|
|
|
|
| NitroGuard 200 | |
|
Nitro Data System’s NitroGuard 200 is an intrusion prevention system. Unlike the consumer oriented McAfee security PC software, the NitroGuard 200 is an external piece of network-based hardware that can protect an entire office of computers. One Local Area Network cable leads into the NitroGuard from your Internet connection or internal network connection, while the other cable leads out of the NitroGuard and into your network. Nitro Data Systems’ black, rack-mountable box, peeks directly at the network packets passing through it: Either dropping those it decides are dangerous or letting the packets pass and alerting you to a possible problem. It reads individual packets before they enter your network so it can detect possible breaches occurring through legitimate services. Unlike a vanilla firewall, the NitroGuard 200 allows for normal use of Internet server ports, yet prevents a virus or other attack that accesses these public ports from ever reaching your computers. Why use separate hardware? To be able to examine the contents of each packet in your network, the NitroGuard device requires self-contained, dedicated computer processing power, which is more than an individual PC can spare. Even the firewalls protecting my tiny network — the McAfee running on my desktop computer or the one that is built into my small-office router — are not designed to read the data streaming over the cables. In a larger office, there is an advantage to managing all security from a single spot. The Nitro Data Systems administrative software, the Control Program, is loaded on a networked computer and is used to manage the “rules” that decide how to interpret data packet contents. The software is bundled with more than 2,500 of these rules, which essentially are commands describing the “signatures” of viruses and other activities from within your office to be monitored or prevented. The latter class includes unauthorized chat sessions, peer-to-peer music downloading, or visits to nonbusiness Web sites. These existing commands can be tweaked and you are free to add new ones to the ruleset. NitroGuard 200’s Control Program isn’t intuitive; its graphical user interface doesn’t fully use the visual aspects of modern desktop computing, like drag-and-drop or icons. However, this is what your system administrators are used to, and they can configure the box remotely using the Console Program while the NitroGuard rests in a rack in your telecom closet. As a former nitty-gritty technical person, I felt up to the challenges of working with it. After registering the software, I brought up the Console’s “Properties” tab to enter my e-mail account server and password details, allowing the NitroGuard box to send periodic reports on intrusion activity to my Microsoft Outlook e-mail. One of the rules in the ruleset blocks anonymous entry to a File Transfer Protocol server — not a bad rule to have. The anonymous account is useful when giving external guests or nonauthorized employees limited access to your file system, but a few years ago, it was vulnerable to hackers. Taking the leap, I disabled my McAfee firewall and downloaded the rules to the NitroGuard 200. Acting the part of a novice hacker, I tried to enter my protected computer by going through the FTP from my remote laptop. I was successfully blocked. The Console’s query window also shows you the alerts triggered in the box’s internal database. The Console program comes bundled with existing database queries (essentially SQL statements). I chose one to show every rule that was triggered within the last 10 minutes. My FTP alert was displayed, along with a few others, indicating NitroGuard had taken up the slack left when I disabled McAfee. Network probes (or “pings”), which I am constantly being bombarded with, were being blocked as well. Finally, I had the software periodically run a specific query and e-mail the results. No problems here. This is a time-saving feature that keeps a busy administrator informed without requiring a special session with the Control Program. The most interesting aspect of this software is its ability to monitor document outflow. This might help law firms satisfy the confidentially requirements placed on them by the Sarbanes-Oxley legislation. NitroGuard 200 provides a template for a rule triggering an alert if a specific keyword is found in a document transmitted to an outside endpoint — perhaps through e-mail or FTP. I edited this rule, configuring a new keyword, and mailed myself a Word document with the telltale token. I was nailed. The query I ran brought up this simulated confidentiality breach. Functionally, the NitroGuard 200 is more sophisticated and performs better than “host-based” firewalls or virus detection scanner software. |
Nitro Data Systems Inc. Price: $11,995 plus a 20 percent yearly maintenance charge. NitroGuard 200 is compatible with any network. A Linux client is available. Reviewed by Andy Green, a telecommunications consultant and technology writer and researcher based in Glen Ridge, N.J. PROS CONS VERDICT |
| Home | | Issue Archive | Resources | About Us | Contact Us | Subscribe | | Subscribers | Advertisers | Updated 07/23/04 |
