<?xml version="1.0" encoding="UTF-8"?>
<rss version="2.0"
     xmlns:content="http://purl.org/rss/1.0/modules/content/"
     xmlns:dc="https://purl.org/dc/elements/1.1/"
     xmlns:dcterms="http://purl.org/dc/terms/"
     xmlns:media="http://search.yahoo.com/mrss/"
     xmlns:atom="http://www.w3.org/2005/Atom"
     xmlns:cf="https://www.futureplc.com/rss/content-flags"
>
    <channel>
                    <atom:link rel="alternate" hreflang="en-GB"
                       href="https://www.itpro.com/uk/feeds/tag/firewalls"
                       type="application/rss+xml"/>
                            <title><![CDATA[ Latest from ITPro UK in Firewalls ]]></title>
                <link>https://www.itpro.com/uk/security/firewalls</link>
        <description><![CDATA[ All the latest firewalls content from the ITPro  UK team ]]></description>
                                    <lastBuildDate>Wed, 13 Aug 2025 12:00:00 +0000</lastBuildDate>
                            <language>en</language>
                                <item>
                                                            <title><![CDATA[ SonicWall launches new firewalls as part of Generation 8 refresh ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/firewalls/sonicwall-launches-new-firewalls-as-part-of-generation-8-refresh</link>
                                                                            <description>
                            <![CDATA[ The vendor’s latest update includes unified management and integrated ZTNA, backed by embedded warranty and co-managed services ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">btoqpbVZ5ZXHDE6zjsmDbi</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/G3uupQDgS3yxMx24qg5qg4-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 13 Aug 2025 12:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (Daniel Todd) ]]></author>                    <dc:creator><![CDATA[ Daniel Todd ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/SRyC34qeLpNDj3dJtsVDhT.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/G3uupQDgS3yxMx24qg5qg4-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[SonicWall logo and branding pictured on a smartphone screen.]]></media:description>                                                            <media:text><![CDATA[SonicWall logo and branding pictured on a smartphone screen.]]></media:text>
                                <media:title type="plain"><![CDATA[SonicWall logo and branding pictured on a smartphone screen.]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/G3uupQDgS3yxMx24qg5qg4-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="https://www.itpro.com/security/28133/what-is-cyber-security">Cybersecurity </a>vendor SonicWall has announced the launch of nine new high-performance firewalls as part of its Generation 8 platform refresh.</p><p>The new offerings combine advanced protection with features such as unified management, integrated <a href="https://www.itpro.com/security/what-is-zero-trust-network-access-ztna">ZTNA</a>, co-managed security services, and built-in warranty to help MSPs and MSSPs bolster client protection and drive revenue.</p><p>The revamp forms part of SonicWall’s wider drive to deliver an integrated and comprehensive security platform that combines hardware, software, services, third-party integrations, and flexible billing.</p><p>In an announcement, SonicWall president and CEO Bob VanKirk said the new additions will better prepare partners and their customers for the latest threats and market requirements.</p><p>“Our new firewall lineup is just one part of a broader, unified platform strategy,” he explained. “With SonicWall Unified Management, embedded ZTNA, the SonicSentry managed services team, and the industry’s first built-in cyber warranty, we’re helping partners shift from resellers to high-value security providers."</p><p>“This launch arms our partners with the tools they need to win more business and strengthen customer trust by providing market-leading cyber security protection.”</p><h2 id="sonicwall-s-new-generation-8-firewalls">SonicWall's new Generation 8 firewalls</h2><p>SonicWall’s Generation 8 firewalls range from an ultra-compact TZ280 to the high-performance NSa 5800, with each offering designed to deliver high-end protection and performance across small offices, distributed environments, and mid-sized enterprises.</p><p></p><p>Available via a monthly subscription, each model comes with cloud-native management geared towards the needs of service providers, alongside built-in zero-trust capabilities, the latest SonicOS capabilities, and covered through built-in cyber warranty.</p><p>The models can also be purchased with SonicWall’s Managed Protection Security Suite (MPSS) for co-managed security services delivered by the firm’s SonicSentry team.</p><h2 id="revenue-building">Revenue building</h2><p>SonicWall has positioned its platform for use cases that include SMBs and mid-market security, multi-tenant management, compliance-focused reporting, as well as full-stack offerings with warranties and optional <a href="https://www.itpro.com/security/cyber-security/368458/what-is-cyber-insurance">cyber insurance</a> coverage up to $1 million.</p><p>Partners can choose self-managed Advanced Protection Service Suite (APSS) or fully co-managed MPSS monthly subscription packages with no minimums or long-term commitments - a move the vendor said will bolster their ability to build predictable recurring revenue.</p><p>“From flexible licensing to co-managed security services, we’re giving partners every advantage to grow margins, differentiate offerings, and meet their customers’ evolving needs,” commented Jason Carter, SonicWall’s chief revenue officer.</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/security/sonicwall-and-crowdstrike-team-up-to-launch-new-mdr-offering">SonicWall and CrowdStrike team up to launch new MDR offering</a></li><li><a href="https://www.itpro.com/security/sonicwall-ceo-bob-vankirk-hails-pivotal-moment-as-firm-unveils-new-msp-cyber-solutions">SonicWall CEO Bob VanKirk hails ‘pivotal moment’ as firm unveils new MSP cyber solutions</a></li><li><a href="https://www.itpro.com/business/business-strategy/sonicwall-partner-growth">SonicWall pins ‘transformational year’ on strong partner growth</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Cisco claims new smart switches provide next-level perimeter defense ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/firewalls/cisco-claims-new-smart-switches-provide-next-level-perimeter-defense</link>
                                                                            <description>
                            <![CDATA[ Cisco’s ‘security everywhere’ mantra has just taken on new meaning with the launch of a series of smart network switches. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">TWrS5bmsAar3pPZ3HfWmMf</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/yNfyTfqotSJUNhETEb4zd3-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 14 Feb 2025 11:07:04 +0000</pubDate>                                                                                                                                <updated>Fri, 14 Feb 2025 14:45:43 +0000</updated>
                                                                                                                                            <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ solomon.klappholz@futurenet.com (Solomon Klappholz) ]]></author>                    <dc:creator><![CDATA[ Solomon Klappholz ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/pjZQRW2qWqQNjxubC6SUQ5.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ &lt;p&gt;Solomon Klappholz is a Staff Writer at ITPro. He has experience writing about the technologies that facilitate industrial manufacturing which led to him developing a particular interest in IT regulation, industrial infrastructure applications, and machine learning.&lt;/p&gt;&lt;p&gt;Before he joined ITPro, Solomon graduated from the University of Warwick in 2021 with a BA (Hons) in Philosophy, Politics, and Economics which included an intercalated year studying Philosophy at the Erasmus University, Rotterdam.&lt;/p&gt;&lt;p&gt;Outside of the office, Solomon enjoys reading, visiting new art exhibitions, and playing football.&lt;/p&gt; ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/yNfyTfqotSJUNhETEb4zd3-1280-80.jpg">
                                                            <media:credit><![CDATA[Getty Images]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Digital contour concept on dark background]]></media:description>                                                            <media:text><![CDATA[Digital contour concept on dark background]]></media:text>
                                <media:title type="plain"><![CDATA[Digital contour concept on dark background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/yNfyTfqotSJUNhETEb4zd3-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Cisco’s <em>‘</em><a href="https://www.itpro.com/business/business-strategy/cisco-wants-integration-everywhere-all-at-once"><em>security everywhere</em></a><em>’</em> mantra has just taken on new meaning with the launch of a series of smart network switches it says will redefine the way firewalls, the old stalwart of cybersecurity, work entirely.</p><p>Unveiled at <a href="https://www.itpro.com/news/live/cisco-live-emea-2025-all-the-news-and-updates-as-they-happen">Cisco Live in Amsterdam</a>, Cisco said its N9300 Smart Switches will introduce new capabilities to help businesses defuse some of the lateral movement techniques used by the most sophisticated groups operating in today’s threat landscape.</p><p>The N9300 switches are equipped with data processing units (DPUs), that allow the for the deployment of advanced services such as <a href="https://www.itpro.com/security/cisco-launches-hypershield-a-must-have-solution-for-those-defending-against-iot-based-cyber-attacks">Cisco Hypershield</a> directly into the switching fabric.</p><p>Hypershield is a <a href="https://www.itpro.com/cloud/cloud-security/what-is-firewall-as-a-service-fwaas">firewalling capability</a> launched by Cisco in 2024 that enables the micro-segmentation of a network, but it required hardware with built-in DPUs, which did not exist at the time.</p><p>But now Cisco's souped-up N9300s don’t just switch traffic, they run services like Hypershield with high performance at high throughput rates.</p><p>The firm said that as customers upgrade their hardware the combination of its new switches and Hypershield will unlock unprecedented levels of protection at the data center and beyond.</p><h2 id="redefining-the-firewall">Redefining the firewall</h2><p>Speaking during a panel session on AI-ready data centers, Tom Gillis SVP and GM of the security, data center, internet, and cloud infrastructure group at Cisco, said the N9330 switches mean the firm is in a position to ‘redefine’ the way firewalls function in modern <a href="https://www.itpro.com/infrastructure/370352/ignoring-climate-change-wreak-havoc-uk-it-infrastructure">ICT infrastructure</a>.</p><p>“A firewall used to live in a box at the edge of the network. So with Cisco Hypershield we’ve taken that concept and broken it into a million little pieces. So instead of a box you try to shield at the edge, you have the ability to put a <a href="https://www.itpro.com/security/does-every-business-need-zero-trust">micro perimeter</a> at each one of those services that make up an application.”</p><p>Gillis explained that Cisco is leveraging its in-house switching ASIC, Silicon One, to enable the performance required to deliver advanced inspection at every connection across distributed applications with minimal orchestration.</p><p>“The net of this is that it lets folks like you put firewalls in places you couldn’t even imagine. You don’t have to cable up an appliance, you don’t have to write a bunch of rules, and here’s the best plus: it’s dynamic and upgrading itself.”</p><p>Cisco’s unified <a href="https://www.itpro.com/security/366127/breaking-the-channel-mould-with-firewall-management">firewall management system</a>, Secure Firewall, enables automated deployment of firewalls to the cloud that can be managed centrally, scaled up automatically, and are ‘self-healing’.</p><p>‘Self-healing’ refers to the fact that if the firewall detects any type of failure, Cisco Security Cloud will take that image down, redeploy a new image, and sync it back with the cluster.</p><p>Automating the deployment, scaling, and upkeep of these appliances will be increasingly important if firms are to rigorously segment their increasingly distributed and fine-grained application ecosystems, which are often made up of thousands of microservices running across <a href="https://www.itpro.com/cloud/34476/what-is-multi-cloud">multi-cloud services</a>.</p><h2 id="neutralizing-the-typhoon">Neutralizing the Typhoon</h2><p>Cisco emphasised that this is a significant step forward for the securing applications, and network security more broadly.</p><p>In recent years, <a href="https://www.itpro.com/security/cyber-attacks/state-sponsored-cyber-attacks-the-new-frontier">state-sponsored threat actors</a> have been found targeting complex vulnerabilities in network infrastructure and using that to establish persistence on sensitive enterprise and government networks.</p><p>The various groups tracked under the <a href="https://www.itpro.com/security/uk-cyber-experts-on-red-alert-after-salt-typhoon-attacks-on-us-telcos">Typhoon</a> moniker in Microsoft’s threat actor taxonomy - and thought to be based in China - have been responsible for a number of highly sophisticated attacks on critical national infrastructure and government institutions in the US.</p><p>In December, a senior White House security official confirmed that the <a href="https://www.itpro.com/security/cyber-attacks/salt-typhoon-hacker-group-recorded-conversations-of-very-senior-us-political-figures">Salt Typhoon group was able to record conversations of senior political operators</a> in the US after hacking several major telecom providers in the region.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED WHITEPAPER</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="3cvMNbN3QogMsPACwHfYdc" name="Making cloud accessible and affordable for small businesses" caption="" alt="Making cloud accessible and affordable for small businesses" src="https://cdn.mos.cms.futurecdn.net/3cvMNbN3QogMsPACwHfYdc.jpg" mos="" link="" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div><figcaption itemprop="caption description" class=""><span class="credit" itemprop="copyrightHolder">(Image credit: ANS)</span></figcaption></figure><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/cloud-computing/making-cloud-accessible-and-affordable-for-small-businesses"><em>Removing the barriers to growth</em></a></p></div></div><p>Last month, the <a href="https://www.itpro.com/security/us-sanctions-chinese-tech-firm-that-targets-critical-infrastructure">Treasury imposed sanctions on several Chinese firms</a> accused of having some role in recent cyber intrusions attributed to the Flax Typhoon group.</p><p>Speaking to <em>ITPro, </em>Martin Lee, technical lead of security research at <a href="https://www.itpro.com/security/data-breaches/368794/cisco-talos-confirms-data-breach-ransomware-gang">Talos</a>, Cisco’s threat intelligence arm, described this type of activity, noting that threat actors have been observed using complex techniques to compromise network devices and using these as ingress points on the network.</p><p>“If you can find your way in through the <a href="https://www.itpro.com/infrastructure/359386/governments-rural-network-infrastructure-plans-ignore-businesses-claims-three">network infrastructure</a>, you can then get inside of your environment and use that target device as a platform to launch attacks against the target systems,” he explained.</p><p>“This kind of threat actor and this kind of activity underlines why getting the network architecture and segmentation right is so important. If they’ve managed to compromise one environment, you’re forcing them to do work to compromise the other one and it’s that work that is the noise that you can detect.”</p><h3 class="article-body__section" id="section-more-from-itpro"><span>MORE FROM ITPRO</span></h3><ul><li><a href="https://www.itpro.com/security/cisco-is-jailbreaking-ai-models-so-you-dont-have-to-worry-about-it">Cisco is jailbreaking AI models so you don't have to worry about security</a></li><li><a href="https://www.itpro.com/infrastructure/networking/cisco-polishes-its-platform-but-the-network-is-still-king">Networking is still king as Cisco polishes its network capabilities</a></li><li><a href="https://www.itpro.com/business/business-strategy/ciscos-savvy-coreweave-deal-will-supercharge-its-ai-ambitions">Cisco's 'savvy' CoreWeave deal will supercharge its AI ambitions</a></li></ul>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ The IT manager's guide to getting home in time for dinner ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/network-security/370217/the-it-managers-guide-to-getting-home-in-time-for-dinner</link>
                                                                            <description>
                            <![CDATA[ A cloud based networking solution that does away with configurations ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">fcxNgw12ecG9M2U3J1Ycan</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/goH3DUReMuea7tNkdVG39a-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Wed, 15 Mar 2023 14:26:53 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/goH3DUReMuea7tNkdVG39a-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Whitepaper cover with title and image of a book with a cartoon image of a man up to the eyeballs in IT Helpdesk tickets / requests]]></media:description>                                                            <media:text><![CDATA[Whitepaper cover with title and image of a book with a cartoon image of a man up to the eyeballs in IT Helpdesk tickets / requests]]></media:text>
                                <media:title type="plain"><![CDATA[Whitepaper cover with title and image of a book with a cartoon image of a man up to the eyeballs in IT Helpdesk tickets / requests]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/goH3DUReMuea7tNkdVG39a-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>For IT managers it never ends. In the morning it’s endless tickets about individual desktop issues, then a database isn’t responding, a server goes down, or for some unknown reason backups are failing. Even the most diligent administrator gets hit with a pile of issues, and as always they tend to cluster around the worst times of day like early morning or quitting time.</p><p>That’s why many IT managers look to simplify their systems as much as possible. Not only does it make life easier, but it also increases the chance that you won’t be staying late to fix some obscure server issue. Some things just can’t be pared down, of course, but what if we told you edge networking wasn’t one of those things?</p><p>Download now to learn more about how Zero Trust Network Access, a dependable Firewall-as-a-Service, and a Secure Web Gateway wrapped up in a single, secure, networking package can get you home in time for dinner.</p><p><em>Provided by</em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="45kyzij2XAsVPuNU7f5egJ" name="" alt="Perimeter 81 logo" src="https://cdn.mos.cms.futurecdn.net/45kyzij2XAsVPuNU7f5egJ.png" mos="https://cdn.mos.cms.futurecdn.net/45kyzij2XAsVPuNU7f5egJ.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="high" data-lazy-src="https://dennis.cvtr.io/forms/49988/perimeter81q1?locale=1&p=false&wp=11034"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ China cracks down on citizens' anti-censorship tools with Great Firewall upgrades ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/business/policy-legislation/369250/china-reinforces-great-firewall-to-crack-down-on-anti-censorship-tools</link>
                                                                            <description>
                            <![CDATA[ This new discovery comes a week before a predicted major reshuffle of leadership in the Chinese Communist Party ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">nQ3ExAir8fYDDTBhLhPXaM</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9QcH5RxDnssSJwzMU7X3od-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 06 Oct 2022 10:10:42 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Zach Marzouk ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/ncLkbsDMZ6b76Lc5iS6mZh.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/9QcH5RxDnssSJwzMU7X3od-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[China flag is depicted on the screen in program code]]></media:description>                                                            <media:text><![CDATA[China flag is depicted on the screen in program code]]></media:text>
                                <media:title type="plain"><![CDATA[China flag is depicted on the screen in program code]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9QcH5RxDnssSJwzMU7X3od-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>China has reportedly upgraded its 'Great Firewall' to instigate a crackdown on Transport Layer Security (TLS) encryption-based tools that are used by citizens to evade the censorship system.</p><p>The Great Firewall of China (GFW) is a term which refers to the combination of tools, rules, and services imposed by China’s government which results in specific internet content being blocked in the country.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="tCgzGZNVzmHGYVZhGqErHL" name="tCgzGZNVzmHGYVZhGqErHL.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/tCgzGZNVzmHGYVZhGqErHL.png" mos="https://cdn.mos.cms.futurecdn.net/tCgzGZNVzmHGYVZhGqErHL.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>CIO Priorities: 2020 vs 2023</strong></p><p class="fancy-box__body-text">Zero Trust, SaaS Security, and its impact on SD-WAN being a priority</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/369173/cio-priorities-2020-vs-2023" data-original-url="/security/369173/cio-priorities-2020-vs-2023">FREE DOWNLOAD</a></p></div></div><p>Great Firewall Report, an organisation that monitors China’s censorship methods, has found that more than 100 users have reported at least one of their TLS-based censorship circumvention <a href="https://www.itpro.com/virtualisation/31628/what-is-server-virtualisation" target="_blank" data-original-url="https://www.itpro.com/virtualisation/31628/what-is-server-virtualisation">servers</a> had been blocked. </p><p>Users had begun to make these reports from 3 October onwards, declaring that the TLS-based circumvention protocols that are reportedly blocked include <a href="https://www.itpro.com/security/30081/what-is-a-trojan-virus" target="_blank" data-original-url="https://www.itpro.com/security/30081/what-is-a-trojan-virus">trojan</a>, Xray, V2Ray TLS+Websocket, VLESS, and gRPC. </p><p>“The blocking is done by blocking the specific port that the circumvention services listen on. When the user changes the blocked port to a non-blocked port and keeps using the circumvention tools, the entire <a href="https://www.itpro.com/infrastructure/network-internet/358606/static-ip-vs-dynamic-ip-whats-the-difference" target="_blank" data-original-url="https://www.itpro.com/infrastructure/network-internet/358606/static-ip-vs-dynamic-ip-whats-the-difference">IP addresses</a> may get blocked,” reported the organisation.</p><p>None of the domain names are added to GFW’s DNS or SNI blacklists. The report added that in a few cases, the blocking seems to be dynamic since the web browser could still access their circumvention ports but not the circumvention tools did not work.</p><p>The organisation suspects that the blocking could be related to the TLS fingerprints of the circumvention tools. It said it would investigate if the GFW uses the TLS fingerprints sent by these clients to identify circumvention <a href="https://www.itpro.com/network-internet/internet-protocol-version-6-ipv6/360855/what-is-tcpip" target="_blank" data-original-url="https://www.itpro.com/network-internet/internet-protocol-version-6-ipv6/360855/what-is-tcpip">protocols</a>. </p><p>TLS fingerprints are a relatively new but popular tool used by security researchers to identify and differentiate which clients are interacting with server infrastructure. Tools look at the ways in which different clients and servers handle TLS negotiations, allowing to differentiate between them.</p><p>China could potentially be upgrading its Great Firewall as the 20th National Congress of the Chinese Communist Party takes place next week on Sunday 16 October.</p><p>This is where the nation’s leaders are set to discuss the country’s strategy for the next five years. The congress, which takes place twice each decade, will be critical for China to deliver the second of president Xi Jinping’s “Two Centenaries” goals and boost the nation to the forefront of global powers by 2049, according to the state-backed People’s Daily.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/business/policy-legislation/369009/us-blocks-chips-funded-companies-from-investing-in-china" data-original-url="/business/policy-legislation/369009/us-blocks-chips-funded-companies-from-investing-in-china">US blocks CHIPS-funded companies from investing in China</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/hardware/368755/us-china-trade-tensions-spark-chinese-interest-in-chipmaking-stocks" data-original-url="/hardware/368755/us-china-trade-tensions-spark-chinese-interest-in-chipmaking-stocks">US-China trade tensions spark Chinese interest in chipmaking stocks</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/business/policy-legislation/368547/uk-government-delays-online-safety-bill-until-autumn" data-original-url="/business/policy-legislation/368547/uk-government-delays-online-safety-bill-until-autumn">UK government puts Online Safety Bill 'on ice'</a></p></div></div><p>The first of these goals was to build a moderately prosperous society by 2021 and the second was to be delivered by 2049. Xi's long-term vision is to 'build a modern socialist country that is prosperous, strong, democratic, culturally advanced and harmonious'.</p><p>China is known for having blocked many online services that operate in the West and are used to communicate and broadcast information that may damage the reputation of the Chinese government. </p><p>Examples include impartial news organisations such as the BBC and CNN, plus most major <a href="https://www.itpro.com/social-media-marketing/33251/choosing-the-right-social-media-platform" data-original-url="https://www.itpro.com/social-media-marketing/33251/choosing-the-right-social-media-platform">social media platforms</a> like Facebook, Twitter, Instagram, <a href="https://www.itpro.com/business-operations/sales-crm/369126/salesforce-partners-with-whatsapp-for-personalised-business" data-original-url="https://www.itpro.com/business-operations/sales-crm/369126/salesforce-partners-with-whatsapp-for-personalised-business">WhatsApp</a>, and Reddit.</p><p>The entire <a href="https://www.itpro.com/software/google-docs/362024/google-to-shut-down-free-g-suite-accounts" data-original-url="https://www.itpro.com/software/google-docs/362024/google-to-shut-down-free-g-suite-accounts">Google suite</a> is also blocked, prohibiting the use of tools such as <a href="https://www.itpro.com/business-operations/productivity/367946/best-gmail-tips-and-tricks" data-original-url="https://www.itpro.com/business-operations/productivity/367946/best-gmail-tips-and-tricks">Gmail</a>, <a href="https://www.itpro.com/cloud-storage/24098/google-drive-review" data-original-url="https://www.itpro.com/cloud-storage/24098/google-drive-review">Google Drive</a>, and Maps. Other communication platforms such as YouTube and even <a href="https://www.itpro.com/collaboration/33647/slack-review-free-your-business-comms" data-original-url="https://www.itpro.com/collaboration/33647/slack-review-free-your-business-comms">Slack</a> are also prohibited in the region. </p><p>After exiting the region years before, Google came under fire in 2018 after it was revealed the company was working on a secret project - a search engine built exclusively for operation in China that would allow the government to censor search results.</p><p>Codenamed 'Project Dragonfly', the secret product was ultimately <a href="https://www.itpro.com/network-internet/32598/google-s-secret-project-dragonfly-finally-terminated" data-original-url="https://www.itpro.com/network-internet/32598/google-s-secret-project-dragonfly-finally-terminated">scrapped in 2019</a> following a revolt by Google employees. The search engine would reportedly allow for censorship on topics such as human rights, democracy, and peaceful protests.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Fortinet unveils ‘fastest’ compact firewall for hyperscale data centers and 5G networks ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/firewalls/368739/fortinet-unveils-fastest-compact-firewall-for-hyperscale-data-centers-and</link>
