3Com has released a network card-based firewall which the company says is particularly effective against attacks from within.
Organisations buying the firewall will need to install the company's network interface card, which contains 3Com's proprietary 3XP processor, on individual PCs and servers. ROM-based programming -- sometimes called firmware -- acts as the firewall. 3Com's Firewall Policy Server is also required.
The embedded firewall, developed by 3Com with Secure Computing providing the software elements, was unveiled at US IT trade shows last April. It was due to be released in the US in the third quarter of 2001, but the release was delayed until last month.
3Com says the embedded nature of the firewall makes a hacker's task far more difficult. It's operation isn't dependent on any software running on the host PC and is unaffected by operating system crashes on host PCs.
At the local launch of the firewall this month, 3Com Asia-Pacific executive Robert Chu said damage done by insiders is, naturally, not something companies publicise, he says. "It's the deep, dark secret of corporations."
The embedded firewall was developed in partnership with California-based Secure Computing. It will be distributed in New Zealand by T-Data and resold by Kaon, Ed Tech, CNS and Computer Brokers.
Kaon managing director Tony Krzyzewski says internal attacks have cost New Zealand businesses "hundreds of thousands" of dollars and people don't like to mention them.
Kaon was using the firewall in-house, he says, before becoming a partner.
But Leigh Costin, Symantec's Asia-Pacific enterprise solutions senior product manager, in New Zealand last week to promote a Symantec virtual private network security product, says with many hardware vendors making products with network cards already installed, replacing them with 3Com network cards could prove expensive.
Co-Logic Security managing director and security specialist Arjen de Landgraaf, assessing the product, says "it is clear that the [3Com] firewall is meant as an addition to a perimeter firewall defence, not a replacement.
"Although the principle of node-based firewalling -- ie on each PC -- is a good idea, with centrally managed rules we are not clear yet on the performance impact, rule strengths and policy manager protection.
"We would also expect that packets which pass a higher level perimeter firewall will also pass the [packet level] 3Com embedded firewall, although this will depend on the rule sets in the policy manager and in the end, that depends on the internal IT staff who configure the policy server and set the rules."
Other necessities for implementing the embedded firewall, he says, include having automatic updated antivirus software protecting the mail server, immediate patching of vulnerabilities on all equipment as soon as vulnerabilities as soon as they're available.
Regarding internal threats, de Landgraaf says "it is possible the hacker is an experienced IT specialist, possibly in an internal IT function and has access to the password for the PC-based policy server."