

The final task is to decide on the types of checks to be made by associating so-called security pipes. Several are provided, starting with the AllowList pipe, which limits the directories that users are allowed to access.

Cookie pipes stop cookie information being used inappropriately, while the database pipe checks to make sure HTTP requests don't contain harmful SQL commands.

Other pre-defined pipes prevent URLs being manipulated and HTTP parameters being misused. Another blocks access to specific web server and application vulnerabilities. Like most, it can be customised to deal with new threats as they arise.

Some experimentation is required to get the right configuration, but there's no need for any code changes. The impact on performance will depend on the applications and hardware involved, but KaVaDo claims that the software can support 500 to 1,000 concurrent users using a single InterDo server.

Scaling beyond that is possible by deploying multiple servers, managed from a single console.

As with most security products, InterDo isn't a complete solution; a firewall is still essential, along with antivirus and intrusion detection tools. However, it provides a level of application protection not possible using those tools alone.

Price: From £10,700 (ex. VAT) for a single tunnel.

Minimum requirements:

Hardware 700MHz Pentium III; 128Mb of Ram. (InterDo appliance is a dual-processor Pentium III rackmount server).

Software Windows NT 4.0/2000 (latest service packs should be applied).

Compatibility: Platform-independent. Works with all major web servers and browsers. Supports HTTP and HTTPS protocols.

Contact: KaVaDo 020 7604 4466

www.kavado.com

Preventon Personal Firewall 2.1

Ashley McKinnon — 2002-06-13T11:44:18.000Z

Ashley McKinnon, PC Magazine, Thursday 13 June 2002 at 11:44:18

Easy to install firewall for the first-time user.

To most users, the prospect of installing and maintaining firewall software is daunting. Targeted specifically at the inexperienced and cautious user, Preventon Personal Firewall is a set-and-forget package and aims to be as transparent as possible.

It's the perfect solution for simple firewall tasks, but configurability and manageability have been compromised to achieve the program's ease of use.

Configuration of the firewall takes place at installation. By default, the software blocks all traffic in and out of your system. It's up to you to choose which applications, tasks or users will be allowed access.

A pop-up window allows you to enable web access, email, newsgroups and file/print sharing. For the inexperienced, selecting these will be the only configuration needed, which is quite different from most other firewall packages.

More advanced users do have other options to choose from, but there's a distinct limit to what can be chosen.

The main interface is kept simple and the basic display consists of a dynamic log of activity through the firewall. Any connection attempts, scans or other suspicious activity is updated in real time so that you can quickly see any problems.

This log can also be saved to disk. Double-clicking on any of the listed activity attempts will open a new window with more detailed information, showing exactly which protocol and port number is being used. Highly suspicious activity invokes a pop-up warning window.

In our tests, all connection attempts that hadn't been previously authorised were blocked. Ping (ICMP) attempts from another system were met with a time out.

The manufacturer claims that no periodic updates for the software will be available, as they aren't needed. For the experienced user, this could be a problem.

If a hacker develops a way of accessing a system that's totally new, it's possible that the software would allow traffic through without even knowing.

To get your system up and running with a firewall straight out of the box, they don't come any easier than this. But for advanced users, it may not hold enough options and configurability to warrant purchase.

Price: £19.99 (ex. VAT)

Minimum requirements: Windows 98, 2000, ME, XP; Pentium II 233MHz, 32Mb of Ram; 10Mb free hard disk space.

Contact: Preventon

www.preventon.com

Cryptic Software CyberSight 5.7

Ashley McKinnon — 2002-05-07T14:02:24.000Z

Ashley McKinnon, PC Magazine, Tuesday 7 May 2002 at 14:02:24

A complete security solution for scaleable networks.

CyberSight 5.7 is a threat detection and prevention tool that actively scans systems on a network. Simplicity is the key behind the software, which runs transparently to the user. With the capability of handling over 260 categories of threats, CyberSight is one of the most feature-packed security packages available.

The core of CyberSight is its ability to determine if rogue or dangerous tasks are attempting to infiltrate a system. Most security-based software relies on pre-defined signatures of virus and malicious code, which can't deal with new and unknown variations. CyberSight, as well as using signatures for detection, looks for changes in system software. As most viruses and malicious code are variations on existing threats, most security software needs to be constantly updated to detect the new variations.

Two components make up CyberSight - the server and client agents. The CyberSight server can be installed on any system with a sharable directory. The server component holds all the threat detection and scanning data. On the client, an agent is installed that actively scans the local system and can alert the CyberSight server if undesirable activity is detected.

Keeping track of threats and how they're handled is done via policies. Setting these up determines how CyberSight reacts to a potential threat.

To create a policy, you must invoke the Policy Manager and enter information about threats. CyberSight already includes a list of over 900 potential threats, but you can add your own. Threats are also classified by their severity level. CyberSight can even download signatures from the Cryptic World Wide Threat Archive, which has a repository of thousands of threat signatures.

If you find an infected file on the client system, simply drag and drop it onto the CyberSight icon on the desktop. CyberSight will then analyse the code and allow you to enter any relevant data about the file. The client agent then synchronises with CyberSight to update its threat listing.