                                                                            <description>
                            <![CDATA[ The new FortiGate 4800F firewall series packs 2.4 Tbps of capacity into a compact 4RU form-factor ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">u3ABbDmkUgL9jEHTDsJwbu</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/JkCseP5KDC5VwZBtnfqkLS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 04 Aug 2022 14:12:18 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Praharsha Anand ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/JkCseP5KDC5VwZBtnfqkLS-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Fortinet sign on a grey building]]></media:description>                                                            <media:text><![CDATA[Fortinet sign on a grey building]]></media:text>
                                <media:title type="plain"><![CDATA[Fortinet sign on a grey building]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/JkCseP5KDC5VwZBtnfqkLS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Fortinet has unveiled a new series of compact firewalls to help enterprises and 5G mobile network operators (MNOs) run more applications concurrently with a smaller footprint.</p><p>Dubbed FortiGate 4800F, the new flagship line of firewalls comes with a 4RU chassis and 400GbE, 200GbE, and 50GbE interfaces. Building on Fortinet’s seventh-generation network processors (NP7), the firewalls can support, on average, 19 times more connections per second. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/mobile/28081/what-is-5g" data-original-url="/mobile/28081/what-is-5g">What is 5G and how far are we from rollout?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/infrastructure/network-internet/367252/wi-fi-vs-5g-is-it-time-your-business-ditches-broadband" data-original-url="/infrastructure/network-internet/367252/wi-fi-vs-5g-is-it-time-your-business-ditches-broadband">Wi-Fi vs 5G: Is it time your business ditched broadband?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/unified-threat-management-utm/359141/fortinet-fortigate-60f-a-fully-featured-security" data-original-url="/security/unified-threat-management-utm/359141/fortinet-fortigate-60f-a-fully-featured-security">Fortinet FortiGate 60F: A fully-featured security appliance</a></p></div></div><p>The FortiGate 4800F series also offers support for encryption standard TLS 1.3. Additionally, natively integrated universal zero trust network access (ZTNA) ensures steadfast and consistent policies and security controls spanning all operating environments, on-premise or virtual.</p><p>Furthermore, FortiGate AI-Powered Security Services adds an extra layer of protection by offering real-time insight into known, zero-day, and unknown threats.</p><p>“No other firewall is better suited to support hyperscale and <a href="https://www.itpro.com/mobile/28081/what-is-5g" target="_blank" data-original-url="https://www.itpro.com/mobile/28081/what-is-5g">5G</a>. Not only is FortiGate 4800F the industry’s fastest compact hyperscale firewall, with 2.4 Tbps of capacity, but it is also the only 4RU chassis on the market that includes 400GbE, 200GbE, and 50GbE ports, which allows hyperscale customers and mobile network operators to seamlessly scale their business without disrupting operations,” said John Maddison, EVP of products and CMO at Fortinet.</p><p>“The combination of performance and scalability packed into our latest firewall will help future-proof organizations’ investments in hyperscale data centers, especially with the rise of 5G and as the volume and velocity of data continues to accelerate at an unprecedented pace,” added</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Protecting every edge to make hackers’ jobs harder, not yours ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/firewalls/361592/protecting-every-edge-to-make-hackers-jobs-harder-not-yours</link>
                                                                            <description>
                            <![CDATA[ How to support and secure hybrid architectures ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">i3aRDSqdtnLjCoGCs8zigU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/QDksvAYJFwkcCugTbPvwS9-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Thu, 18 Nov 2021 16:12:32 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/QDksvAYJFwkcCugTbPvwS9-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[White square with whitepaper title on top of a background image of a building and pavement]]></media:description>                                                            <media:text><![CDATA[White square with whitepaper title on top of a background image of a building and pavement]]></media:text>
                                <media:title type="plain"><![CDATA[White square with whitepaper title on top of a background image of a building and pavement]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/QDksvAYJFwkcCugTbPvwS9-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>You need complete visibility of your distributed network environment if you’re going to support employees working from any location on any device. </p><p>Many factors - including 5G adoption, multi-cloud environments, and hybrid workers - are contributing to the need for new security measures. A next-generation firewall (NGFW) approach delivers a unified platform to contextually coordinate security across your network. </p><p>Download this whitepaper now to see what a NGFW approach should look like. </p><p><em>Provided by </em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="P7JDaqBGnLSWF5wdnyjxLf" name="" alt="Fortinet Logo" src="https://cdn.mos.cms.futurecdn.net/P7JDaqBGnLSWF5wdnyjxLf.png" mos="https://cdn.mos.cms.futurecdn.net/P7JDaqBGnLSWF5wdnyjxLf.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49452/fortinet-q4?locale=1&p=false&wp=7933"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ What to consider when choosing a next-generation firewall ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/firewalls/361543/what-to-consider-when-choosing-a-next-generation-firewall</link>
                                                                            <description>
                            <![CDATA[ How to choose a NGFW solution ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">q4r6MWKs7HqybUwATYki37</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/BcvzLcjfiVEs4Ce5gSZ2YS-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Mon, 15 Nov 2021 14:48:27 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/BcvzLcjfiVEs4Ce5gSZ2YS-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Vector of an envelope with a padlock over it on a blue background]]></media:description>                                                            <media:text><![CDATA[Vector of an envelope with a padlock over it on a blue background]]></media:text>
                                <media:title type="plain"><![CDATA[Vector of an envelope with a padlock over it on a blue background]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/BcvzLcjfiVEs4Ce5gSZ2YS-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>How do you protect your workers and your applications when people are working from various locations on multiple devices, rendering your perimeter-based security obsolete? </p><p>This whitepaper argues for the need of a next-generation firewall (NGFW), which can natively integrate or work with a zero trust model to secure your workers without compromising on user experience.</p><p>Download this whitepaper to get:</p><ul><li>An overview of the benefits of a NGFW solution</li><li>NGFW use cases</li><li>Key selection factors for an NGFW</li></ul><p><em>Provided by </em></p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="P7JDaqBGnLSWF5wdnyjxLf" name="" alt="Fortinet Logo" src="https://cdn.mos.cms.futurecdn.net/P7JDaqBGnLSWF5wdnyjxLf.png" mos="https://cdn.mos.cms.futurecdn.net/P7JDaqBGnLSWF5wdnyjxLf.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><iframe frameborder="0" height="1000" width="100%" data-lazy-priority="low" data-lazy-src="https://dennis.cvtr.io/forms/49452/fortinet-q4?locale=1&p=false&wp=7935"></iframe>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Zyxel USG Flex 100 review: Flexible gateway security ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/unified-threat-management-utm/359220/zyxel-usg-flex-100-flexible-gateway-security</link>
                                                                            <description>
                            <![CDATA[ Perfect for SMBs, with the promise of cloud management coming soon ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">2iEisxXF2wHHfZ7rKgReK7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/qZuQNh2FSRCcqHYXoHDnyk-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 15 Apr 2021 07:46:19 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/qZuQNh2FSRCcqHYXoHDnyk-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The Zyxel USG Flex 100]]></media:description>                                                            <media:text><![CDATA[The Zyxel USG Flex 100]]></media:text>
                                <media:title type="plain"><![CDATA[The Zyxel USG Flex 100]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/qZuQNh2FSRCcqHYXoHDnyk-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Not all businesses require a complete UTM solution, and Zyxel’s USG Flex 100 is perfect for those that only want to pay for the <a href="https://www.itpro.com/security" data-original-url="https://www.itpro.com/security">security</a> services they need. That makes it a good starting point for small organisations – and it’s also a natural upgrade for users of Zyxel’s older USG40 appliance, as you can transfer your licences across.</p><p>Performance-wise, it’s a decent step up from the USG40. The USG Flex 100 claims a raw firewall throughput rate of 900Mbits/sec and 360Mbits/sec with all UTM features active, representing speed boosts of 125% and 500% over the USG40. </p><p>The cost of entry is very low: the hardware on its own costs £309, and no subscription is needed for firewall and <a href="https://www.itpro.com/security/27098/best-vpn-services" data-original-url="https://www.itpro.com/security/27098/best-vpn-services">VPN</a> services. The price we’ve shown above includes a year’s subscription to the full UTM security pack, which activates web filtering, application and email security, IPS, <a href="https://www.itpro.com/antivirus/28144/best-antivirus" data-original-url="https://www.itpro.com/antivirus/28144/best-antivirus">antivirus</a>, and Zyxel’s SecuReporter web-based analytics and reporting service. After the first year, you can license features individually or renew the full UTM licence for £160 per year.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/32107/how-to-choose-a-one-stop-business-security-package" data-original-url="/security/32107/how-to-choose-a-one-stop-business-security-package">How to choose a one-stop business security package</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/unified-threat-management-utm/359141/fortinet-fortigate-60f-a-fully-featured-security" data-original-url="/security/unified-threat-management-utm/359141/fortinet-fortigate-60f-a-fully-featured-security">Fortinet FortiGate 60F: A fully-featured security appliance</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/unified-threat-management-utm/33933/sonicwall-tz300p-review-a-multi-site-marvel" data-original-url="/unified-threat-management-utm/33933/sonicwall-tz300p-review-a-multi-site-marvel">SonicWall TZ300P review: A multi-site marvel</a></p></div></div><p>The appliance is easy to set up: a web-based wizard guides you through changing the default admin password, enabling internet access, upgrading the firmware, registering the appliance to your myZyxel account, activating your security services, and enabling a default firewall policy. The SecuReporter service is also turned on at this point; since it stores data in the <a href="https://www.itpro.com/cloud" data-original-url="https://www.itpro.com/cloud">cloud</a>, you’re prompted to decide whether to include personal information such as email addresses and usernames.</p><p>Once you’re all set up, logging into the USG Flex 100 presents a highly informative web console, showing an overview of appliance usage and port statistics. The advanced threat-protection dashboard reports on any detected issues, with multiple views for the past seven days showing what each security service is up to, the top <a href="https://www.itpro.com/business-operations/productivity/355569/optimize-your-workflow-our-9-best-productivity-apps" data-original-url="https://www.itpro.com/business-operations/productivity/355569/optimize-your-workflow-our-9-best-productivity-apps">apps</a> and detected threats.</p><p>As usual, policies bring together settings for the Flex 100’s various modules. By default, all the LAN ports are subject to the same policies, but it’s the work of a moment to move a port into its own zone, with its own security settings.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="kwXP2UEbPMvxyN6qsgoQ2Z" name="" alt="Zyxel USG Flex ports" src="https://cdn.mos.cms.futurecdn.net/kwXP2UEbPMvxyN6qsgoQ2Z.jpg" mos="https://cdn.mos.cms.futurecdn.net/kwXP2UEbPMvxyN6qsgoQ2Z.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>There’s plenty to configure: Zyxel’s Application Patrol service works with over 3,600 apps, which come tidily sorted into 32 categories for easier management. It’s particularly capable when it comes to managing Facebook usage in the workplace, with specific controls for a range of activities including logins, likes, follows, posts, and games.</p><div  class="fancy-box"><div class="fancy_box-title">RELATED RESOURCE</div><div class="fancy_box_body"><figure class="van-image-figure "  ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="uZXV3vAfY2MsMRm4tSjJfE" name="uZXV3vAfY2MsMRm4tSjJfE.png" caption="" alt="" src="https://cdn.mos.cms.futurecdn.net/uZXV3vAfY2MsMRm4tSjJfE.png" mos="https://cdn.mos.cms.futurecdn.net/uZXV3vAfY2MsMRm4tSjJfE.png" link="" align="" fullscreen="" width="0" height="0" attribution="" endorsement="" class="pinterest-pin-exclude"></p></div></div></figure><p class="fancy-box__body-text"><strong>The business guide to ransomware</strong></p><p class="fancy-box__body-text">Everything you need to know to keep your company afloat</p><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/ransomware/357745/the-business-guide-to-ransomware" data-original-url="/security/ransomware/357745/the-business-guide-to-ransomware">FREE DOWNLOAD</a></p></div></div><p>Web filtering is another strong feature, allowing you to browse 104 categories of site and decide whether to allow, block, or log access. <a href="https://www.itpro.com/security/phishing/358767/high-risk-email-security-threats-increased-by-32-last-year" data-original-url="https://www.itpro.com/security/phishing/358767/high-risk-email-security-threats-increased-by-32-last-year">Email security</a> is similarly simple to enforce, with options to drop spam messages or tag their subject line for ongoing processing.</p><p>The one feature that’s glaringly absent is cloud management: while Zyxel appliances can normally be managed from the company’s Nebula web portal, USG Flex models aren’t supported. That shouldn’t be a permanent limitation, though: Zyxel says it plans to add Nebula integration in the ZLD 5 firmware release.</p><p>Until then, the SecuReporter cloud portal is the next best thing, allowing you to access reports from multiple Flex firewalls via a single account. Its dashboards provide a wealth of information about web, app, and threat activity, while the Analyser page offers deeper insights into security issues and custom reports can be regularly generated and sent to multiple recipients.</p><p>Businesses that have an immediate need to extend protection to <a href="https://www.itpro.com/policy-legislation/data-protection/358666/four-tips-for-keeping-your-business-secure-during-mass" data-original-url="https://www.itpro.com/policy-legislation/data-protection/358666/four-tips-for-keeping-your-business-secure-during-mass">remote offices and homeworkers</a> might need to look elsewhere. However, for single-site organisations, the Zyxel USG Flex 100 is a great choice, giving you plenty of control over costs and features, plus classy reporting services. </p><h2 id="zyxel-usg-flex-100-specifications">Zyxel USG Flex 100 specifications</h2><div ><table><tbody><tr><td  ><strong>Chassis</strong></td><td  >Fanless desktop chassis</td></tr><tr><td  ><strong>Network</strong></td><td  >5 x Gigabit Ethernet (WAN, 4 x LAN, SFP) </td></tr><tr><td  ><strong>Other ports</strong></td><td  >USB 3, RJ-45 serial</td></tr><tr><td  ><strong>Management</strong></td><td  >Web browser management</td></tr><tr><td  ><strong>Dimensions (WDH)</strong></td><td  >216 x 148 x 33mm</td></tr></tbody></table></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Apple drops controversial firewall-bypass feature on macOS ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/firewalls/358338/apple-drops-controversial-firewall-bypass-feature-on-macos</link>
                                                                            <description>
                            <![CDATA[ Researchers claim the ContentFilterExlusionList posed a huge cyber security risk ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">23N48FQ8BfuvRuQWR2wdj1</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/qEaBhCYQmBP5knRFX9X7nG-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 15 Jan 2021 12:23:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/qEaBhCYQmBP5knRFX9X7nG-1280-80.jpg">
                                                            <media:credit><![CDATA[Shutterstock]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[A mouse hovering over the Safari logo on a MacBook]]></media:description>                                                            <media:text><![CDATA[A mouse hovering over the Safari logo on a MacBook]]></media:text>
                                <media:title type="plain"><![CDATA[A mouse hovering over the Safari logo on a MacBook]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/qEaBhCYQmBP5knRFX9X7nG-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Apple has removed a controversial feature in its macOS operating system that allowed more than 50 of its own apps to completely bypass third-party security tools like firewalls and <a href="https://www.itpro.com/security/27098/best-vpn-services" target="_blank" data-original-url="https://www.itpro.com/security/27098/best-vpn-services">virtual private networks (VPNs)</a>.</p><p>The ContentFilterExclusionList, introduced in macOS 11 Big Sur, was <a href="https://twitter.com/mxswd">flagged by the security community</a> and developers late last year as being a potential security risk. This list’s existence in macOS meant traffic generated from Apple software such as Maps and iCloud couldn’t be blocked by a socket filter firewall.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/software/operating-systems/357775/mac-big-sur-bricking-macbooks" data-original-url="/software/operating-systems/357775/mac-big-sur-bricking-macbooks">macOS Big Sur is bricking some older MacBooks</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/ethical-hacking/357380/apple-pays-ethical-hackers-288k-for-finding-55-vulnerabilities" data-original-url="/security/ethical-hacking/357380/apple-pays-ethical-hackers-288k-for-finding-55-vulnerabilities">Apple pays ethical hackers $288k for finding 55 vulnerabilities</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/357338/apple-t2-unpatchable-flaw-jailbreak" data-original-url="/security/357338/apple-t2-unpatchable-flaw-jailbreak">Apple's T2 security chip has an "unpatchable" vulnerability</a></p></div></div><p>The developer of the Little Snitch firewall tool, Norbert Heger, described this behaviour as <a href="https://blog.obdev.at/a-hole-in-the-wall">“a hole in the wall”</a>.</p><p>Patrick Wardle, a security researcher with software firm Jamf, even demonstrated how it may be possible for malware to abuse “excluded” apps to generate web traffic to bypass firewalls. </p><p>Those who initially sounded the alarm, including Heger, Wardle and others, have now welcomed Apple’s decision to remove ContentFilterExclusionList with the release macOS 11.2 beta 2.</p><div class="see-more see-more--clipped"><blockquote class="twitter-tweet hawk-ignore" data-lang="en"><p lang="en" dir="ltr"><a href="https://twitter.com/cantworkitout/status/<blockquote class="></a></p></blockquote><div class="see-more__filter"></div></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ AWS Network Firewall provides network protection across all workloads ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/amazon-web-services-aws/357810/aws-network-firewall-adds-network-protection-across-all</link>
                                                                            <description>
                            <![CDATA[ New firewall tools offer improved security in virtual private clouds ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4gfuQsMUzvXyExNcGEjARP</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XCVVqS4MFhRtCGKFCpAK6Z-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 18 Nov 2020 19:54:24 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Rene Millman ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/vwWuTPNRCuw9vEaWzuXYnR.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XCVVqS4MFhRtCGKFCpAK6Z-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Virtual security/privacy shield]]></media:description>                                                            <media:text><![CDATA[Virtual security/privacy shield]]></media:text>
                                <media:title type="plain"><![CDATA[Virtual security/privacy shield]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XCVVqS4MFhRtCGKFCpAK6Z-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>AWS has launched a new security service for customers running virtual private clouds on AWS. </p><p>The AWS Network Firewall promises a high-availability, managed network firewall for customers’ workloads. <a href="https://www.itpro.com/amazon-web-services-aws/34126/amazon-web-services-review-aws-packs-in-more-features-than-any-other" data-original-url="https://www.itpro.com/amazon-web-services-aws/34126/amazon-web-services-review-aws-packs-in-more-features-than-any-other">AWS</a> claims the firewall will offer protections against common network threats, including dynamic packet filtering, intrusion prevention and detection, and web filtering.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/93784/unilever-outsources-firewalls-for-10m" data-original-url="/93784/unilever-outsources-firewalls-for-10m">Unilever outsources firewalls for £10m</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/606186/juniper-launches-high-performance-firewall" data-original-url="/606186/juniper-launches-high-performance-firewall">Juniper launches high performance firewall</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/631033/qualys-launches-open-source-firewall-project" data-original-url="/631033/qualys-launches-open-source-firewall-project">Qualys launches open source firewall project</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/23597/cyberoam-cr2500ing-xp-firewall-review" data-original-url="/security/23597/cyberoam-cr2500ing-xp-firewall-review">Cyberoam CR2500iNG-XP firewall review</a></p></div></div><p>AWS said customers can also implement customized Snort and Suricata rules — two widely used <a href="https://www.itpro.com/software/28109/what-is-open-source" data-original-url="https://www.itpro.com/software/28109/what-is-open-source">open-source</a> formats — to further tailor protections, like: </p><ul><li>Preventing their VPCs from accessing unauthorized domains</li><li>Blocking thousands of known bad IP addresses</li><li>Defending against common exploits by identifying patterns and behaviors associated with known threats.</li></ul><p>In a blog post, Channy Yun, principal developer advocate for AWS, said the Network Firewall makes firewall activity visible in real-time via CloudWatch metrics and offers increased visibility of network traffic by sending logs to <a href="https://aws.amazon.com/s3">S3</a>, <a href="https://aws.amazon.com/cloudwatch">CloudWatch</a> and <a href="https://aws.amazon.com/kinesis/firehose">Kinesis Firehose</a>.</p><p>“Network Firewall is integrated with <a href="https://aws.amazon.com/firewall-manager">AWS Firewall Manager</a>, giving customers who use <a href="https://aws.amazon.com/organizations">AWS Organizations</a> a single place to enable and monitor firewall activity across all your VPCs and AWS accounts,” he said.</p><p>Steve Schmidt, <a href="https://www.itpro.com/careers/28228/ciso-job-description-what-does-a-ciso-do" data-original-url="https://www.itpro.com/careers/28228/ciso-job-description-what-does-a-ciso-do">CISO</a> at AWS, said that when talking to customers about what they want in a cloud network firewall, they say network protections that work with their existing security systems and without the headache of managing the underlying infrastructure.</p><p>“AWS Network Firewall provides scalable network protections that allow customers to deploy highly customizable rules for their entire AWS infrastructure, and integrates with many of the APN partner services that customers already use. Best of all, there’s no need to configure or maintain additional infrastructure,” he added.</p><p>AWS partners have built integrations with AWS Network Firewall include: </p><ul><li>Accenture</li><li>Alert Logic</li><li>Check Point Software Technologies</li><li>CrowdStrike</li><li>Datadog</li><li>Fortinet</li><li>Hashicorp</li><li>IBM</li><li>Palo Alto Networks</li><li>Rackspace</li><li>Splunk</li><li>SumoLogic</li><li>Trend Micro</li><li>Tufin</li></ul><p>AES expects more partners to come soon. These integrations allow customers to easily incorporate AWS Network Firewall into their existing security workflows for orchestration, automation and threat detection and response.</p><p>“We've made this expertise available to all AWS Network Firewall customers in the form of managed rules based on threat intelligence from FortiGuard Labs. Our collaboration with AWS will make it easy for customers to seamlessly integrate Fortinet threat intelligence with AWS Network Firewall as an additional layer of protection alongside their existing security,” said John Maddison, EVP of products and CMO at Fortinet.</p><p>AWS Network Firewall is available now in the US East (Northern Virginia), US West (Oregon), and Europe (Ireland) Regions. Pricing starts at 39.5 cents per hour a firewall is provisioned and 6.5 cents every GB of data the firewall processes.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ How switching off your firewall can actually make you safer ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/cloud/cloud-security/356852/how-switching-off-your-firewall-can-actually-make-you-safer</link>
                                                                            <description>
                            <![CDATA[ Cloudflare for Teams can protect devices, networks, and internal applications without compromising performance ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">wZ3poaHmt5ZfjzjttZ6LYW</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/9Vi23mB7chP54xSZAPbrdn-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 21 Aug 2020 10:58:24 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ IT Pro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                    <sponsoredContent>true</sponsoredContent>
                                <cf:isSponsored>true</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/9Vi23mB7chP54xSZAPbrdn-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/9Vi23mB7chP54xSZAPbrdn-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <div class="youtube-video" data-nosnippet ><div class="video-aspect-box"><iframe data-lazy-priority="high" data-lazy-src="https://www.youtube-nocookie.com/embed/l_J9JNGvqlI" allowfullscreen></iframe></div></div><p>For many years, the corporate VPN has been regarded as more of a necessary evil than a treasured part of the business’ IT estate; although VPN appliances were vital for allowing employees to access corporate tools and resources while outside the office, they were slow, cumbersome and frustrating to use. They’re also often ill-suited to the high demands placed on them by the modern SaaS applications relied on by many businesses.</p><p>Thankfully, organisations no longer have to depend on physical VPN appliances; they can utilise the power of the cloud to authenticate and protect their employees wherever they are in the world, depending the edge of the corporate network, whatever that edge happens to look like.</p><p>Join IT Pro reviews and community editor Adam Shepherd and Cloudflare product manager Sam Rhea to find out how Cloudflare for Teams can protect devices, networks, and internal applications without compromising performance.</p><h3 class="article-body__section" id="section-adam-shepherd"><span>Adam Shepherd</span></h3><p><em>Reviews and Community Editor, IT Pro</em></p><p>As reviews and community editor, Adam is responsible for coordinating all of the hardware and software reviews across IT Pro, Cloud Pro and Channel Pro, from laptops and smartphones, all the way up to enterprise-grade data centre servers and network management software. He also runs the IT Pro Panel, a flagship initiative which sees CIOs and tech leaders from the likes of Dominos, Oxfam and GoCompare sharing their experience and insight with the IT Pro community.</p><h3 class="article-body__section" id="section-sam-rhea"><span>Sam Rhea</span></h3><p><em>Product Manager, Cloudflare</em></p><p>Sam Rhea is a Product Manager at Cloudflare, where he focuses on products that secure teams and their data.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ How to build your own firewall with pfSense ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/firewalls/355328/how-to-build-your-own-firewall-with-pfsense</link>
                                                                            <description>
                            <![CDATA[ Create your own physical or virtual appliance with this free-to-use open source software ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">ethHzGGn8sfmNgyC2sMQSX</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/3X5PkZhb6mbqEHSuHndPUk-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 15 Apr 2020 12:44:27 +0000</pubDate>                                                                                                                                <updated>Mon, 17 Apr 2023 14:35:41 +0000</updated>
                                                                                                                                            <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ K.G. Orphanides ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/sZCck6JUYUwhUf9f8q9pWc.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                        <dc:contributor><![CDATA[ Andrew Webb ]]></dc:contributor>
                                                                    <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/3X5PkZhb6mbqEHSuHndPUk-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Firewall global security]]></media:description>                                                            <media:text><![CDATA[Firewall global security]]></media:text>
                                <media:title type="plain"><![CDATA[Firewall global security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/3X5PkZhb6mbqEHSuHndPUk-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A firewall is a network security device that monitors incoming and outgoing network traffic and permits or blocks data packets based on a predetermined set of security rules. It's a must-have for businesses that have mighgrated their <a href="https://www.itpro.com/cloud/355011/how-to-migrate-your-smb-network-to-the-cloud" data-original-url="https://www.itpro.com/cloud/355011/how-to-migrate-your-smb-network-to-the-cloud">IT infrastructure and services to the cloud</a>, as an enterprise firewall will handle your internet connection and <a href="https://www.itpro.com/network-internet/virtual-private-network-vpn/355071/does-your-business-need-its-own-vpn" data-original-url="https://www.itpro.com/network-internet/virtual-private-network-vpn/355071/does-your-business-need-its-own-vpn">any site-to-site or site-to-cloud VPN requirements</a>. </p><p>While crucial, the licensing costs for firewall devices from Cisco, Juniper, Sonicwall et al are often extremely high, and many IT administrators dread the arrival of the annual licence renewal invoice, award that it'll eat up a huge chunk of their yearly IT budget. </p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/624097/one-in-ten-it-professionals-cheat-on-firewall-audit" data-original-url="/624097/one-in-ten-it-professionals-cheat-on-firewall-audit">One in ten IT professionals cheat on firewall audit</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/23597/cyberoam-cr2500ing-xp-firewall-review" data-original-url="/security/23597/cyberoam-cr2500ing-xp-firewall-review">Cyberoam CR2500iNG-XP firewall review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/631033/qualys-launches-open-source-firewall-project" data-original-url="/631033/qualys-launches-open-source-firewall-project">Qualys launches open source firewall project</a></p></div></div><p>Enter pfSense, an open source enterprise firewall based on <a href="https://www.itpro.com/620659/freebsd-and-the-gpl" target="_blank" data-original-url="https://www.itpro.com/620659/freebsd-and-the-gpl">FreeBSD</a> that offers features comparable to many of the most expensive big-name options on offer, along with a wide range of packages available to extend its capabilities. The best part is, as <a href="https://www.itpro.com/development/open-source/354680/the-it-pro-podcast-opening-up-to-open-source" data-original-url="https://www.itpro.com/development/open-source/354680/the-it-pro-podcast-opening-up-to-open-source">an open source solution</a>, pfSense is completely free, and all of its features are available without any commercial licensing requirements.</p><p>Support for pfSense is provided by Netgate, which also manufactures network appliances that use the operating system.</p><p>This tutorial will take you through the installation and basic setup of a pfSense device. We will be using the scenario of a business with no on-premises servers, using cloud services or hosting for their IT requirements. </p><h3 class="article-body__section" id="section-hardware-requirements"><span>Hardware requirements</span></h3><p>In terms of hardware, pfSense requires a CPU with a base frequency of 600Mhz, at least 512MB RAM, one or more compatible <a href="https://www.itpro.com/616171/cisco-launches-new-virtual-interface-card" target="_blank" data-original-url="https://www.itpro.com/616171/cisco-launches-new-virtual-interface-card">network interface cards</a> (NICs), a bootable USB drive or CD/DVD-ROM for initial installation, and at least 4GB of available storage - either on a hard disk, or a flash device such as an SD card.</p><p>However, the exact requirements you will require will depend on the number of rules and VPNs that you have on your device, along with the amount of data folowing through it. </p><p><a href="https://www.itpro.com/security/27098/best-vpn-services" target="_blank" data-original-url="https://www.itpro.com/security/27098/best-vpn-services">VPN</a> performance, particularly, is dependent on how much processor power your endpoint has, and depending on the size and complexity of your local network layout, you may want a device with more than two network interfaces.</p><p>Purpose-built pfSense devices are available from many manufacturers, including the makers of pfSense themselves. However, you can also set it up on <a href="https://www.itpro.com/cloud/virtual-machines/355269/getting-started-with-virtual-machines" data-original-url="https://www.itpro.com/cloud/virtual-machines/355269/getting-started-with-virtual-machines">a virtual machine running on your choice of hypervisor</a>, or build your own using a standard desktop PC or server.</p><p>Whatever hardware you’re using, the setup process is the same. Hook up a monitor and keyboard to your device or use the virtual console if you are installing on a virtual machine. Do not connect any of the network interfaces to a network yet: we’ll get to that later in the installation and setup process.</p><h3 class="article-body__section" id="section-step-1-install-pfsense-on-your-device"><span>Step 1: Install pfSense on your device</span></h3><p>Download the installer from <a href="https://www.pfsense.org/download">the pfSense website</a>, taking care to get the version that matches your environment and preferred installation method. Burn the CD or write the image to a USB drive as required.</p><p>Boot your device from the installation media you created and wait until it has completed booting, and displays the software license screen. Go through and accept the license terms and move on to the installation. Select “Install” from the menu, choose the correct keyboard layout for your region, then select continue.</p><p>From the next menu, select automatic partitioning and hit enter to continue.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="3w5zkkVAB6rVZNoKS73eYb" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/3w5zkkVAB6rVZNoKS73eYb.png" mos="https://cdn.mos.cms.futurecdn.net/3w5zkkVAB6rVZNoKS73eYb.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>pfSense will partition the disk, and move straight on to the installation. When this has finished, say no to opening a shell to edit the system. Finally, remove the installation media and hit enter on the next screen to reboot into your new pfSense system.</p><h3 class="article-body__section" id="section-step-2-console-configuration"><span>Step 2: Console configuration </span></h3><p>Once the system has rebooted, you’ll be prompted to set up basic networking. Answer no when asked if VLANs should be set up now and move on to the network interface setup. Hit “a” to start auto-detection of the WAN interface and follow the instructions on screen, connecting the cable when required, in order to correctly identify the interface. Repeat the process for the LAN interface. Don’t forget to physically label the interfaces on the device as well.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="AYHUeQN5KhrLRsQs4cAdjK" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/AYHUeQN5KhrLRsQs4cAdjK.png" mos="https://cdn.mos.cms.futurecdn.net/AYHUeQN5KhrLRsQs4cAdjK.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Once you have both the LAN and WAN interfaces identified correctly, hit “y” to continue. pfSense will carry on booting, then display the status of the network interfaces and present you with the console admin menu. </p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="RC7oPCrvMzowAFGteHedd3" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/RC7oPCrvMzowAFGteHedd3.png" mos="https://cdn.mos.cms.futurecdn.net/RC7oPCrvMzowAFGteHedd3.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The LAN interface defaults to an IPv4 address of 192.168.1.1/24. If you need to change this to match your existing network, select option 2 (set interface IP address) from the menu, then option 2 again to edit the LAN interface. Enter the desired LAN IPv4 address and subnet mask for the device when prompted. Don’t enable IPv6 or DHCP right now; we’ll do that later from the web admin interface.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="CBBjiVDdB4xAtiu7VSyzAi" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/CBBjiVDdB4xAtiu7VSyzAi.png" mos="https://cdn.mos.cms.futurecdn.net/CBBjiVDdB4xAtiu7VSyzAi.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h3 class="article-body__section" id="section-step-3-initial-configuration-wizard"><span>Step 3: Initial configuration wizard</span></h3><p>Configure a computer with a static IPv4 address in the same range as the IPv4 address you assigned to the LAN interface on the firewall. You can connect this computer directly to the LAN port on the firewall (using a crossover cable if you’re working with older hardware that doesn’t support Auto-MDIX) or connect via a switch.</p><p>Using your web browser, go to the LAN IPv4 address that we configured in the previous step. Log in using the username “admin” and the default password “pfsense”. You will be presented with the initial setup wizard. Click on next, then next again at the following screen to begin the setup of your new firewall.</p><p>Enter the name you want to give your firewall, and the domain associated with your internal office network. We’re going to be boring and use “firewall” for the name, and “local” for the domain, but you should probably come up with something more distinctive.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="YjmN48PKCeBCbNx5wJL4Zc" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/YjmN48PKCeBCbNx5wJL4Zc.png" mos="https://cdn.mos.cms.futurecdn.net/YjmN48PKCeBCbNx5wJL4Zc.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Click on next to move on to step 3 of the wizard. The time server can be left on the default, or set to a different one if you have a preferred NTP server for devices on your network. Set your time zone, and then click next to move on to step 4.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="EvWq2XUHgQtPe5z7jPErrD" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/EvWq2XUHgQtPe5z7jPErrD.png" mos="https://cdn.mos.cms.futurecdn.net/EvWq2XUHgQtPe5z7jPErrD.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Now you need to set up your WAN interface. We’re using DHCP, so can leave everything on the defaults, but if you are connecting this device to an ADSL line via a DSL modem in bridge mode, you should select PPPoE here and enter the details provided by your ISP in the PPPoE section of this page. Once you’ve completed WAN configuration, scroll to the bottom of the page and click next to move on to step 5, where we can review the LAN IPv4 address we configured earlier, and change it if necessary. Click next to keep the address the same and move on to step 6.</p><p>Set a new admin password, not forgetting to make a note of it somewhere, and then click next to move on to step 7.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="keB9pW8g9ZT8xiUTZ5X6iV" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/keB9pW8g9ZT8xiUTZ5X6iV.png" mos="https://cdn.mos.cms.futurecdn.net/keB9pW8g9ZT8xiUTZ5X6iV.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Click on reload to apply these changes to the device. If you changed the LAN IPv4 address in step 5, you will need to enter that address in your browser after this to access the device. Wait for the reload to complete, then click Finish on the last screen to exit the wizard and go to the device dashboard. Read and accept the license for the software again when prompted, then click close to clear the “Thank you” popup.</p><h3 class="article-body__section" id="section-step-4-ipv6"><span>Step 4: IPv6</span></h3><p>If your ISP offers IPv6 (as almost all do now) this is the time to set up the WAN interface IPv6 options to match those provided by your ISP. Select the Interfaces pull-down menu from the top menu bar, and select the WAN interface.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="y8EH7AGfMyGcy8zVq2xnB3" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/y8EH7AGfMyGcy8zVq2xnB3.png" mos="https://cdn.mos.cms.futurecdn.net/y8EH7AGfMyGcy8zVq2xnB3.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>You will also need to set up IPv6 on your LAN interface. pfSense supports <a href="https://www.itpro.com/internet-protocol-version-6-ipv6/30657/whatever-happened-to-ipv6" data-original-url="https://www.itpro.com/internet-protocol-version-6-ipv6/30657/whatever-happened-to-ipv6">a range of different IPv6 configurations</a>, from static IPv6 and DHCPv6 to stateless address autoconfiguration (SLAAC), 6to4 tunnelling and upstream interface tracking. Exactly which one you need will depend on the IPv6 provision from your ISP, who should provide you with adequate setup information to correctly configure your connection.</p><h3 class="article-body__section" id="section-step-5-setting-up-local-network-services"><span>Step 5: Setting up local network services</span></h3><p>From the menu bar across the top of the pfSense admin page, open the Services pull-down menu and select DHCP server. Tick the “Enable” box to turn on the DHCP server for your LAN interface, then enter the range of IPv4 addresses that will be allocated to devices on your LAN. We’ll set up a range of 200 addresses in this instance. Leave the DNS and WINS server options unset, as the firewall will use those allocated by the ISP on the WAN interface.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="FUhk4rMJhDJZwAWQKvnbB5" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/FUhk4rMJhDJZwAWQKvnbB5.png" mos="https://cdn.mos.cms.futurecdn.net/FUhk4rMJhDJZwAWQKvnbB5.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Scroll down to the bottom of the page and hit save. The DHCP service will start automatically. The setup wizard will have automatically created a single outbound NAT rule for you, so you should be able to access the internet from devices behind your new firewall.</p><h3 class="article-body__section" id="section-further-configuration"><span>Further configuration</span></h3><p>If you require VPN links to your cloud provider, or to other offices, you can now set them up. We will not go into detail about that here as there are too many different types of VPN to cover, and the process is largely the same with any enterprise firewall device. </p><p>Additional services such as traffic prioritization, web filtering, load balancing multiple internet connections and so on are all available, either already built in or via add-on packages. These can be installed from the package manager, found on the System menu pull-down at the left of the top menu bar.</p><p>Take some time to explore the various menus and services to familiarize yourself with your new firewall and discover its many features.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Decade-old vulnerability found in globally popular office phone ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/34189/decade-old-vulnerability-found-in-globally-popular-office-phone</link>
                                                                            <description>
                            <![CDATA[ Avaya's VOIP phones are used by 90% of Fortune 100 companies ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">34QvdvPg9cgNMgX5D8De1k</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/kE6s6mWSkr4NHS9zG86RZm-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 09 Aug 2019 11:29:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/kE6s6mWSkr4NHS9zG86RZm-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Office building with lots of windows]]></media:description>                                                            <media:text><![CDATA[Office building with lots of windows]]></media:text>