Tracking of threats can be done in many forms. CyberSight actively scans all system traffic and can analyse port use, process activity, URL information and many others. For checking on clients, CyberSight can detect the instances on games being run, as well as FTP and ICQ sessions.

CyberSight's interface is its only real letdown, as setting up threat information might be a little overwhelming for inexperienced administrators. However, an investment in time does make using the program easier.

CyberSight 5.7 is a complete security solution for scaleable networks. It might be overwhelming at first, but you'll soon realise its true potential.

For single users, CyberSight Guardian (£49.99 ex VAT) is a scaled-down version based on the same technology.

Price

As reviewed (ex VAT) £6,499 (50-user licence)

Contact

Cryptic Software: 22 The Business Exchange, Rockingham Road, Kettering, Northampton NN16 8JX

Tel 01536 526455, Fax 01536 526458

www.cryptic.co.uk

McAfee Firewall 3.0.1

Ashley McKinnon — 2002-04-26T10:33:08.000Z

Ashley McKinnon, PC Magazine, Friday 26 April 2002 at 10:33:08

Personal firewall utility with some good features.

McAfee Firewall 3.0.1 is a personal firewall utility that will protect your system as soon as it's installed. While it's not as configurable as Norton Personal Firewall 2002, it does include some good features. However, advanced users will be put off by its lack of options and control.

One of McAfee Firewall's best features is the firewall intrusion monitor, which is a real-time colour-coded screen that will show any detected threats and assign a colour based on threat severity. Green is for low threat and red for extreme caution. At a glance, you can see any activity and whether or not it poses any threats.

The interface itself is similar to Norton Personal Firewall 2002, but isn't as user-friendly. For example, it's unclear within the interface as to how to access any options screens or configuration areas.

Applications that attempt external communication are met with a McAfee Firewall pop-up. Once you select what action to take from the standard allow or deny list, the available application list will be updated. You can later change what action to take when the application accesses the internet.

Detailed reporting can be done within the software. Reports can be generated on any traffic-related data, as well as by application, system status and users.

The biggest drawback to McAfee Firewall is that it isn't configurable enough. While it works well enough as a firewall straight out of the box, you have no real control over what the software's doing.

Similar to Norton Personal Firewall 2002, it has three default levels - Allow All, Filter and Block All - but there are no options for customisation. When we tested the software, we encountered some problems with email. Even with the security setting set to Allow All, Lotus Notes 5.0 didn't work. As there's next to no manual configuration, we were unable to get Lotus Notes working at all.

McAfee has acknowledged 'a few' issues with email software in general and says the problems will be addressed in a patch update. We also encountered some internet access problems from Internet Explorer, which we fixed by deactivating and restarting the package.

For users who want a basic set-and-forget firewall, McAfee Firewall 3.0.1 will fill the position nicely. If you're after a more advanced solution, where you can configure levels of security and have tighter control over management, then this firewall won't be to your liking. The fact that it has trouble with some software also means that some users will be left frustrated and unsure as to what action to take.

Contact

Network Associates: 227 Bath Road, Slough, Berkshire SL1 5PP

Tel 0800 092 7160, Fax 01753 217520

www.mcafee.com

Symantec Norton Personal Firewall 2002

Ashley McKinnon. — 2002-04-19T10:45:54.000Z

Ashley McKinnon., PC Magazine, Friday 19 April 2002 at 10:45:54

Does the job asked of it.

With the latest version of Norton Personal Firewall, Symantec has included many new features and enhancements. With support for Windows XP, Norton Personal Firewall 2002 adds more configurable control over your internet connection and guards against hacker threats.

The software's interface is very intuitive and complete control over all aspects of the firewall is within easy reach. There are three default levels of access control: High, Medium and Low. These are selected with a simple slider bar.

For more experienced users, a customised level can be selected. From here, you can set the level of security for Java and ActiveX components. The overall look of the interface is comparable to Windows Explorer, with a navigation pane on the left and the information window on the right.

A handy feature Symantec has included in Norton Personal Firewall 2002 is the external Security Risk Scan option. This will connect you to Symantec's website, which then runs a scan on your system. It checks against the most common hacker-based threats and gives a report on any findings.

With LiveUpdate, the firewall will be kept up to date and the latest threat data can then be downloaded from Symantec's website. One year of updates is included in the purchase price. A year's subscription is then $9.95.

The software monitors applications that attempt to communicate with your system. Any outbound traffic is intercepted and the firewall will invoke a pop-up to ask what action you'd like to take. Options include 'allow communication for the session', 'always allow communication' or 'deny communication'.

From within the privacy control features, you can determine the level of information that's allowed in and out of your system. This includes cookie control and confidential data. As with the general firewall settings, you can select High, Medium or Low or a customised level.

Caution should be taken, however, if you're going to use this software in a networked environment. Under default settings, you won't be able to access any mapped network drives. Little is mentioned in the documentation about this.

Also, the firewall sometimes auto-configures itself to handle application communication and you're never really sure exactly what it's doing.

As a firewall, Norton Personal Firewall 2002 does the job asked of it. As an overall package, it's a worthy purchase.

Contact

Symantec: St Cloud Gate, St Cloud Way, Maidenhead, Berkshire SL6 8XD

Tel 020 7616 5600

www.symantec.co.uk