                                <media:title type="plain"><![CDATA[Office building with lots of windows]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/kE6s6mWSkr4NHS9zG86RZm-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>A decade-old vulnerability has been found in the firmware of an Avaya desk phone used by the world's leading businesses.</p><p>The exploit could allow a hacker to perform a remote code execution (RCE) attack on the affected device providing they had access to the network to which the Avaya phone was connected.</p><p>Researchers were able to take over the normal operation of the phone, exfiltrate audio from the speakerphone and potentially bug the phone too.</p><p>The flaw actually sits in the <a href="https://securingtomorrow.mcafee.com/other-blogs/mcafee-labs/avaya-deskphone-decade-old-vulnerability-found-in-phones-firmware" target="_blank">phone's open source software</a>, a fault that was first discovered in 2009 and has now been found once again in the Avaya 9600 series IP Deskphone by McAfee's Advanced Threat Research Team.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/cloud/33276/avaya-boosts-contact-centre-service-with-googles-cloud-and-ai-tech" data-original-url="/cloud/33276/avaya-boosts-contact-centre-service-with-googles-cloud-and-ai-tech">Avaya boosts contact centre service with Google's cloud and AI tech</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/networking/26879/what-is-voip-how-to-choose-the-perfect-system" data-original-url="/networking/26879/what-is-voip-how-to-choose-the-perfect-system">What is VoIP? How to choose the perfect system</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/32826/john-mcafee-goes-on-the-run-from-the-us-government-again" data-original-url="/security/32826/john-mcafee-goes-on-the-run-from-the-us-government-again">John McAfee goes on the run from the US government - again</a></p></div></div><p>"We were able to find the presence of an RCE vulnerability in a piece of open source software that Avaya likely copied and modified 10 years ago, and then failed to apply subsequent security patches to," said McAfee senior security researcher Philippe Laulheret.</p><p><a href="https://www.itpro.com/cloud/33276/avaya-boosts-contact-centre-service-with-googles-cloud-and-ai-tech" target="_blank" data-original-url="https://www.itpro.com/cloud/33276/avaya-boosts-contact-centre-service-with-googles-cloud-and-ai-tech">Avaya</a> is the second largest voice over IP (VOIP) provider in the world behind Cisco and has an install base covering 90% of Fortune 100 companies, according to figures sourced by McAfee.</p><p>This is a classic case of unattended legacy technology coming back to bite businesses, according to Raj Samani, chief scientist and McAfee fellow.</p><p>"Legacy code and technical debt can be found everywhere in our increasingly connected world; if left unpaid, the resulting 'interest' can be detrimental," said Samani.</p><p>"Technology is only as secure as the weakest link in the chain, and this can many times be a device you might not expect," he added. "This highlights the importance of staying on top of network monitoring: if connected devices are talking with each other when they are not supposed to, this should raise red flags."</p><p>In Avaya's <a href="https://downloads.avaya.com/css/P8/documents/101059945" target="_blank">security advisory</a>, published in July, it recommended all of its customers to deploy industry best practices such as implementing firewalls, ACLs, physical security and appropriate access restrictions until a fix was released.</p><p>"In this case, with a minimal hardware investment and free software, we were able to uncover a critical bug that remained out-of-sight for more than a decade," said Laulheret. "Avaya was prompt to fix the problem and the threat this bug poses is now mitigated, but it is important to realise this is not an isolated case and many devices across multiple industries still run legacy code more than a decade old."</p><p>McAfee urges companies that use the phone to check the model and its firmware to ensure they're not affected - the Avaya 9600 series IP Deskphone is the affected model but it also supports two different software stacks. Only the H.323 stack is affected as opposed to the SIP stack which is also compatible.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Flaws in 4G and 5G could allow attackers to launch DoS attacks and track location ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/network-internet/33081/flaws-in-4g-and-5g-could-allow-attackers-to-launch-dos-attacks-and-track</link>
                                                                            <description>
                            <![CDATA[ Researchers present their findings just as manufacturers gear up to launch wave of 5G-ready handsets ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">eJ72yHzqUCsnAuW976gLrt</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/iUKv9rpVHREKDdBwmPuJoN-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 25 Feb 2019 11:48:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/iUKv9rpVHREKDdBwmPuJoN-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Businessman making a phone call via a 5G network]]></media:description>                                                            <media:text><![CDATA[Businessman making a phone call via a 5G network]]></media:text>
                                <media:title type="plain"><![CDATA[Businessman making a phone call via a 5G network]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/iUKv9rpVHREKDdBwmPuJoN-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Academics have discovered three new vulnerabilities in 4G and 5G networks that could allow malicious actors to track a user's location as well as intercept phone calls.</p><p>A new set of attacks, outlined in a paper named <em>'<a href="http://homepage.divms.uiowa.edu/~comarhaider/publications/LTE-torpedo-NDSS19.pdf" target="_blank">Privacy Attacks to the 4G and 5G Cellular Paging Protocols Using Side Channel Information</a>'</em>, exploits the paging protocol, a mechanism which notifies a phone about an incoming call or text message.</p><p>Starting and cancelling several calls within a short period of time could trigger a paging message, without notifying a device about an incoming call, which could allow an attacker to track somebody's location.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/networking/26440/what-is-5g-ultimate-guide" data-original-url="/networking/26440/what-is-5g-ultimate-guide">What is 5g? Ultimate guide</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/mobile/28105/4g-vs-5g-whats-the-difference" data-original-url="/mobile/28105/4g-vs-5g-whats-the-difference">4G vs 5G - what's the difference?</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/mobile/33049/samsung-announces-5g-enabled-smartphone" data-original-url="/mobile/33049/samsung-announces-5g-enabled-smartphone">Samsung announces 5G-enabled smartphone</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/mobile/33071/huawei-mate-x-the-worlds-fastest-foldable-5g-smartphone" data-original-url="/mobile/33071/huawei-mate-x-the-worlds-fastest-foldable-5g-smartphone">Huawei Mate X: The "world's fastest" foldable 5G smartphone</a></p></div></div><p>An attacker would also be able to hijack the paging occasion fixed by the design of 4G and 5G protocols, the time period where the handset polls for services, and pair this with identifiers, such as their phone number. This attack, dubbed Torpedo, could then allow an attacker to send spoof messages or block messages altogether.</p><p>Moreover, Torpedo allows malicious attackers to spring two further attacks on their victims, named Piercer and the ISMSI-Cracking attack. The former would allow an attacker to find a user's unique international mobile subscriber identity (IMSI) on the 4G network. The latter, meanwhile, could brute force the encrypted IMSI number for both 4G and 5G numbers.</p><p>"The cellular paging (broadcast) protocol strives to balance between a cellular device's energy consumption and quality-of-service by allowing the device to only periodically poll for pending services in its idle, low-power state," the researchers explained.</p><p>"For a given cellular device and serving network, the exact time periods when the device polls for services (called the paging occasion) are fixed by design in the 4G/5G cellular protocol.</p><p>"Our paper sheds light on an inherent design weakness of the 4G/5G cellular paging protocol which can be exploited by an attacker to not only obtain the victim's paging occasion but also to identify the victim's presence in a particular cell area just from the victim's soft-identity."</p><p>The weaknesses were discovered to reside with the networks of all four major telecoms suppliers in the US, and a spattering of firms in Europe and Asian countries, including three from Germany, four providers from Austria, and one in Iceland.</p><p>The findings are the latest in a series of security concerns with 5G networks that researchers have demonstrated, well in advance of 5G becoming rolled out on a mainstream basis. Another critical vulnerability in the upcoming 3G, 4G, and 5G network protocols, outlined by academics at the start of the month, <a href="https://www.itpro.com/mobile/32893/5g-security-concerns-persist-with-new-research-pointing-to-critical-flaw" target="_blank" data-original-url="https://www.itpro.com/mobile/32893/5g-security-concerns-persist-with-new-research-pointing-to-critical-flaw">could enable the eavesdropping of calls</a>.</p><p>The latest research into 5G network security also emerges as a host of manufacturers debut a fleet of 5G-ready devices at this year's Mobile World Congress (MWC). These include Huawei's 5G-ready 'foldable', <a href="https://www.itpro.com/mobile/33071/huawei-mate-x-the-worlds-fastest-foldable-5g-smartphone" target="_blank" data-original-url="https://www.itpro.com/mobile/33071/huawei-mate-x-the-worlds-fastest-foldable-5g-smartphone">dubbed the Mate X</a>, as well as the <a href="https://www.itpro.com/mobile/33049/samsung-announces-5g-enabled-smartphone" target="_blank" data-original-url="https://www.itpro.com/mobile/33049/samsung-announces-5g-enabled-smartphone">Samsung Galaxy S105G</a>.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WatchGuard Firebox M670 review: Dazzling value ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/32644/watchguard-firebox-m670-review-dazzling-value</link>
                                                                            <description>
                            <![CDATA[ A class security act at a very competitive price ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">nDrVkScqexoeD7ih66rWEt</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/CFWfj8jrWUnBPccdKh2jPm-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 02 Jan 2019 15:32:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/CFWfj8jrWUnBPccdKh2jPm-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/CFWfj8jrWUnBPccdKh2jPm-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Stepping in at the top of WatchGuard's family of mid-range security appliances, the Firebox M670 delivers an impressively high performance at a low price. Targeting medium-sized businesses and distributed enterprises, the M670 boasts a raw firewall throughput of 34Gb/sec, dropping to 5.4Gb/sec with all security engines fired up.</p><p>This 1U rack appliance comes with eight Gigabit ports and the single expansion bay to the right accepts a range of sensibly-priced modules. WatchGuard offers ones with eight copper or fibre Gigabit plus a quad-port 10GbE fibre module which costs 1,163 exc VAT.</p><p>High availability is also on the cards; you can team up two M670 appliances as an active/passive pair. WatchGuard sweetens the deal as it's currently offering a 50% price reduction on the second appliance.</p><h2 id="watchguard-firebox-m670-review-security-features-and-options">WatchGuard Firebox M670 review: Security features and options</h2><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/31228/watchguard-firebox-t55-w-review" data-original-url="/firewalls/31228/watchguard-firebox-t55-w-review">WatchGuard Firebox T55-W review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/31197/watchguard-firebox-t15-review" data-original-url="/firewalls/31197/watchguard-firebox-t15-review">WatchGuard Firebox T15 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/32266/watchguard-firebox-m270-review-top-notch-security-rock-bottom-price" data-original-url="/security/32266/watchguard-firebox-m270-review-top-notch-security-rock-bottom-price">WatchGuard Firebox M270 review: Top-notch security, rock-bottom price</a></p></div></div><p>The M670 is packed to the gills with security features and WatchGuard offers a range of flexible licensing schemes. The Basic Security Suite subscription is available for one or three year periods and enables antivirus, antispam, web filtering, HTTPS inspection, IPS, application controls and WatchGuard's RED (reputation enabled defence) cloud URL filtering service.</p><p>We've priced up our review appliance with a full 3-year Total Security Suite (TSS) subscription, which adds WatchGuard's advanced persistent threat (APT) blocker plus data leak prevention (DLP) services and teams them up with a Gold 24/7 support contract. All subscriptions include the gateway antivirus service which the TSS augments with WatchGuard's IntelligentAV that employs the Cylance AI-based engine for signature-less malware scanning.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="FJAUUtoHac8vUbX2oBVQEk" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/FJAUUtoHac8vUbX2oBVQEk.png" mos="https://cdn.mos.cms.futurecdn.net/FJAUUtoHac8vUbX2oBVQEk.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>You get WatchGuard's DNSWatch service which monitors client DNS requests and blocks access to known malicious domains. The latest Fireware 12.3 software also adds secure software defined WAN (SD-WAN) services as a standard feature across all Firebox appliances.</p><h2 id="watchguard-firebox-m670-review-installation-and-management">WatchGuard Firebox M670 review: Installation and management</h2><p>It may be big on features, but we found the M670 as easy to deploy as WatchGuard's small business appliances. On first contact, the web console runs a quick start wizard to secure admin access and get Internet access enabled on the default WAN port along with DHCP services on the first trusted LAN interface.</p><p>The wizard defaults to mixed-mode routing which allows all network ports to be defined as separate interfaces. Configuring the remaining ports is simple: we defined them as external, trusted, optional or custom and added DHCP services on selected trusted ports.</p><p>WatchGuard's smart browser interface opens with an informative dashboard. It provides a breakdown of traffic for the top clients, web destinations, policies and applications with options to drill down for more detail.</p><p>Triple-play management is available as along with the appliance's web console, you can install WatchGuard's free System Manager (WSM) suite on a separate Windows host to provide central management, logging and reporting services. We run WatchGuard's Dimension (also free) as a Hyper-V VM in the lab and securely linked it with the M670 by importing a configuration file into the appliance. Once accepted, we used the Dimension web console to view appliance utilisation, an executive dashboard, policy activity graphs and a global threat map.</p><h2 id="watchguard-firebox-m670-review-rules-and-proxies">WatchGuard Firebox M670 review: Rules and proxies</h2><p>The Fireware software employs proxies to enforce security and these are provided for HTTP, HTTPS, FTP, SIP, IMAP, POP3 and SMTP. We found proxy configuration pleasantly simple as wizards help create firewall rules and policy actions for each one.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="Nixbc6dbC7UxAQgwHiRZaG" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/Nixbc6dbC7UxAQgwHiRZaG.png" mos="https://cdn.mos.cms.futurecdn.net/Nixbc6dbC7UxAQgwHiRZaG.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Configuring the WebBlocker service is a swift three step process. You can choose from over 180 URL categories, decide which ones to block or log, enable filtering for HTTP and HTTPS traffic and leave the wizard to sort out the firewall rules.</p><p>Anti-spam measures can be applied to SMTP traffic inbound to an internal mail server and it can transparently scan POP and IMAP mail. For the POP3 proxy, we set the service to tag dubious messages as 'bulk', suspect' or 'spam' and enabled the virus outbreak detection option which strips out infected attachments.</p><p>Gateway AV scanning can be enabled on selected proxies and you'll need this running if you want to use the APT service. This scans inbound files, creates MD5 hashes and checks them with the LastLine cloud service to see if they're known malware.</p><h2 id="watchguard-firebox-m670-review-sd-wans-and-more">WatchGuard Firebox M670 review: SD-WANs and more</h2><p>For the SD-WAN service, you designate multiple ports as external interfaces, link them together with rules and use packet loss, latency or jitter thresholds to determine routing decisions and failover. Along with options to dynamically route sensitive traffic such as VoIP through high-bandwidth WAN links, you have the added bonus that unlike many SD-WAN point solutions, you won't have the additional expense of securing them.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="7M7NETTKyMNL2PmF64sAfL" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/7M7NETTKyMNL2PmF64sAfL.png" mos="https://cdn.mos.cms.futurecdn.net/7M7NETTKyMNL2PmF64sAfL.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>DNSWatch is activated with one click and once it had registered with the WatchGuard cloud service, we could set enforcement on all network interfaces or just selected ones. We triggered this during testing and received email alerts advising us that access to some dodgy domains had been blocked along with a link to view more detail in WatchGuard's cloud portal.</p><p>Application awareness controls access to hundreds of apps and has eleven entries for Facebook alone. DLP is another easy one to configure and uses predefined and custom rules on the HTTP, FTP and SMTP proxies to check for keywords such as social security or credit card numbers.</p><h2 id="watchguard-firebox-m670-review-verdict">WatchGuard Firebox M670 review: Verdict</h2><p>The Firebox M670 is an impressive appliance as it delivers a superb range of security measures at a price that easily beats much of the big-name competition for value. The new SD-WAN feature adds even more versatility and value gets even better as WatchGuard includes all appliance and security policy management software for free and not as chargeable options.</p><h2 id="verdict">Verdict</h2><p>A very affordable choice for mid-sized businesses, the Firebox M670 is surprisingly easy to deploy and teams up top performance with an amazing range of security measures</p><p>Chassis: 1U rack</p><p>Memory: 8GB RAM</p><p>Network: 8 x Gigabit</p><p>Expansion: 1 x module bay</p><p>Other ports: 2 x USB 2, RJ-45 serial</p><p>Power: 1 x internal PSU</p><p>Management: Web browser, WatchGuard WSM/Dimension/Command</p><p>Warranty: 3-year advanced hardware replacement</p><p>Optional modules: 8 x 1GbE copper, £830; 8 x 1GbE fibre, £996; 4 x 10GbE fibre, £1,163 (all exc VAT)</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Attackers target SIP flaws in Cisco firewalls to overload devices ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/32286/attackers-target-sip-flaws-in-cisco-firewalls-to-overload-devices</link>
                                                                            <description>
                            <![CDATA[ There are no patches or workarounds available for two software bugs found last week ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">9cJLnYqy7NQicBATCXDDTi</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/i6KXb4FkbudznrZS7bXkyP-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 05 Nov 2018 10:13:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Keumars Afifi-Sabet ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/EAvwpZggMZ2K5h8s2pTAEm.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/i6KXb4FkbudznrZS7bXkyP-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[hacking]]></media:description>                                                            <media:text><![CDATA[hacking]]></media:text>
                                <media:title type="plain"><![CDATA[hacking]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/i6KXb4FkbudznrZS7bXkyP-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Malicious actors are exploiting a Session Initiation Protocol-related (SIP) vulnerability in two Cisco products to trigger high CPU usage and take a system offline.</p><p>SIP is a signalling protocol used to set up and maintain real-time sessions, such as audio or video calls, online. The flaws, which are the result of incorrect handling of SIP traffic, can be exploited by an attacker "sending SIP requests designed to specifically trigger this issue at a high rate", <a href="https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20181031-asaftd-sip-dos" target="_blank">according to the networking giant</a>.</p><p>If exploited correctly, it could cause an affected device to reload, or trigger high CPU usage, leading to a denial-of-service (DoS).</p><p>The bug has been found in Cisco's Adaptive Security Appliance (ASA) and Firepower Threat Defence (FTD) software running on a host of Cisco's physical and virtual appliances. These include the 3000 Series Industrial Security Appliance, Adaptive Security Virtual Appliance, and Firepower 9300 ASA Security Module.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/internet-of-things-iot/30905/attackers-target-vulnerability-in-cisco-switches" data-original-url="/internet-of-things-iot/30905/attackers-target-vulnerability-in-cisco-switches">Attackers target vulnerability in Cisco switches</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/610331/cisco-patches-eight-security-vulnerabilities" data-original-url="/610331/cisco-patches-eight-security-vulnerabilities">Cisco patches eight security vulnerabilities</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/spyware/31458/attackers-targeting-world-cup-fans-with-golden-cup-android-app-loaded-with-spyware" data-original-url="/spyware/31458/attackers-targeting-world-cup-fans-with-golden-cup-android-app-loaded-with-spyware">Attackers targeting World Cup fans with 'Golden Cup' Android app loaded with spyware</a></p></div></div><p>The vulnerability is being exploited if the output of 'show conn port 5060' (where port 5060 on a router is normally reserved for SIP traffic) shows a large number of incomplete SIP connections, and CPU usage is high.</p><p>Users can determine whether their software is affected by running the 'show version' command on the UI, with the bug found in ASA version 9.4 or FTD version 6.0 and above.</p><p>Other affected appliances include ASA 5500-X Series Next-Generation Firewalls, ASA Services Module for Cisco Catalyst 6500 Series Switches and Cisco 7600 Series Routers, Adaptive Security Virtual Appliance (ASAv), Firepower Series 2100 and 4100 Series Security Appliance, and FTD Virtual (FTDv).</p><p>Cisco has said there are no patches available for the bug disclosed last week, nor any workarounds, with mitigation the only option for organisations affected. The company has set out four options for customers who may be under attack.</p><p>Disabling SIP inspection altogether will completely close the attack vector - but could break SIP connections. Blocking traffic from a specific IP address, presumed to be that of an attacker, meanwhile can be done using an access control list (ACL).</p><p>Users could also apply a filter on a 0.0.0.0 sent-by address since Cisco has seen offending traffic set to this invalid value, or implementing a rate limit on SIP traffic.</p><p>The networking giant's products and services are no stranger to abuse, with attackers previously <a href="https://www.itpro.com/internet-of-things-iot/30905/attackers-target-vulnerability-in-cisco-switches" target="_blank" data-original-url="https://www.itpro.com/internet-of-things-iot/30905/attackers-target-vulnerability-in-cisco-switches">exploiting a vulnerability in up to 168,000 unpatched IoT devices</a> earlier this year to leave political messages.</p><p>Cisco first acknowledged the flaws through its Technical Services Advantage (TSA) technical support service, and says it will update its advisory should any patches be made available.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WatchGuard Firebox M270 review: Top-notch security, rock-bottom price ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/32266/watchguard-firebox-m270-review-top-notch-security-rock-bottom-price</link>
                                                                            <description>
                            <![CDATA[ A powerful security appliance that’s chock-full of tough protection measures and priced right for SMBs ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sGkDzshxZU2JjaEZ3EFgkU</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/TRJkAgHsEiiygm4aaxVc74-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 02 Nov 2018 09:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/TRJkAgHsEiiygm4aaxVc74-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/TRJkAgHsEiiygm4aaxVc74-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Small and medium sized businesses (SMBs) are now the go-to place for cyber-criminals as they're seen as soft targets. They need to stiffen their network defenses and WatchGuard has the perfect solution: its Firebox M270 offers enterprise-class security and performance at a sensible price.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/31197/watchguard-firebox-t15-review" data-original-url="/firewalls/31197/watchguard-firebox-t15-review">WatchGuard Firebox T15 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/wifi-hotspots/30296/watchguard-ap420-review" data-original-url="/wifi-hotspots/30296/watchguard-ap420-review">WatchGuard AP420 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security-appliances/28138/watchguard-firebox-t70-review" data-original-url="/security-appliances/28138/watchguard-firebox-t70-review">WatchGuard Firebox T70 review</a></p></div></div><p>Recommended for businesses with around 60 users, this 1U rack appliance boasts a high raw firewall throughput of 4.9Gbits/sec. Enabling gateway AV drops this to 2.1Gbits/sec and activating all UTM services cuts this to a still very respectable 1.6Gbits/sec.</p><p>The price we've shown includes the appliance and a one--year subscription to every security feature you can imagine. It enables web content filtering, application controls, anti-spam, gateway AV, network discovery, IPS, data loss prevention (DLP), Dimension Command and an advanced persistent threat (APT) blocker.</p><p>There's more: you also get WatchGuard's RED (reputation enabled defence) service for even tougher web protection. A Gold Support subscription tops it all off nicely and this includes a free remote setup and configuration session with a WatchGuard in-house engineer.</p><p>Not that the M270 is difficult to deploy. Far from it, as its web console runs a wizard-based setup routine that creates a base set of firewall policies for securing internet access.</p><p>The M270 employs proxies to control different traffic types and each one loads a wizard the first time you access them. Web content filtering takes two minutes to configure, where we chose from 130 URL categories, added blocking actions for the HTTP and HTTPS proxies and watched the wizard add new firewall policy rules.</p><p>Gateway AV comes courtesy of the Bitdefender scanning engine and can be enabled on selected proxies. You now get double protection from malware as the new IntelligentAV feature in Fireware 12.2 uses the Cylance AI-based engine.</p><p>IntelligentAV doesn't rely on signatures, and scans files such as Office documents, Windows portable executables and PDFs after they've passed through the Bitdefender engine. It's activated with one click and automatically applied to all proxies that have gateway AV enabled.</p><p>The new DNSWatch service adds even more web protection by monitoring client DNS requests and blocking access to known malicious domains. It's another service that's easy to enable and can be applied to all or specific network ports on the appliance.</p><p>If you're worried about Facebook sneaking in to the workplace, the M270 has you covered. The Application Control service manages access to hundreds of predefined apps and its 11 entries for Facebook mean you can block all usage or fine-tune access and decide, for example, whether staff can chat, like, comment, edit profiles or transfer files.</p><p>Spam filtering is easy to apply; the spamBlocker wizard asked us to select incoming SMTP traffic and provide an internal mail server address or just activate IMAP or POP3. We chose the latter for transparent scanning where the POP3 proxy client was set to append the subject line of dubious messages with "Spam", "Bulk" or "Suspect" tags so we could filter them out using Outlook message rules.</p><p>The DLP service scans files and emails looking for keywords and can be applied to the HTTP, HTTPS, FTP and SMTP proxies. We created a DLP sensor looking for a group of phrases and when we tried to send Word documents containing these to our external FTP site, the service blocked the transfer.</p><p>The M270 is a great choice for securing large remote or branch offices as multiple appliances can be remotely managed in the cloud or via the free Dimension software. We run Dimension in the lab as a VMware VM and after adding the M270, we could view global threat maps, an executive dashboard and see activities for all its security services.</p><p>The Firebox M270 dispels the notion that high UTM performance has to come at a high price. It offers a persuasive range of security measures and is ideal for SMBs that want the same protection as enterprises but at price they can afford.</p><h2 id="verdict-2">Verdict</h2><p>The Firebox M270 dispels the notion that high UTM performance has to come at a high price. It offers a persuasive range of security measures and is ideal for SMBs that want the same protection as enterprises but at price they can afford.</p><p>1U rack appliance</p><p>4GB RAM</p><p>8 x Gigabit (WAN, 7 x LAN)</p><p>2 x USB 3</p><p>RJ-45 serial port</p><p>Web browser and Dimension management</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Zyxel USG60W review: Makes deployment a breeze ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/32084/zyxel-usg60w-review-makes-deployment-a-breeze</link>
                                                                            <description>
                            <![CDATA[ Well suited to small businesses, Zyxel’s USG60W teams up great gateway security with excellent value ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">o5s5EHDHnbgFK6eRsDmQE7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XceoYQfQLzSjPydMKSyhx4-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 10 Oct 2018 11:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XceoYQfQLzSjPydMKSyhx4-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XceoYQfQLzSjPydMKSyhx4-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Zyxel has a sharp focus on protecting small businesses and its Unified Security Gateway (USG) appliances deliver a fine range of features at a price they'll like. The USG60W sits at the top of this family of four models and is designed to protect at the gateway, where it combines solid UTM capabilities with integral dual 2.4GHz/5GHz radio wireless services.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/wifi-hotspots/30437/zyxel-nwa1123-ac-pro-review" data-original-url="/wifi-hotspots/30437/zyxel-nwa1123-ac-pro-review">ZyXEL NWA1123-AC PRO review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/31228/watchguard-firebox-t55-w-review" data-original-url="/firewalls/31228/watchguard-firebox-t55-w-review">WatchGuard Firebox T55-W review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/wifi-hotspots/31701/zyxel-multy-x-review-screamingly-fast-mesh-wi-fi" data-original-url="/wifi-hotspots/31701/zyxel-multy-x-review-screamingly-fast-mesh-wi-fi">Zyxel Multy X review: Screamingly fast mesh Wi-Fi</a></p></div></div><p>The base unit provides firewalling and VPN services and all security services are activated with a single license. The subscription enables gateway anti-virus, web content filtering, IDP, anti-spam and Zyxel's own application patrol.</p><p>Zyxel has worked hard on making its USG appliances very user-friendly and we could see its efforts had paid off on first contact with its web interface. Sensibly, it requires the default admin password to be changed and then transports you to the new Easy Mode console which provides a wizard for nearly every occasion.</p><p>The initial setup wizard had Internet access running in a minute and helped us register the appliance with our free MyZyxel cloud account so we could activate the UTM license. It offered to apply a base set of security profiles for the web content filter, IDP and anti-virus services and then created two secure wireless networks for employee and guest access.</p><p>Wireless services can be expanded beyond this as both radios support up to eight SSIDs each with their own encryption scheme. The USG60W can also manage 18 external Zyxel wireless APs and uses radio profiles to push configurations to them.</p><p>The Easy Mode console provides a basic status overview of the firmware version, Internet connection, VPNs, security services and wireless networks. The Network Client section shows the number of connected devices and this can be expanded to reveal each one along with their system name and IP address.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="eJpdbsu6VRwysccXfuCjEU" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/eJpdbsu6VRwysccXfuCjEU.jpg" mos="https://cdn.mos.cms.futurecdn.net/eJpdbsu6VRwysccXfuCjEU.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Swapping over to the Expert Mode console provides full access to all features and will be required to create an anti-spam profile. It's easy enough; we enabled the sender reputation, mail content analysis and virus outbreak detection global features and requested the subject line of suspect messages to be tagged.</p><p>Anti-virus profiles can instruct the appliance to destroy infected files and peer into archives while content filtering profiles can block or allow any of the 64 categories on offer. IDP profiles use sets of predefined rules to protect against common exploits while application patrol can manage access to over 3,000 apps.</p><p>For social media, you can add the entire category to a profile but for more granular control, we created a new application object for Facebook with specific entries for liking, following, posting and sharing activities. When you're happy with your profiles, pop over to the Security Policy section, choose a firewall rule and add them to it from the drop-down lists.</p><p>The Expert Mode dashboard provides a lot more information, although we were initially unable to get it to display statistics for content filtering, anti-virus and IDP actions. We eventually solved this as statistics collection for each service is disabled by default and must be enabled from the Monitor page.</p><p>The web console offers reasonable on-board reporting, where we could monitor graphs of wired or wireless traffic and view tables of statistics for each security service. The MyZyxel portal also provides access to a free cloud reporting service - but only for the content filtering component and the results can't be exported as PDFs.</p><p>Zyxel's USG60W is a great choice for small businesses as it offers plenty of gateway security measures at a tempting price. Its integral wireless services boost value further and the new Easy Mode dashboard makes it much simpler to deploy.</p><h2 id="verdict-3">Verdict</h2><p>Zyxel’s USG60W is a great choice for small businesses as it offers plenty of gateway security measures at a tempting price. Its integral wireless services boost value further and the new Easy Mode dashboard makes it much simpler to deploy.</p><p>Desktop/rackmount chassis</p><p>Dual-core 800MHz Cavium CN6020 CPU</p><p>1GB RAM</p><p>6 x Gigabit (2 x WAN, 4 x LAN/DMZ/Guest)</p><p>2.4/5GHz 11a/b/g/n wireless</p><p>2 x USB 2, serial port</p><p>External PSU</p><p>Web browser management</p><p>5 year limited warranty</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Sophos XG 125w review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/31925/sophos-xg-125w-review</link>
                                                                            <description>
                            <![CDATA[ The XG 125w is a no-compromises gateway security appliance that delivers a wealth of protection measures at a great price ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">k9fhCmmAyFTsPpxorZhA46</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6kggM55Hfag7xdBfiLnbXM-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 20 Sep 2018 08:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6kggM55Hfag7xdBfiLnbXM-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6kggM55Hfag7xdBfiLnbXM-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>SMEs that want centralized network protection need look no further than Sophos' XG 125w as this gateway appliance is packed to the rafters with security features. It's no performance lightweight either, claiming a high raw firewall throughput of 6.5Gbits/sec and 1.5Gbits/sec with all UTM functions enabled.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/29593/panda-adaptive-defense-360-review" data-original-url="/security/29593/panda-adaptive-defense-360-review">Panda Adaptive Defense 360 review: Security in black and white</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/30411/sophos-xg-450-review" data-original-url="/security/30411/sophos-xg-450-review">Sophos XG 450 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/wifi-hotspots/31788/tp-link-omada-eap225-v3-review-scalable-wireless-at-a-giveaway-price" data-original-url="/wifi-hotspots/31788/tp-link-omada-eap225-v3-review-scalable-wireless-at-a-giveaway-price">TP-Link Omada EAP225 V3 review: Scalable wireless at a giveaway price</a></p></div></div><p>The XG 125w offers eight copper Gigabit and an SFP fibre Gigabit port, while its expansion bay accepts optional DSL, 3G/4G or Gigabit SFP modules. It also provides 2.4GHz/5GHz 11ac wireless services with support for multiple virtual SSIDs and hotspot guest access facilities.</p><p>Installation is a doddle; the web browser quick start wizard guided us through securing administrative access, setting up the LAN and WAN ports plus a secure wireless network and adding an email address for alerting. We opted for the default routed mode of operation as we wanted the appliance to provide all security functions including firewalling.</p><p>The base appliance has firewall, VPN, authentication and secure wireless management services enabled with a perpetual license. The price we've shown includes a 3-year TotalProtect subscription which actives the network, web, email and web server protection modules while a TotalProtect Plus subscription adds Sophos' Sandstorm feature which uses cloud sandbox technology to mitigate zero-day threats.</p><p>The wizard creates a base set of security policies to enable anti-malware scanning and web filtering for common sets of undesirable categories. The intuitive console makes it easy to customise security, where we could group ports into zones, apply firewall rules to sources and destinations and add service filters, blocking actions and time schedules.</p><p>From the Protect section of the console, you can create security policies for web filtering, IDP, email and application controls. Web filtering offers over 100 URL categories while the application controls provide 3,200 predefined apps, and policies are swiftly applied by selecting them in your firewall rules.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="hqHp69qqReiFexALUsC3t7" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/hqHp69qqReiFexALUsC3t7.jpg" mos="https://cdn.mos.cms.futurecdn.net/hqHp69qqReiFexALUsC3t7.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Sophos' identity-based security opens up many extra security features. With this in action, we could apply Internet access and bandwidth usage policies, enforce data transfer limitations on uploads and downloads and have different daily, weekly, monthly and yearly limits for individual users and groups.</p><p>It's easy to implement; users authenticate to an external directory server or log in to the appliance using the free Sophos Client Authentication Agent (CAA). This can be downloaded directly from the appliance's captive web portal, which also has links for Linux and macOS clients plus certificates for Android and iOS mobiles.</p><p>We already use the Sophos Central cloud security service and loved the appliance's Security Heartbeat feature. All we needed to do was enter our Sophos Central credentials in the appliance's console and after registration, all our endpoint activity data was sent to the appliance, which displayed coloured status icons in the console's dashboard.</p><p>Minimum heartbeat conditions can be linked to firewall policies so if any remote endpoint detects a threat, the policy can immediately isolate all users and devices in the same zone. You can also use the SAC (synchronized application control) feature which detects unknown apps on Sophos Central endpoints and tames them with firewall policies.</p><p>The appliance's iView syslog server provides a wealth of free reporting facilities from the same console. With data logging enabled in our firewall policies, we could view graphs and charts on firewall, virus, spam, web content filtering and user activity, plus pull up a range of data protection compliance reports.</p><p>Along with a pleasantly swift deployment, the XG 125w impressed us with its depth of security features. Adding in its seamless integration with Sophos Central, the high performance and integral 11ac wireless services makes it our recommended gateway security appliance for SMEs.</p><h2 id="verdict-4">Verdict</h2><p>Along with a pleasantly swift deployment, the Sophos XG 125w impressed us with its depth of security features. Adding in its seamless integration with Sophos Central, the high performance and integral 11ac wireless services makes it our recommended gateway security appliance for SMEs.</p><p>Desktop chassis</p><p>1.6GHz Intel Atom C3508</p><p>4GB RAM</p><p>64GB SATA SSD</p><p>8 x Copper Gigabit, 1 x SFP Gigabit</p><p>2.4GHz/5GHz 802.11ac wireless</p><p>3 x 3 MIMO</p><p>3 x external aerials</p><p>HDMI</p><p>2 x USB 2</p><p>Micro USB</p><p>RJ-45 serial</p><p>Expansion slot</p><p>External PSU (max 2)</p><p>320 x 212 x 44mm (WDH)</p><p>3 year hardware warranty</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WatchGuard Firebox T55-W review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/31228/watchguard-firebox-t55-w-review</link>
                                                                            <description>
                            <![CDATA[ A wealth of security measures at a knock-down price ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pm1SiYvZpS2Vn9B9oWJ6xS</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/ymMqoYZtoGFHFy3r4EwmX9-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 01 Jun 2018 14:34:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/ymMqoYZtoGFHFy3r4EwmX9-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/ymMqoYZtoGFHFy3r4EwmX9-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Stepping in to the middle of WatchGuard's desktop security appliance family, the Firebox T55-W is equally at home protecting SMEs, remote workers or branch offices. Clothed in the classic bright red Firebox chassis, this desktop box delivers an impressive range of security measures and amalgamates them with integral 11ac dual-band wireless.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/31197/watchguard-firebox-t15-review" data-original-url="/firewalls/31197/watchguard-firebox-t15-review">WatchGuard Firebox T15 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/wifi-hotspots/30296/watchguard-ap420-review" data-original-url="/wifi-hotspots/30296/watchguard-ap420-review">WatchGuard AP420 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/firewalls/30100/watchguard-firebox-m5600-review" data-original-url="/firewalls/30100/watchguard-firebox-m5600-review">WatchGuard Firebox M5600 review</a></p></div></div><p>It may be small but it's no lightweight for performance, with WatchGuard recommending it for up to 30 users and claiming a 1Gbits/sec raw firewall throughput and 523Mbits/sec with all UTM services enabled. It has five Gigabit ports for WAN, LAN and DMZ duties with PoE+ presented on the fourth LAN port.</p><p>The appliance doesn't give the wireless game away as its aerials are tucked away inside the chassis. Another useful wireless feature present on all Firebox appliances is their integral gateway controller which can centrally manage and provision WatchGuard's own APs.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="mWTLADTFa2XG4nf2prXtMf" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/mWTLADTFa2XG4nf2prXtMf.png" mos="https://cdn.mos.cms.futurecdn.net/mWTLADTFa2XG4nf2prXtMf.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="watchguard-firebox-t55-w-security-features">WatchGuard Firebox T55-W: Security features</h2><p>Prices starting at 960 for the hardware, plus a one-year 24/7 support contract and all software updates. Where you go from here is up to you; suffice to say that WatchGuard offers plenty of choice.</p><p>A one-year Basic Security Suite subscription pushes the price to 1,293 and activates anti-virus, anti-spam, web filtering, HTTPS inspection, IPS, application controls and WatchGuard's reputation enabled defence. The price we've shown is for a three-year Total Security Suite subscription which adds WatchGuard's data leak prevention (DLP) and advanced persistent threat (APT) blocker service.</p><p>Along with a Gold 24/7 support contract, Total Security includes WatchGuard's RED (reputation enabled defence) service. Web access requests send the URL to WatchGuard's RED cloud servers where they assign a score and instruct the appliance to either allow or block it.</p><p>VPN services are extensive as the T55-W supports site-to-site IPsec tunnels plus mobile IPsec, PPTP and L2TP clients along with SSL VPNs. Note that the new Access Portal feature which provisions secure, client-free VPN connections, is not supported on the Firebox 'T' models.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="5PAPHFqjnKMCi9HbXfQGzM" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/5PAPHFqjnKMCi9HbXfQGzM.png" mos="https://cdn.mos.cms.futurecdn.net/5PAPHFqjnKMCi9HbXfQGzM.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="watchguard-firebox-t55-w-installation-and-management">WatchGuard Firebox T55-W: Installation and management</h2><p>The T55-W is easy to deploy: the web console runs a wizard to secure the appliance and get Internet access running on an external port along with DHCP services on the first trusted LAN interface. Large distributed businesses will like WatchGuard's RapidDeploy cloud service as they can send new appliances to remote offices and have them receive a configuration file as soon as they are powered up.</p><p>The wizard defaults to the flexible mixed-mode routing which allows wired and wireless ports to be defined as separate interfaces. Configuring the remaining ports is a cinch as we defined them as external, trusted, optional or custom and added DHCP services on selected trusted ports.</p><p>WatchGuard's browser interface is well-designed and standard across all Firebox appliances. It opens with a tidy dashboard showing a breakdown of traffic for the top clients, web destinations, policies and applications with options to drill down for more detail on each entry.</p><p>Management choices are extensive, and you can load the WatchGuard System Manager (WSM) suite on a separate Windows host to provide central management, logging and reporting services. We run WatchGuard's Dimension as a VMware VM in the lab and after linking it to the T55-W, used it for viewing appliance utilisation plus an executive dashboard, global threat map and policy activity graphs.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="BkeaLDSZ8Yaooxoff6CEbW" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/BkeaLDSZ8Yaooxoff6CEbW.png" mos="https://cdn.mos.cms.futurecdn.net/BkeaLDSZ8Yaooxoff6CEbW.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="watchguard-firebox-t55-w-rules-and-proxies">WatchGuard Firebox T55-W: Rules and proxies</h2><p>The T55-W uses proxies for all security services and there are plenty to choose as you have ones for HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP. Firewall rules are created for each proxy which define the interfaces they apply to and their actions - and WatchGuard provides wizards for all of them.</p><p>Highly granular web content filtering policies are possible where you choose from 130 Websense URL categories, enable blocking actions on the HTTP and HTTPS proxies, add exceptions and enable alerting. Anti-spam measures are just as easy to configure; you can select incoming SMTP, IMAP or POP3 traffic and block or tag spam messages.</p><p>Gateway AV scanning can be enabled on selected proxies, which you'll need running if you want to enable the APT service. This scans inbound files, creates MD5 hashes and checks them with the LastLine cloud service to see if they're known malware.</p><p>We noticed that Dimension was reporting a total appliance memory usage of between 65-90% and WatchGuard advised us this is due to the demands of the new BitDefender AV engine. It can get close to the edge although we didn't encounter any performance issues during testing.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="LPzbRidXQrhCuRYSQwJ8uS" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/LPzbRidXQrhCuRYSQwJ8uS.png" mos="https://cdn.mos.cms.futurecdn.net/LPzbRidXQrhCuRYSQwJ8uS.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><h2 id="watchguard-firebox-t55-w-wireless-features">WatchGuard Firebox T55-W: Wireless features</h2><p>The T55-W can present up to three separate APs that act as DHCP relays or provide their own DHCP services. Along with all key encryption schemes, their SSIDs can be broadcast or hidden and you can apply client isolation so users on the same wireless network can't see each other.</p><p>Global wireless settings include 2.4GHz and 5GHz radio modes, a choice of channel widths and protection against the WPA/WPA2 KRACK vulnerability for unpatched wireless clients. Rogue AP detection can be enabled - but be careful when you schedule it as it will temporarily disable the appliance's APs while it's running.</p><p>If you want more APs, you can add any of WatchGuards's four available models and pair them with the appliance's wireless gateway controller. Once paired, you can assign SSIDs to their dual radios, enforce wireless security and apply custom firewall policies to the ports they are connected to.</p><h2 id="watchguard-firebox-t55-w-verdict">WatchGuard Firebox T55-W: Verdict</h2><p>The T55-W is a versatile security appliance that's well-suited to deployments in SMEs and enterprise branch or remote offices. For the price, it's offering a remarkable range of easily configured security features, all management components are inclusive and the icing on the on the cake is its integral wireless network services.</p><h2 id="verdict-5">Verdict</h2><p>SMEs that want tough gateway security, a good range of wireless services and a low price will find WatchGuard’s T55-W ticks all their boxes</p><p>Chassis: Desktop</p><p>Memory: 2GB RAM</p><p>Network: 5 x Gigabit (Port 4 with PoE)</p><p>Wireless: 2.4/5GHz 802.11ac</p><p>Other ports: 2 x USB 2, RJ-45 serial</p><p>Power: External PSU</p><p>Management: Web browser, WatchGuard Dimension/Command</p><p>Warranty: 3-year Gold 24/7 support</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WatchGuard Firebox T15 review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/31197/watchguard-firebox-t15-review</link>
                                                                            <description>
                            <![CDATA[ Perfect for small businesses, the Firebox T15 offers the toughest gateway security measures at a pocket-friendly price ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">b7cqx3iYsNvanxchbJvuFB</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/D5bFjKd6yR3zQEEhg3wiTP-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 28 May 2018 08:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/D5bFjKd6yR3zQEEhg3wiTP-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/D5bFjKd6yR3zQEEhg3wiTP-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Stepping up as the new entry-point to WatchGuard's tabletop security appliance family, the Firebox T15 offers a set of features that belie its small stature. It's excellent value too, as it offers super-strength network security at a price small businesses will love.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security-appliances/28138/watchguard-firebox-t70-review" data-original-url="/security-appliances/28138/watchguard-firebox-t70-review">WatchGuard Firebox T70 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/wifi-hotspots/30296/watchguard-ap420-review" data-original-url="/wifi-hotspots/30296/watchguard-ap420-review">WatchGuard AP420 review</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/security/25343/watchguard-firebox-m200-review" data-original-url="/security/25343/watchguard-firebox-m200-review">WatchGuard Firebox M200 review</a></p></div></div><p>WatchGuard's Total Security Suite subscription enables web content filtering, application controls, anti-spam, gateway antivirus (AV), network discovery, IPS and reputation enabled defence. It also activates data loss prevention (DLP), Dimension Command plus the advanced persistent threat (APT) blocker and includes a Gold Support subscription.</p><p>The T15 is no slouch in the performance stakes either as it boasts a high raw firewall throughput of 400Mbits/sec. Enabling gateway AV drops this by 120Mbits/sec and even with all UTM features running, it still musters a very respectable 90Mbits/sec.</p><p>Worry not about deployment as the subscription includes a free remote setup and configuration session with a WatchGuard in-house engineer. And if you choose to go it alone, the appliance's web console offers a wizard-based setup routine that creates a base set of firewall policies for securing internet access.</p><p>The T15 employs proxies to control different traffic types and on first contact, each one loads a wizard to help with initial setup. For web content filtering, we chose from 110 URL categories, added blocking actions for the HTTP and HTTPS proxies and left the wizard to add new firewall rules for our policies.</p><p>Spam control is a cinch; the spamBlocker wizard asked us to select incoming SMTP traffic and provide an internal mail server address or just activate IMAP or POP3. We chose the latter for transparent scanning where the POP3 proxy client was set to append the subject line of dodgy messages with 'Spam', 'Bulk' or 'Suspect' tags so we could filter them out using Outlook message rules.</p><p>Gateway AV scanning is enabled on selected proxies and you'll need this running if you want to apply APT protection. This scans incoming files, creates MD5 hashes and checks them with the LastLine cloud service to see if they're known malware.</p><p>Within selected policies, we could enable IPS and apply allow, drop or block actions based on five threat levels. DLP uses predefined and custom rules on the HTTP, FTP and SMTP proxies to check for keywords such as credit card or social security numbers.</p><p>WatchGuard's Application Control service has options for managing hundreds of apps and is perfect for businesses worried about Facebook's chicanery. You can block Facebook completely or use any of the 11 behavioural entries to decide, for example, who can post 'likes', comment, chat, edit their profile or upload media.</p><p>VPN support is tops as the T15 supports 5 site-to-site tunnels plus 5 mobile VPN clients. During setup, it also creates configuration files for Watchguard's Windows, iOS and Android clients plus the Shrew Soft VPN client.</p><p>A wireless version of the T15 is available while the base model we have can centrally manage WatchGuard's own APs. After pairing them with the appliance, you can assign SSIDs, enforce client isolation for guest networks and choose which security services to apply to wireless traffic.</p><p>Plenty of standard reporting tools are provided including the web console's traffic monitor and clever FireWatch display. We run WatchGuard's free Dimension software as a VMware VM and after adding the T15, we could keep an eye on all our Firebox appliances and view global threat maps, an executive dashboard and see what each security service was doing.</p><p>There's more; Total Security subscriptions include WatchGuard's RED (reputation enabled defence) service for even tougher web protection. Applied to the HTTP proxy, it sends user web requests to the RED cloud servers where they score them and instruct the appliance to either allow or block them.</p><p>The Firebox T15 is a remarkable little appliance that looks to have every security angle covered. Combine this prowess with its low price and it earns a well-deserved IT Pro Editor's Choice award.</p><h2 id="verdict-6">Verdict</h2><p>The Firebox T15 is a remarkable little appliance that looks to have every security angle covered. Combine this prowess with its low price and it earns a well-deserved IT Pro Editor's Choice award.</p><p>Desktop chassis</p><p>1GB RAM</p><p>3 x Gigabit (WAN, 2 x LAN)</p><p>USB 2</p><p>RJ-45 serial port</p><p>Fan-less cooling</p><p>External PSU</p><p>Web browser and Dimension management</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Welsh NHS back online after computer failure ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/30375/welsh-nhs-back-online-after-computer-failure</link>
                                                                            <description>
                            <![CDATA[ The problem was related to the national firewall and was not a cyber security incident ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">kypYoNYAiJCwr8S43mrCVe</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/VkTRqQzTPXkz4WZF7oMiuk-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 25 Jan 2018 09:54:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Clare Hopping ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/VkTRqQzTPXkz4WZF7oMiuk-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/VkTRqQzTPXkz4WZF7oMiuk-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Welsh NHS computer system has been reinstated after a huge outage that meant surgeries and hospitals were unable to access patient records.</p><p>Consultants and GPS reported widespread issues, including the inability to pull of information referring to patient blood test and X-ray results. The issue was reportedly due to national firewalls and is now being investigated by the relevant authorities.</p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/data-protection/30358/nhs-digital-greenlights-off-shore-data-storage" data-original-url="/data-protection/30358/nhs-digital-greenlights-off-shore-data-storage">NHS Digital greenlights off-shore data storage</a> <a data-analytics-id="inline-link" href="https://www.itpro.com/strategy/29466/jeremy-hunt-calls-for-nhs-to-go-digital" data-original-url="/strategy/29466/jeremy-hunt-calls-for-nhs-to-go-digital">Jeremy Hunt calls for NHS to go digital</a></p></div></div><p>The government and National Cyber Security Centre said the problem wasn't security-related and didn't have any long-lasting effects. The data is now available on the NHS Wales computer system and it's not expected to cause any further problems.</p><p>"The NHS Wales Informatics Service have confirmed that all systems are now back although there may be a backlog affecting some areas," the <a href="https://twitter.com/DHSSwales">DHSS Wales</a> said on Twitter. "They have assured us that there were no data security issues."</p><p>However, there was a total meltdown while the system was unavailable, many GPs and medical professionals said. The British Medical Association (BMA) in Wales revealed at least 50% of all practices in the country were affected at one point and doctors described the situation as "chaos."</p><p>Surgery and hospital staff weren't even able to access patient phone numbers to cancel appointments, it was reported. This meant patients were turning up to receive test results, which GPs weren't able to offer.</p><p>The outage was "incredibly concerning, especially in the aftermath of last year's ransomware attack on the NHS," said the Welsh Assembly's opposition health spokesman Angela Burns. "The focus must now be on supporting these centres to manage this incident swiftly so that patient data is secure and that care is not adversely affected."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Fortinet's firewall boosts security for IoT enterprises ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/28033/fortinets-firewall-boosts-security-for-iot-enterprises</link>
                                                                            <description>
                            <![CDATA[ The company has announced two new products to help companies secure their assets ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4xBpu4eFbCnEZLyjkWEFaZ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/XCVVqS4MFhRtCGKFCpAK6Z-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 03 Feb 2017 08:45:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Clare Hopping ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/XCVVqS4MFhRtCGKFCpAK6Z-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Virtual security/privacy shield]]></media:description>                                                            <media:text><![CDATA[Virtual security/privacy shield]]></media:text>
                                <media:title type="plain"><![CDATA[Virtual security/privacy shield]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/XCVVqS4MFhRtCGKFCpAK6Z-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Fortinet has revealed two new firewalls to help enterprises entering the world of IoT protect their systems as their network demands increase substantially.</p><p>The company's 3980E Enterprise Firewall is a terabit per second network security appliance, offering 1.12 Tbps firewall performance combined with 470 Gbps secured VPN throughput, making it perfect for organisations with very high network throughput requirements.</p><p>It uses Ixia's BreakingPoint and latest CloudStorm 100GE Application and Security Test Load Module, helping the appliance operate as a data centre firewall, to secure the traffic between data centres or as an internal data centre segmentation firewall.</p><p>The company's second launch, the 7060E Enterprise Firewall, is a modular, chassis-based firewall, utilising up to four security processing blades and up to two I/O modules to boost interface density and network bandwidth.</p><p>It too was put through Ixia's BreakingPoint and latest CloudStorm 100GE Application and Security testing and demonstrated 100 Gbps of NGFW performance, 160 Gbps application control and 120 Gbps intrusion prevention throughput.</p><p>"Cloud computing, IoT, and a hyper-connected digital economy have been straining enterprise IT resources and rapidly increasing the performance demands required from today's security solutions," said Ken Xie, founder, chairman of the board and chief executive officer at Fortinet</p><p>"Enterprises cannot afford to sacrifice their network performance or their security features in this highly competitive and constantly evolving landscape. Fortinet is continually innovating to deliver the highest performing and most secure solutions on the market, enabling our customers to fully leverage their technology infrastructures with the confidence that their users and data are secure."</p><p><em>Main image credit: Bigstock</em></p><div  class="fancy-box"><div class="fancy_box-title"></div><div class="fancy_box_body"><p class="fancy-box__body-text"><a data-analytics-id="inline-link" href="https://www.itpro.com/security/27610/how-safe-is-the-iot" data-original-url="/security/27610/how-safe-is-the-iot">How safe is the IoT?</a></p></div></div>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WatchGuard Firebox T30 review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/26371/watchguard-firebox-t30-review</link>
                                                                            <description>
                            <![CDATA[ Delivers a wealth of enterprise-class security features at an affordable cost for small businesses ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cNfxDsV5aU688QVaHAiM1m</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/AYsrt2eX3CZyAHJALsFrX-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 02 May 2016 10:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/AYsrt2eX3CZyAHJALsFrX-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/AYsrt2eX3CZyAHJALsFrX-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>WatchGuard's Firebox T30 should appeal to budget-conscious SMBs because it offers tough security measures at a very reasonable price. It's also aimed squarely at remote offices lacking on-site IT expertise, as WatchGuard's innovative RapidDeploy delivers fast plug-and-play installation services.</p><p>This fiery red desktop box isn't lacking in the hardware department either. It sports five Gigabit ports for LAN, WAN and DMZ duties, and it's big on performance, with a fast UTM throughput of 135Mbits/sec.</p><p>The standard UTM subscription enables anti-spam, gateway antivirus, IPS, web-content filtering, application controls, HTTPS inspection and WatchGuard's reputation-enabled defence. WatchGuard also offers optional data-leak prevention (DLP) and advanced persistent threat (APT) blocker services, which only increase a one-year subscription to 1,001 exc VAT.</p><p>Standalone deployment isn't taxing: we followed the web console's quick-start wizard to provide firewall-protected internet access in less than five minutes. Proxies are used to control all traffic types, with WatchGuard catering for HTTP, HTTPS, FTP, DNS, SIP, H.323, POP3 and SMTP.</p><p>These used to be tricky to set up, but the latest firmware lightens the load by providing wizards for each of them. Web content filtering is now a painless three-step process in which we provided a name for the blocking action, chose from more than 120 URL categories and applied it to HTTP and HTTPS traffic.</p><p>The wizard also handled firewall configuration and automatically created new policy rules for our web-content filters. Anti-spam measures are just as easy to apply using the SpamBlocker service, where we created actions to tag dubious emails as spam, suspect or bulk.</p><p>Simplicity is the watchword when it comes to gateway antivirus. It only took us a few seconds to activate -- again using a wizard, which displayed the proxy actions we could enable. You'll need gateway antivirus running to use the APT blocking service; it transparently scans incoming files, creates MD5 hashes and compares them with the Lastline cloud service to root out known malware.</p><p>We were impressed with the T30's application controls, which provide a searchable list of around 1,800 apps with all the main social networks represented. Rules are very versatile, too.</p><p>For example, we could let users log in to their Facebook and Twitter accounts, but block them from uploading media, playing games, Liking, following and retweeting.</p><p>The T30 functions as a central wireless controller for WatchGuard's own access points, and its fourth LAN port is also PoE-enabled (Power over Ethernet). After pairing a WatchGuard AP200 model with the appliance, we used the main web console to assign SSIDs to its 2.4GHz and 5GHz radios, enforce wireless security, enable client isolation and apply separate proxy policies to the port to which it was connected.</p><p>Enterprises and managed services providers will appreciate WatchGuard's RapidDeploy cloud service, which will allow them to send new appliances to remote offices and have them receive a configuration file once they've been powered up (you need a local appliance to create a file and upload it to your cloud support account).</p><p>Once the remote appliance has been registered and RapidDeploy enabled, it will then download and apply the file as soon as it connects to the internet.</p><p>The web console provides plenty of monitoring facilities for network and proxy activity, which can be augmented with WatchGuard's freely available Log Server software. The T30 also sports the FireWatch feature found in WatchGuard's Dimension management software. This displays sets of coloured squares, the size of which indicates the level of activity for sources, destinations, policies, applications and interfaces.</p><p>Despite its dainty proportions, the Firebox T30 delivers a remarkable range of features. Add in its powerful performance and sensible price, and you have a highly recommended security solution for growing small and medium-sized businesses.</p><h2 id="verdict-7">Verdict</h2><p>Despite its dainty proportions, the Firebox T30 delivers a remarkable range of features. Add in its powerful performance and sensible price, and you have a highly recommended security solution for growing small and medium-sized businesses.</p><p>Desktop chassis</p><p>1GB RAM</p><p>5 x Gigabit (PoE on port 5)</p><p>2 x USB 2</p><p>RJ45 serial port</p><p>External PSU</p><p>Web browser management</p><p>Options: appliance with UTM, APT and DLP/3yr, £1,805 exc VAT</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Dell SonicWALL TZ300 review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/26370/dell-sonicwall-tz300-review</link>
                                                                            <description>
                            <![CDATA[ Modest UTM performance, but good value with top security features and wireless management ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qao2wDVuiwNGPjkndqUFfd</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Dp4GA3jD9QtMVj3RtdstC8-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 25 Apr 2016 10:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Dp4GA3jD9QtMVj3RtdstC8-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Dp4GA3jD9QtMVj3RtdstC8-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Dell SonicWALL's latest TZ D appliances promise a much-needed performance boost over their predecessors without a commensurate price hike.</p><p>Targeting small offices of 25 users or fewer, the TZ300 on review here is good value and supports the new SonicPoint 802.11ac access points (APs) for integral wireless network provisioning and management.</p><p>Prices start at 400 excluding VAT for the appliance alone, rising to only 648 with a one-year TotalSecure subscription. This enables round-the-clock support, IPS, gateway antivirus, anti-spyware and a content-filtering service (CFS).</p><p>Unlike many of its rivals, anti-spam is a bolt-on option. A year's subscription costs 172, and a further 78 will buy you a licence for the Analyzer reporting tool. Wireless management is enabled as standard, allowing the TZ300 to handle up to eight SonicPoint APs.</p><p>Installation took five minutes in our tests, as the web console's quick-start wizard set up the first LAN port as well as the WAN port for internet access, and applied a base security policy to the default zone. The latter makes the TZ300 very versatile; we could place selected ports in different zones and quickly apply a single security policy to all members.</p><p>Antivirus scanning is applied at the gateway and can be enabled on selected zones. It uses a single, global configuration through which you can activate scanning on HTTP, FTP, IMAP, POP3, SMTP, CIFS and TCP streams.</p><p>There are two options for web-content filtering: you can use CFS or pay extra for the Websense Enterprise hosted service. We found CFS to be perfectly adequate, with very few dodgy websites slipping past in our tests. CFS provides more than 60 URL categories, and you can create multiple filtering policies to be applied to different port zones.</p><p>Each policy can be customised with blacklists, whitelists and use schedules to determine when they're active. You can also apply acceptable-use policies (AUPs) by redirecting users to a consent web page.</p><p>Its application controls provide precise management of activities such as web browsing, file transfers and messaging. The rules are quite complex but wizards helped us create inspection policies for SMTP, POP3, FTP and HTTP.</p><p>The advanced app controls, meanwhile, use signature IDs to identify specific activities and provide more granular control of apps. For example, they can be used to log or block various Facebook activities and Exchange address book requests.</p><p>You can monitor app activity by watching the App Flow graphs in the main dashboard. If you see any suspect activities or apps popping up, you can create a rule to block, monitor or to apply bandwidth restrictions to that particular element.</p><p>We used a SonicPoint ACi dual-band 802.11ac access point to test the wireless management features. The TZ300 has predefined wireless profiles for both radios, which we modified to suit, and when we connected the access point, it was identified and automatically had the correct profile.</p><p>All access points are placed in a dedicated WLAN zone, which allowed us to swiftly apply policies such as web filtering, IPS and gateway antivirus. Moreover, provisioning guest access is pain-free, as the WLAN zone has options for client isolation and redirecting users to an external website for authentication.</p><p>The anti-spam service can't transparently scan mail traffic and requires details of your mail server to work. It provides options for handling spam, phishing and infected messages, while installing the Junk Store feature on an Exchange Server allows users to view their personal quarantine areas and delete or release messages.</p><p>Even though anti-spam and reporting are extras, the TZ300 still packs plenty of security measures for the price. Its UTM throughput of 100Mbits/sec should satisfy small offices, and it has great wireless network management features.</p><h2 id="verdict-8">Verdict</h2><p>Even though anti-spam and reporting are extras, the TZ300 still packs plenty of security measures for the price. Its UTM throughput of 100Mbits/sec should satisfy small offices, and it has great wireless network management features.</p><p>Desktop chassis</p><p>800MHz dual-core Octeon MIPS64</p><p>1GB RAM</p><p>5 x Gigabit Ethernet</p><p>USB 3</p><p>RJ45 serial</p><p>External PSU</p><p>Web browser management</p><p>Options: appliance and TotalSecure/3yr, £884; comprehensive anti-spam/1yr, £173 (all exc VAT)</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Sophos XG 135w review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/26368/sophos-xg-135w-review</link>
                                                                            <description>
                            <![CDATA[ A highly versatile UTM appliance combining top performance with stunningly good value ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">n18trq1yPa4ABAYRhzfDES</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/87h5nbxae6zMQKXKshkCqA-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 18 Apr 2016 10:30:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/87h5nbxae6zMQKXKshkCqA-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/87h5nbxae6zMQKXKshkCqA-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The union of Sophos and Cyberoam is bearing fruit as the new XG security appliances amalgamate all the best features offered by both vendors. Sophos has done a superb job of integrating everything, and goes even further as the appliances talk to its cloud service and provide instant readouts on endpoint security status.</p><p>Cyberoam provides the majority of security services, which means that along with anti-malware, anti-spam, web filtering, application controls, IPS and a web-application firewall, you get its patented identity-based security. This adds extra versatility, allowing policies to be applied to users and groups as well as systems.</p><p>The XG 135w on review looks fit for duty in mid-sized businesses, with the manufacturer claiming a remarkably high UTM throughput of 1.4Gbits/sec. It's excellent value: the appliance and a year's TotalProtect subscription, which activates all features, costs just over 1,600 exc VAT.</p><p>There's more. As well as eight Gigabit ports, the XG 185w provides dual--band 802.11ac wireless services. It also has an internal 64GB SSD, which is used for log and report storage and as a quarantine area.</p><p>It supports routed or transparent bridge modes and a wizard deftly handles installation. This offers a choice of operations, and the option to start in passive mode or apply a default security policy.</p><p>The new web console is a pleasure to use and opens with a complete overview of all network activity and security issues. It provides a smart web-traffic graph showing hit rates at five-minute intervals, along with bar charts for blocked and allowed applications, and detected network attacks.</p><p>Below these are counters showing the number of risky apps, dodgy websites and intrusions being spotted. Security policies are simple to deploy; ports can be grouped into zones with options for LAN, WAN and DMZ or your own custom zones.</p><p>You can organise wireless SSIDs in separate zones, which will allow you to set up guest access and enforce special security policies. Firewall rules are applied to source and destination zones and each can include app control, web filtering, IPS and traffic-shaping policies.</p><p>To use the identity-based security, users authenticate to an external directory server or log in to the appliance using the Sophos Client Authentication Agent. This can be downloaded directly from the appliance's captive web portal, which also has links for Linux and OS X clients, and certificates for Android and iOS.</p><p>We were impressed by its controls for users and groups, which allowed us to apply web filtering, internet access and bandwidth-usage policies individually. Furthermore, you can enforce data-transfer limits on uploads and downloads, and have discrete daily, weekly, monthly and yearly quotas.</p><p>Its Security Heartbeat feature sends all endpoint activity data to the appliance, on the basis of which it displays a coloured status icon on its homepage. Setting it up was as simple as entering our Sophos Cloud account credentials.</p><p>The clever bit comes next: we could specify that our security policies should require a minimum Heartbeat condition. If a single Sophos Cloud-protected endpoint is compromised, the status turns red and the policy can be used to instantly block access to all users and devices in that zone.</p><p>At the same time, the embedded iView syslog server stores all logs and presents a range of activity reports. These provide impressive levels of information, including details on firewall, virus and spam activity, as well as web-content filtering.</p><p>Clicking on a graph provides a breakdown of all traffic types and iView includes compliance reports for HIPAA, PCI, SOX and more. User Threat Quotient reports use security data aggregated for up to a fortnight so you can easily spot high-risk users.</p><p>The XG 135w mixes together a superb range of security measures and serves them up at a price that beggars belief. The high performance makes it a great long-term investment, and its slick integration with Sophos Cloud is yet another reason why it takes the top spot on the IT Pro A-List.</p><p><strong><em>This review originally appeared in PC Pro issue 259</em></strong></p><h2 id="verdict-9">Verdict</h2><p>The XG 135w mixes together a superb range of security measures and serves them up at a price that beggars belief. The high performance makes it a great long-term investment, and its slick integration with Sophos Cloud is yet another reason why it takes the top spot on the IT Pro A-List.</p><p>Desktop chassis</p><p>2.4GHz Intel Atom C2558 CPU</p><p>6GB RAM</p><p>8 x Gigabit Ethernet</p><p>64GB SSD</p><p>2 x USB 2</p><p>RJ45 serial</p><p>VGA</p><p>Dual- band 802.11ac wireless</p><p>External PSU</p><p>Web browser management</p><p>Options: appliance and Total Protect/3yr, £2,612 exc VAT</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Barracuda NextGen Firewall F80 review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/26367/barracuda-nextgen-firewall-f80-review</link>
                                                                            <description>
                            <![CDATA[ A fine range of network security measures for the price, but tempered by a steep learning curve ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">aEFL3QinxQ9DwZgbcrSsFD</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/T2WdcnpFjZEEovbNDmAnsS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 15 Apr 2016 15:25:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/T2WdcnpFjZEEovbNDmAnsS-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/T2WdcnpFjZEEovbNDmAnsS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Barracuda's latest NextGen F-Series firewalls look like the perfect choice for small and medium-sized businesses that require the toughest network security, while sophisticated traffic shaping and quality-of-service (QoS) features put the focus firmly on optimising access to cloud-based apps.</p><p>The NextGen Firewall F80 on review has a claimed 500Mbits/sec IPS throughput that should be sufficient for the recommended 50-user limit. Moreover, the price includes one-year subscriptions to Barracuda's full web security, advanced threat protection, Energize Updates and instant replacement services.</p><p>The integral wireless access point (AP) is of the single-band 2.4GHz 802.11n variety, capable of presenting multiple virtual SSIDs. Anti-spam protection isn't available on this model - if you need this, look instead at the F180 and models above that.</p><p>However, Barracuda's Advanced Threat Detection (ATD) feature does combat the latest malware and zero-day exploits. It checks hashes of incoming files to confirm they're safe and, if any are unknown, it uses cloud-based sandbox technology to safely analyse them before they can pass through.</p><p>The device doesn't have a web interface and is managed individually through Barracuda's NG Admin portable client, or through the optional NG Control Center, which provides a single interface for multiple appliances.</p><p>The NG Admin wizard either creates a transparent bridge across the first two Gigabit ports for evaluation purposes, or sets it up in routing mode for production environments. Both modes only take a few seconds to configure - but take a deep breath, as it gets much harder from here on in.</p><p>The NG Admin console isn't very intuitive, and the sheer range of security features on offer makes some of them hard to find. Furthermore, each change requires the relevant configuration page to be unlocked for write access and subsequent modifications saved to the appliance and then activated.</p><p>The dashboard provides a complete status of all services and plenty of real-time activity graphs. Its Firewall tab shows the primary permitted and blocked applications, as well as URL categories and the latest threats. Courtesy of a vector chart, you can also see the geolocations from which they emanated.</p><p>The real-time views provide impressive levels of detail on traffic and apps, and PDF reports can be easily generated using the free NG Report Creator tool. We linked it to our appliance and scheduled regular reports to be emailed on topics such as the most frequently blocked apps and the latest detected threats.</p><p>Firewall rules comprise sources, destinations, services and action policies, in each of which we enabled application controls, URL filtering, SSL interception and ATD. For URL filtering, Barracuda provides around 100 categories.</p><p>We created a range of firewall objects with different sets of blocked categories, which we enforced using application rules, of which there are hundreds. Facebook alone has 12 options for controlling logins and allowing or denying access to chat, file transfer, video calls, posts and more.</p><p>For mobile users, the CudaLaunch app comes with the optional Remote Access subscription and provides an SSL VPN portal for iOS and Android, with quick links to favoured apps. Moreover, guest wireless users can be redirected to a custom web portal complete with an acceptable-use policy (AUP) agreement.</p><p>Antivirus settings are applied globally, through which we enabled both the Avira and ClamAV engines (they can also run separately). Global ATD policies are configured from here, and it was up to us whether Office documents, PDFs and ZIP archives were uploaded to the cloud and scanned first, or delivered first and then scanned.</p><p>The F80 is tricky to configure and it loses points for the lack of spam protection. However, it remains good value and offers frontline protection against the latest malware, as well as a remarkable level of control over web apps.</p><p><em><strong>This review originally appeared in PC Pro issue 259</strong></em></p><h2 id="verdict-10">Verdict</h2><p>The F80 is tricky to configure and it loses points for the lack of spam protection. However, it remains good value and offers frontline protection against the latest malware, as well as a remarkable level of control over web apps.</p><p>Desktop chassis</p><p>1.7GHz Intel Atom C2358</p><p>2GB RAM</p><p>4 x Gigabit Ethernet</p><p>802.11n wireless</p><p>30GB SSD</p><p>4 x USB 2</p><p>RJ45 serial</p><p>External PSU</p><p>NG Admin and Control Center management</p><p>274 x 162 x 44mm (WDH)</p><p>Options: appliance and all services/3yr, £2,274 exc VAT</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Barracuda NextGen Firewall F180 review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/26011/barracuda-nextgen-firewall-f180-review</link>
                                                                            <description>
                            <![CDATA[ Affordable enterprise-level security ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">pU8dcqGVHpULV6SZEhVXak</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Awf3bpmPWMbRJaSw7UKnV4-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 09 Feb 2016 11:49:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Awf3bpmPWMbRJaSw7UKnV4-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Awf3bpmPWMbRJaSw7UKnV4-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Barracuda's latest NextGen F-Series of firewalls is aimed firmly at SMBs and scenarios such as branch office deployments. Four new desktop models join this big family of appliances and are designed to offer enterprise features such as advanced traffic optimisation and cloud app controls.</p><p>The F180 on review can handle around 75 users with all security services enabled or up to 150 users if it's deployed purely for secure remote access. Network options look good as it teams up six Gigabit Ethernet ports with an integral 8-port switch and adds 802.11n wireless services.</p><p>Barracuda has attempted to streamline its various subscriptions to avoid any hidden costs, but there are still far too many options to plough through. The F180 hardware costs 1,599 ex VAT. This includes the base license' which includes firewall, anti-spam, mail gateway and basic VPN server functions. To get updates for this though, you'll need an Energize Update subscription. A one-year Energize Update subscription costs 299, as does the separate Instant Replacement service which is essentially a next business day replacement warranty service for faulty hardware.</p><div><blockquote><p>Barracuda has attempted to streamline its various subscriptions to avoid any hidden costs, but there are still far too many options to plough through</p></blockquote></div><p>Mail gateway and anti-spam services, which are only available on the F180 and larger models, are included in the base license. The web security service costs another 498 per year and includes Barracuda's web filter and malware protection.</p><p>You also get IPSec VPN services included in the base license, but if you want Barracuda's slick CudaLaunch SSL VPN portal then you'll need a Premium Remote Access subscription which costs 169 for one year. There's more as Barracuda's new Advanced Threat Detection (ATD) service adds another 299 to the yearly bill.</p><h2 id="a-steep-learning-curve">A steep learning curve </h2><p>Barracuda claims the NextGen appliances are easy to configure, but we beg to differ. The F180 doesn't have a web interface. You manage individual firewalls using Barracuda's NG Admin portable client (which can be run off a USB flash drive), while multiple firewalls can be managed using the optional NG Control Center VM instead.</p><p>Initial deployment is hassle-free as NG Admin fires up a wizard on first contact with the appliance. It creates a transparent bridge across the first two Gigabit Ethernet ports for evaluation purposes or sets it up in routing mode for production environments.</p><p>It get a lot trickier from here on in, mainly due to the overwhelming range of security features on offer. Each modification also requires the relevant configuration page to be unlocked for write access. Subsequent modifications have to be saved to the appliance and then activated.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="TEYLWXV25RMTfQ3PbC2w3m" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/TEYLWXV25RMTfQ3PbC2w3m.png" mos="https://cdn.mos.cms.futurecdn.net/TEYLWXV25RMTfQ3PbC2w3m.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>NG Admin can get very busy but its dashboard does provide a lot of useful information</em></p><p>Even so, we were impressed with the dashboard which provides a complete overview of all services and updates, a real-time traffic graph and alerts on major security events. The Firewall tab shows allowed and blocked applications and URL categories as well as the latest threats. The use of widgets means the view can be customised to suit.</p><h2 id="rules-for-everything">Rules for everything </h2><p>Firewall rules comprise sources, destinations, services plus action policies. Within each one, you can enable application controls, URL filtering, SSL interception and ATD. Barracuda provides around 100 URL filtering categories and we created a range of firewall objects with different sets of blocked categories, enforcing them with application rules.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="AkvALeWzQryG8YeFDFFTRG" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/AkvALeWzQryG8YeFDFFTRG.png" mos="https://cdn.mos.cms.futurecdn.net/AkvALeWzQryG8YeFDFFTRG.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>Barracuda provides a fine choice of URL categories for web filtering policies</em></p><p>Rules also control selected applications and Barracuda offers predefined rules for hundreds of apps, ready for use. Naturally, Twitter and Facebook are present with the latter providing twelve entries for controlling various social networking activities. Application rules can also be used to allow access to apps during specific times and apply QoS profiles to throttle or prioritise their traffic.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="u3NnVFNMbkPW9wRSJDK7F6" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/u3NnVFNMbkPW9wRSJDK7F6.png" mos="https://cdn.mos.cms.futurecdn.net/u3NnVFNMbkPW9wRSJDK7F6.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>Barracuda's controls allow you to fine tune access to a wide range of business cloud apps</em></p><p>For anti-virus scanning, you can globally enable the Avira or ClamAV scanning engines on all policies. If performance isn't an issue, you can have them both active.</p><p>Wireless traffic will be subjected to all firewall checks and guest users can be redirected to a custom web portal complete with AUP agreement.</p><p>Anti-spam setup takes a little longer as we had to create mail gateway and spam filter services first as they aren't enabled by default. Along with scanning mail and sending it on to an internal mail server, there's also an option in the mail gateway service to transparently scan POP3 traffic.</p><h2 id="advanced-threat-detection">Advanced Threat Detection </h2><p>ATD combats the latest malware threats and zero-day exploits by using Barracuda's cloud-based sandbox technology to safely execute and analyse files to determine if they're safe. It's easy enough to configure as you decide whether files, such as Office docs, PDFs and ZIP archives, are uploaded to the cloud and scanned first or delivered and then scanned. </p><p>After testing ATD, we were sufficiently impressed to recommend it highly. It has its own dashboard status widget where we could see files being uploaded for scanning and those being blocked. We could also manually upload files and have them checked.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="CQ3sWkgoTRcSpiFqFUkDEB" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/CQ3sWkgoTRcSpiFqFUkDEB.png" mos="https://cdn.mos.cms.futurecdn.net/CQ3sWkgoTRcSpiFqFUkDEB.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>ATD produced a damning report on the suspect email attachment we gave it to check</em></p><p>We tried this out by uploading a suspect email attachment to the ATD cloud server and found its diagnosis chilling. The ATD report concluded that if the file had been opened, it would have run an external program, injected code into Chrome and Firefox, attempted to download executable content the list just went on and on.</p><h2 id="conclusions">Conclusions</h2><p>We found the complex configuration could be very trying at times, but there's no doubting the F180's credentials. This firewall has some of the best security features available at this price. </p><p>The NG Admin dashboard is very informative while ATD and the app controls were particularly impressive. Businesses that rely on cloud applications will find Barracuda's granular approach to network security a good fit. </p><h2 id="verdict-11">Verdict</h2><p>It’s not the easiest to configure, but Barracuda’s NextGen Firewall F180 is packed to the gills with great security making it good value</p><p>Chassis: Desktop</p><p>Network: 6 x Gigabit Ethernet, 8-port Gigabit Ethernet switch, 802.11n wireless</p><p>Storage: 80GB</p><p>Other ports: 4 x USB 2, VGA, RJ-45 console port</p><p>Power: External PSU</p><p>Management: Barracuda NG Admin, NG Control Center</p><p>Warranty: Included in Instant Replacement </p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Investigatory Powers Bill: Hackers could access security backdoors ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/25818/investigatory-powers-bill-hackers-could-access-security-backdoors</link>
                                                                            <description>
                            <![CDATA[ Why David Cameron is wrong about backdoors, and the Netherlands is right ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">jMHXh3hkyJq5bUZrVpT7Qo</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/WkbhCzKhvM3wNpHyoq7Lza-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 07 Jan 2016 14:18:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Davey Winder ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/qKL6BZiS7oo9Hmyy2yd3WJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/WkbhCzKhvM3wNpHyoq7Lza-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/WkbhCzKhvM3wNpHyoq7Lza-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>While the UK government continues to push forward with the notion that encryption backdoors are a good thing and encryption is bad because terrorists and paedophiles use it, others have a slightly more informed opinion.</p><p>Take, for example, the Dutch government, which this week declared something approaching a passion for strong encryption.</p><p>In <a href="https://blog.cyberwar.nl/2016/01/full-translation-of-the-dutch-governments-statement-on-encryption" target="_blank">an English translation of the Dutch government's statement</a>, Dutch security and justice minister Ard van der Steur is clearly shown to have a much better understanding of technology than either Prime Minister David Cameron or Home Secretary Theresa May.</p><p>Arriving at the conclusion that "it is currently not appropriate to adopt restrictive legal measures against the development, availability and use of encryption" within the Netherlands, van der Steur shows that he gets how backdoors would make encrypted data vulnerable to not only criminals and foreign intelligence services but, yes, also to the very terrorists that Cameron and his cohorts argue they would protect us from.</p><p>Backdoor access is, simply put, not a one-way street. You cannot introduce such a weakness into a security product and expect it to only be exploitable by yourself. Well, Cameron obviously does expect exactly that, which means that he's either an idiot or has been getting very poor technical advice: most likely a bit of both, if you ask me.</p><p>Van der Steur, meanwhile, appears to be spot on when he notes that backdoors "could have undesirable consequences for the security of information communicated and stored" as well as the core integrity of IT systems which are "increasingly of importance for the functioning of the society".</p><p>We cannot forget, however, that this Dutch government statement is put together by politicians and so the language used is all important. Language such as "is currently not desirable" which implies that it could become so if there's a political will to change things.</p><p>What I do know is that, currently, the UK and US governments appear to be on a collision course with IT and I suspect will continue to use terrorist atrocities as emotional leverage to drive badly thought out, commercially damaging and privacy-harming policies as far as weakening encryption usage is concerned.</p><p>Cameron appears to have more of an appetite for this than President Obama, and while the draft Investigatory Powers Bill may have stopped short of banning end-to-end encryption services, it does require backdoor access for law enforcement officials.</p><p>If this becomes law, then I guarantee that UK PLC will suffer as business moves data out of the country and to locations where strong encryption without backdoors is available.</p><p>UK companies who make secure products have also spoken of relocating outside of the UK rather than have to bow to legal moves to build backdoors into them.</p><p>Of course, whether the UK stays in the EU could impact upon all of this: Privacy of communication is a fundamental right that the European Convention on Human Rights (and Charter of Fundamental Rights of the EU) protects.</p><p>The 'security soundbite' may win the popular vote among some, but the economy will surely suffer just as much as our right to privacy. Once the masses realise that any law weakening encryption is actually taking us down the exact same road as regimes with poor human rights records, then even the 'nothing to hide, nothing to fear' right-leaning brigade might start thinking twice...</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Cyberoam CR1000iNG-XP review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/25030/cyberoam-cr1000ing-xp-review</link>
                                                                            <description>
                            <![CDATA[ Cyberoam’s CR1000iNG-XP delivers enterprise network security at a price mid-sized businesses will approve ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">dY4F2gHAnHmUGHjbSztEWP</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/w48UtkFNhqnbbfnndToACL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 31 Jul 2015 08:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/w48UtkFNhqnbbfnndToACL-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/w48UtkFNhqnbbfnndToACL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Now part of the Sophos empire, Cyberoam has been busy shaking up the enterprise security world with a range of high-performance firewalls at a price the big names can't hope to compete with. The CR1000iNG-XP is the latest to join the club and offers growing businesses a high throughput for a modest outlay.</p><p>The CR1000iNG-XP ticks all the right security boxes as along with an SPI firewall, it offers IPsec and SSL VPNs, anti-malware, anti-spam, web and application filtering plus IPS. There's more as Cyberoam's identity-based security allows policies to be applied to users and groups as well as systems.</p><p>Support levels are determined by the subscription you choose with the Total Value Subscription (TVS) providing 8x5 cover while the Comprehensive Value Subscription (CVS) extends this to 24/7 cover. CVS activates Cyberoam's Web Application Firewall (WAF) which protects web sites and applications from attacks such as SQL injection and cross-site scripting.</p><p>Along with a huge raw firewall throughput of 117 Gbps and an equally big 8 Gbps with AV enabled, the CR1000iNG-XP supports four FleXi port expansion modules. The price included an 8-port Gigabit module and Cyberoam offers options with eight copper or fibre Gigabit and 4-ports of 10GbE SFP+.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="o9XjcpbGD8ow8QjNKTGpp5" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/o9XjcpbGD8ow8QjNKTGpp5.png" mos="https://cdn.mos.cms.futurecdn.net/o9XjcpbGD8ow8QjNKTGpp5.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Cyberoam's wizard offers to apply a security policy to get you out the starting blocks</p><p><strong>Easy deployment</strong></p><p>Deployment in the lab was simple as we pointed a web browser at the appliance and followed the quick start wizard. This helped set up basic LAN and WAN port address assignments, an email address for alerting and the mode of operation.</p><p>We chose routed mode as we wanted it to provide all security functions including firewalling. Where required, the transparent bridge mode allows the appliance to sit behind an existing firewall.</p><p>The appliance works straight from the box as the wizard offers to apply one of two base security policies. The general policy activates web filtering for common unwanted categories and anti-malware scanning while the strict policy only allows access to authenticated users.</p><p>Ports are grouped into zones with options for LAN, WAN and DMZ or your own custom zones. We could also place selected ports into link aggregation groups for load balancing and failover.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="29SQivSDdEGcdy4rprapWW" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/29SQivSDdEGcdy4rprapWW.png" mos="https://cdn.mos.cms.futurecdn.net/29SQivSDdEGcdy4rprapWW.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The web console dashboard provides a clear overview of activity and appliance status </p><p><strong>Identify yourself</strong></p><p>After grouping our ports, we applied firewall rules to source and destination zones along with associated networks and hosts. Other network objects include service filters, blocking actions and time schedules which can be applied within each rule.</p><p>We recommend acquainting yourself with Cyberoam's identity-based security as this allows you to apply more versatile security policies to users and groups. Clients authenticating to an external directory server will be automatically logged in while others can log in to the appliance via the Corporate Client.</p><p>Cyberoam provides Linux and Mac clients plus free mobile apps for Android and iOS devices. We had no problems with the iAccess app on our iPad where it auto-detected the appliance's IP address and asked for our login details.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="aT2rY23qXH8JVJWjnm96aF" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/aT2rY23qXH8JVJWjnm96aF.png" mos="https://cdn.mos.cms.futurecdn.net/aT2rY23qXH8JVJWjnm96aF.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>Cyberoam's web filtering can be applied to specific users and performs extremely well</p><p><strong>More security</strong></p><p>Controls for users and groups include web filtering, internet access and bandwidth usage policies. We could enforce data transfer limitations on uploads and downloads and set limits on daily, weekly, monthly and yearly usage.</p><p>Clientless users don't log on to the appliance but for these you can't apply surfing and data transfer quotas or Internet access time restrictions. However, the appliance can now redirect these users to a captive web portal where they enter their credentials.</p><p>Web filtering rules support HTTP and HTTPS as standard and a useful feature is the ability to assign different actions to a category. You could, for example, block HTTP access to business web sites but allow secure HTTPS connections.</p><p>For anti-spam, we could apply a global policy to all users and fine tune it with custom policies. Suspect messages can be dropped, rejected or quarantined to the appliance's internal 1TB hard disk and the spam digest service sends regular spam advisory reports to users.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="weuF6Do7Fsv9oCW8qdWcDE" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/weuF6Do7Fsv9oCW8qdWcDE.png" mos="https://cdn.mos.cms.futurecdn.net/weuF6Do7Fsv9oCW8qdWcDE.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>The iView report tool is included in the price and delivers a wealth of information</p><p><strong>Reporting included</strong></p><p>Cyberoam commendably includes full reporting in the price. The embedded iView syslog server stores all logs on the internal hard disk and presents it in a separate interface accessed directly from the appliance's web console.</p><p>It provides impressive levels of information with the dashboard showing graphs of all allowed and denied traffic. Clicking on a bar graph provides a complete breakdown of all traffic types presented as a collection of pie charts.</p><p>It provides details on firewall, virus and spam activity, web content filtering and even search engine criteria being entered. Compliance reports for HIPAA, PCI or SoX are included and we could easily see what our users had been up to by entering their names in the web surfing report search page.</p><p><strong>Conclusion</strong></p><p>With the appliance and a 1-year TVS subscription costing less than 20K, the CR1000iNG-XP represents remarkably good value. SonicWALL's NSA E8500, for example, offers a much lower raw firewall throughput of 8Gbps and yet prices for this appliance start at 25K.</p><p>The CR1000iNG-XP delivers an impressive range of security measures along with versatile identity-based policies. Cyberoam's total OS consistency across all of its appliances makes deployment and future upgrades a simple process and value looks even better as reporting is included in the price.</p><h2 id="verdict-12">Verdict</h2><p>The CR1000iNG-XP offers mid-sized businesses high performance network security at a sensible price. Easy to deploy and packed with features, it can also be easily expanded to keep in step with demand</p><p><strong>Chassis</strong>: 2U rack</p><p><strong>CPU</strong>: 2 x 2GHz E5-2620 Xeon</p><p><strong>Memory</strong>: 6GB DDR3</p><p><strong>Network</strong>: 10 x Gigabit (max 42)</p><p><strong>Storage</strong>: 4GB CompactFlash, 1TB SATA hard disk</p><p><strong>Expansion</strong>: 4 x module slots</p><p><strong>Power</strong>: 2 x hot-plug 500W PSUs</p><p><strong>Ports</strong>: 2 x USB, RJ-45 console</p><p><strong>Management</strong>: Web browser, iView</p><p><strong>Module options</strong>: 8 x copper Gigabit, £923; 8 x SFP Gigabit, £1,352, 4 x 10GbE SFP+, £2,140 (all ex VAT)</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Dell combines WiFi and firewall to fend off SMB cyber attacks ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/firewalls/25042/dell-combines-wifi-and-firewall-to-fend-off-smb-cyber-attacks</link>
                                                                            <description>
                            <![CDATA[ TZ Wireless Firewall Series aims to bolster small businesses' defences against cyber threats ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sHrxjfZNbnMtEjB3ibi3MR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/imVRVjN32YsFFvZzsJd4LF-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 27 Jul 2015 13:00:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/imVRVjN32YsFFvZzsJd4LF-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/imVRVjN32YsFFvZzsJd4LF-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Dell has launched a new set of SonicWall security products that merge Wi-Fi with firewalls to defend against cyber attacks.</p><p>Named the TZ Wireless Firewall Series, the range is comprised of the TZ300, TZ400 and TZ500, designed to be deployed either in SMBs with around 10-60 employees, or in satellite offices or retail stores of larger enterprises that have a similar number of staff.</p><p>Florian Malecki, head of Dell SonicWall's EMEA marketing team, told <em>IT Pro</em>: "What we have seen is that many organisations are more and more offering wireless access either to guests or for their employees. There are many ways of doing this, such as deploying a fully-fledged, typical wireless technology that we have with Dell Networking, for example.</p><p>"But if you are an SMB that might not be the way you would do it, because they only have 10 or 20 users and maybe use a small office of a few square metres, and might not have three or four people in the IT department to manage end-user computing, WiFi, security, the LAN and so on.</p><p>"[The products have] the ability to offer an integrated wireless service into the firewall. That is what these TZ products offer - gateway antivirus, antispyware, URL content filtering and application firewall."</p><p>As well as offering size-appropriate firewall and WiFi technology, Dell also claimed that this "high performance next generation firewall" is capable of detecting modern cyber attack methods by carrying out analysis such as deep packet inspection on encrypted traffic, without causing lag.</p><p>"As an example, the TZ400 - our midrange product - the customer will be able to get, with all of the different security services enabled, 300MB of throughput. This is normally more than enough, as SMBs' internet connections are normally in the range of 50MB to 100MB," Malecki said.</p><p>The Dell SonicWall TZ300, TZ400 and TZ500 are all available immediately both from Dell and from channel resellers.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ How Vivobarefoot escaped Windows Server 2003 in IT upgrade ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/server/24948/how-vivobarefoot-escaped-windows-server-2003-in-it-upgrade</link>
                                                                            <description>
                            <![CDATA[ Sports footwear company also deployed Office 365 to fix London-China communication problems ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">iiLtki5MtWjmxZo9capA3G</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/7e9zpdXfRaaFNUrSjShygD-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 08 Jul 2015 10:51:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Joe Curtis ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/7e9zpdXfRaaFNUrSjShygD-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Image of a person&amp;#039;s legs wearing running shoes running in the desert]]></media:description>                                                            <media:text><![CDATA[Image of a person&amp;#039;s legs wearing running shoes running in the desert]]></media:text>
                                <media:title type="plain"><![CDATA[Image of a person&amp;#039;s legs wearing running shoes running in the desert]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/7e9zpdXfRaaFNUrSjShygD-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Sports footwear firm Vivobarefoot has escaped the risks of Windows Server 2003 expiry by overhauling its aged IT infrastructure, enabling easier communication between its London and China offices.</p><p>Microsoft's Windows Server 2012 operating system replaced three separate servers owned by Vivobarefoot, including an Exchange Server 2007 running email, a Server 2003 OS supporting file storage and order management software, and another running analysis of this software.</p><p>With <a href="https://www.itpro.com/server/24940/windows-server-2003-one-week-until-end-of-support" target="_blank" data-original-url="https://www.itpro.com/server/24940/windows-server-2003-one-week-until-end-of-support">Server 2003 support set to expire next week</a>, global operations director Damian Peat told <em>IT Pro</em> migrating off the old operating system was a priority for his company.</p><p>"We had to get rid of the servers as quickly as possible and get a new 2012 in because obviously 2003 was coming to the end of its support," he said. "They were also going to die pretty soon."</p><p>Working with Microsoft partner Netstar, Peat binned all three of the servers in favour of one server to rule all his workloads, including Sage accounting software and a Prima order management application.</p><p>"The proposal was to move everything onto one big server that can handle all the different programs, because it's chopped into different servers within a server," he said.</p><p>But junking Server 2003 was just the start of Vivobarefoot's transformation, with Peat deciding the firm would stop backing up its on-site data onto tapes he would lock into a safe at the end of each day.</p><p>"There was always a lot of fear on my part that those back-up tapes potentially wouldn't work, that we'd have a mechanical failure and suddenly find ourselves with nothing," he said.</p><p>"We started getting error messages, we weren't really sure what they were, but we knew they weren't good news. We'd get calls from the IT company saying the back-up didn't run last night. It was very very scary, it was sleepless nights."</p><p>After ditching his old IT partner for Netstar, Peat also parted with his tapes, instead handing his new provider the job of hosting a remote back-up service for all of Vivobarefoot's data.</p><p><strong>Working with China</strong></p><p>Netstar also recommended that Vivobarefoot update its tranche of outdated versions of Microsoft Office by deploying Office 365 across its two offices, based in London and China.</p><p>For Peat, this would solve two problems at once - upgrading software far past its sell-by date, as well as fixing the issue of inconsistent email addresses between the two offices.</p><p>Thanks to the Great Firewall of China and slower internet speeds in the country, his Chinese staff couldn't access their work emails easily, and had resorted to Gmail instead.</p><p>When Google fell out with China over a refusal to recognise security certificates issued by the country's internet authority, the team resorted to various native mail servers, but Peat had concerns over the security of these third-party mail apps.</p><p>"Also it's just really unprofessional," he told <em>IT Pro</em>. "They were communicating with our biggest suppliers, who we spend millions of dollars with every year, with these random email addresses."</p><p>Vivobarefoot initially considered Google Docs and Gmail ahead of Office 365, but scrapped the idea following China's negative rhetoric towards Google. It then considered a hosted Exchange server, but eventually picked Office 365 instead because it is a global cloud service easily accessible in China.</p><p>However, China did condemn Microsoft as well as Apple and Google <a href="https://www.itpro.com/public-sector/22408/china-labels-apple-google-microsoft-pawns-of-the-us-government" target="_blank" data-original-url="https://www.itpro.com/public-sector/22408/china-labels-apple-google-microsoft-pawns-of-the-us-government">as pawns of the US government</a> in June last year, accusing them of spying on state secrets.</p><p>Despite this, Netstar set up Office 365 remotely with Peat's help when he visited the Chinese office, and the outcome has been to make communication between British and Chinese staff easier and more reliable.</p><p>"All of our Chinese staff email addresses are @vivobarefoot.com now, which is awesome," said Peat. "Everything's just a lot more integrated. I manage a team in China and I never used to have access to anybody's calendars. Now I have full visibility of what everyone's up to wherever they are in the world, which is wonderful."</p><p>The whole process took Netstar and Vivobarefoot three months, but that was only stage one, with more changes planned under two future steps.</p><p>"Stage two is getting all of our platforms onto the same thing. We're either using AppDynamics or SAP Business Forum or maybe NetSuite but we're looking at the moment and meeting with all these software houses," said Peat.</p><p>"From my point of view there's a certain attraction to going with AppDynamics just because it plugs in so beautifully with Office 365."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Cyberoam CR2500iNG-XP firewall review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/security/23597/cyberoam-cr2500ing-xp-firewall-review</link>
                                                                            <description>
                            <![CDATA[ Cyberoam’s CR2500iNG-XP fills the value gap other enterprise security appliances leave behind ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">f4rf883oeMTiWiab76MdLp</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/2VDgcaae5suPQL7rMmdsME-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 25 Nov 2014 14:35:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/2VDgcaae5suPQL7rMmdsME-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                                                                                                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/2VDgcaae5suPQL7rMmdsME-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Top end firewalls cost a king's ransom forcing many mid-sized businesses to accept lower performance and features in their search for value. Cyberoam's latest CR2500iNG-XP aims to gives them the best of both worlds as it offers high performance and extensive security at an affordable price.</p><p>The CR2500iNG-XP claims a maximum firewall throughput of over 58Gbps and yet costs under 42,000 with a full three-year TVS (total value subscription) for all services. The <a href="https://www.itpro.com/server/20258/dell-sonicwall-supermassive-9600-review" target="_blank" data-original-url="https://www.itpro.com/server/20258/dell-sonicwall-supermassive-9600-review">Dell SonicWALL SuperMassive 9600</a>, for example, costs up to 30,000 more with only a one-year subscription.</p><p>Expansion is also a key feature as the appliance supports up to four of Cyberoam's optional modules. You start with an 8-port Gigabit module and pick and choose from 8-port copper and fibre cold-swap modules or a 4-port 10GbE SFP+ version. </p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="4zmd2pMaMi74LfK9K7XyNf" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/4zmd2pMaMi74LfK9K7XyNf.jpg" mos="https://cdn.mos.cms.futurecdn.net/4zmd2pMaMi74LfK9K7XyNf.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>Cyberoam offers a good choice of network expansion modules for the CR2500iNG-XP</em></p><p><strong>Deployment consistency </strong></p><p>This 2U rack system comes with a pair of 2.9GHz E5-2667 Xeons, 16GB of DDR3 memory and a 4GB CompactFlash card for Cyberoam's OS. Its 250GB SATA hard disk can be used as an internal email quarantine area and as a report repository for the onboard iView Syslog server.</p><p>One feature we like a lot is Cyberoam's total consistency across its entire range of appliances as they all run the same software, offer the same security features and have identical deployment modes. Even if you've only used Cyberoam's little CR10iNG small business appliance, you won't have any problems configuring its bigger brothers.</p><p>Installation in the lab was simple as the web interface offers a quick start wizard. The appliance can operate in routed or transparent bridge modes so you can either use it as a firewall or place it behind an existing one. </p><p>We chose routed mode and after assigning IP addresses to our LAN and WAN ports, the wizard offered to run in a passive reporting mode or apply one of two predefined security policies. A full complement of ports can make for configuration confusion but we found the port numbering diagrams on the front panel handy.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="ZeCVvGGawLgo2gZmaLM6wm" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/ZeCVvGGawLgo2gZmaLM6wm.png" mos="https://cdn.mos.cms.futurecdn.net/ZeCVvGGawLgo2gZmaLM6wm.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>Cyberoams' appliances all use the same setup wizard for swift deployment in bridged or routed modes</em></p><p><strong>Client choices</strong></p><p>Cyberoam's identity-based security allowed us to apply policies to users and groups as well as systems. Three types of user are supported where a normal user logs on to the appliance using the Corporate Client utility. </p><p>We installed the Windows client on our test desktops where it asked for the IP address of the appliance and user credentials. Mobile users also can get in on the act as along with Linux and Macs, Cyberoam offers free clients for Android and iOS devices.</p><p>Clientless users won't have to log on to the appliance but for these you can't apply surfing and data transfer quotas or Internet access time restrictions. The third type of user authenticates with an external directory server and is then automatically logged in to the appliance.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="DjfdBvCFEsqntPrGXYwyK4" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/DjfdBvCFEsqntPrGXYwyK4.png" mos="https://cdn.mos.cms.futurecdn.net/DjfdBvCFEsqntPrGXYwyK4.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>Authenticated users can have their own policies applied for all security services</em></p><p><strong>Security services</strong></p><p>Firewall rules use port zones to define sources and destinations plus networks and hosts and apply service filters, blocking actions and time schedules. Within these rules we could also apply web filtering, anti-virus, anti-spam and IPS policies along with internet access limits.</p><p>For users and groups, we could apply web filtering, Internet access and bandwidth usage policies to each one. We could also specify data transfer limitations on uploads and downloads and have different values for daily, weekly, monthly and yearly limits.</p><p>Web filtering policies can use any of the 85 URL categories provided but it's annoying that the window to display them is so small it can only show three at a time. Even so, we found the web filtering worked very well during testing with very little slipping under its radar. </p><p>Anti-spam measures are extensive and for SMTP you can move suspect messages to a quarantine area on the hard disk. A spam digest service is also provided so users that have had messages quarantined can have hourly, daily or weekly reports emailed to them.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="JtrxtPYyAuT65PDJ8tiZjf" name="" alt="" src="https://cdn.mos.cms.futurecdn.net/JtrxtPYyAuT65PDJ8tiZjf.png" mos="https://cdn.mos.cms.futurecdn.net/JtrxtPYyAuT65PDJ8tiZjf.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p><em>The embedded iView server provides a wealth of information and it's included in the price</em></p><p><strong>Embedded iView reporting</strong></p><p>Whereas other vendors charge you extra, Cyberoam includes reporting tools and goes one step beyond as they're embedded on the appliance. Its iView Syslog server gathers data directly from the appliances' logs and provides impressive levels of graphing and reporting.</p><p>Accessed from the main web console, the iView dashboard opens with a summary of top applications, users and hosts plus source and destination countries. A heap of predefined reports is provided making it easy to pull up details on host activity, general application, web and mail usage, detected attacks and spam, FTP uploads and downloads and even criteria being entered in a range of search engines.</p><p>Click on any bar graph and you can drill down for more detailed information. The iView console provides trend reports on the security services plus basic compliance reports for HIPAA, PCI, SoX and more and all can be exported in PDF and Excel formats. </p><p><strong>Overall</strong></p><p>The CR2500iNG-XP sets a high standard for performance and teams this up with top-notch security features. It's surprisingly easy to install, beats products such as SonicWALL's SuperMassive enterprise boxes on value and Cyberoam's identity based security makes it very versatile.</p><h2 id="verdict-13">Verdict</h2><p>The CR2500iNG-XP packs plenty of enterprise security measures into a high performance platform and delivers it at a good price. We found it a cinch to deploy and its embedded iView reporting module adds even more value.</p><p><strong>Chassis:</strong> 2U rack</p><p><strong>CPU:</strong> 2 x 2.9GHz E5-2667 Xeon</p><p><strong>Memory:</strong> 16GB DDR3</p><p><strong>Network:</strong> 10 x Gigabit (max 42)</p><p><strong>Storage:</strong> 4GB CompactFlash, 250GB SATA hard disk</p><p><strong>Expansion:</strong> 4 x module slots</p><p><strong>Power:</strong> 2 x hot-plug 500W PSUs</p><p><strong>Ports:</strong> 2 x USB, RJ-45 console</p><p><strong>Management:</strong> Web browser, iView</p><p><strong>Module options:</strong> 8 x copper Gigabit, £923; 8 x SFP Gigabit, £1,352, 4 x 10GbE SFP+, £2,140 (all ex VAT)</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WEBCAST: Increase network performance without jeopardising security ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/644482/webcast-increase-network-performance-without-jeopardising-security</link>
                                                                            <description>
                            <![CDATA[ Do you want to find out how to secure your networks without traffic grinding to a halt? If so, join this webcast. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">xkaVdWVjyuhVs9XgibuFnx</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/nEgRzwg5bxDtzeGn9g5b8M-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 04 Dec 2012 12:12:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                <author><![CDATA[ itpro@futurenet.com (ITPro) ]]></author>                    <dc:creator><![CDATA[ ITPro ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/nEgRzwg5bxDtzeGn9g5b8M-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Dell logo]]></media:description>                                                            <media:text><![CDATA[Dell logo]]></media:text>
                                <media:title type="plain"><![CDATA[Dell logo]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/nEgRzwg5bxDtzeGn9g5b8M-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>CLICK TO <a href="http://uk.enterpriseefficiency.com/video-stream.asp?section_id=2627&doc_id=255176&cid=TIN5&caschk=yes">REGISTER NOW</a></p><p>Network security is of utmost concern to all enterprise IT decision makers, but legacy products can seriously impact on network performance and affect employee productivity.</p><p>This webcast will explain why network security does not have to come at the expense of performance, and how next-generation firewalls are helping CIOs to balance both with ease.</p><p>Register today to secure your place in this discussion.</p><p>Date: Tuesday 4 December</p><p>Time: 9:00 a.m EST</p><p>CLICK TO <a href="http://uk.enterpriseefficiency.com/video-stream.asp?section_id=2627&doc_id=255176&cid=TIN5&caschk=yes">REGISTER NOW</a></p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ZTE and Huawei hit back at US Government accusations ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/643372/zte-and-huawei-hit-back-at-us-government-accusations</link>
                                                                            <description>
                            <![CDATA[ Chinese companies deny their equipment could be used for spying by Chinese government. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">5bq5ZNFTzRoMUFmncMyndF</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6pzdnFfzfzb87D4FFhoKyB-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 09 Oct 2012 12:05:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Jane McCallion ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6pzdnFfzfzb87D4FFhoKyB-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Security keyboard]]></media:description>                                                            <media:text><![CDATA[Security keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[Security keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6pzdnFfzfzb87D4FFhoKyB-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The Chinese telecoms firms at the centre of a political storm, ZTE and Huawei, have hit back at allegations that their equipment could be used to spy on American companies and government agencies.</p><p>In a statement, ZTE reaffirmed its commitment to work with the US House Permanent Select Committee on Intelligence, government agencies and the private sector to address all security concerns.</p><p>David Dai Shu, ZTE's director of global public affairs, said "ZTE appreciates the Committee's recognition that ZTE has offered US carriers a Trusted Delivery Model solution. ZTE will work with the Committee, US government agencies, and ZTE's US customers to identify and deploy the most effective equipment cyber-security measures possible. ZTE is committed to assuring US carriers and US government agencies its equipment is safe."</p><p>The Shenzhen-based company also intimates in its statement that it is unfair to single out ZTE and Huawei simply because they are the two largest Chinese companies supplying infrastructure to the US.</p><p>"It is noteworthy that, after a year-long investigation, the Committee rests its conclusions on a finding that ZTE may not be free of state influence.' This finding would apply to any company operating in China ... given the severity of the Committee's recommendations, ZTE recommends that the Committee's investigation be extended to include every company making equipment in China, including the Western vendors. That is the only way to truly protect US equipment and US national security," added Dai Shu.</p><p>ZTE's commitment follows news that networking specialists Cisco split with the company over allegations the Chinese firm had sold <a href="https://www.itpro.com/643348/cisco-splits-with-zte-over-iran-trade-deal-claims" target="blank" data-original-url="https://www.itpro.com/643348/cisco-splits-with-zte-over-iran-trade-deal-claims">Cisco branded products to Iran</a>. The US House of Representatives Intelligence Committee has also warned American companies and government agencies to avoid using ZTE and Huawei. The committee claimed in a report published on 8 October that the two firms represent a national security threat to the US. However in the UK, Huawei is also a major supplier to BT and Everything Everywhere.</p><p>Huawei has been even more forthright in its response to the committee's report. A spokesperson for the company said: "The United States is a country ruled by law, where all charges and allegations should be based on solid evidence and facts. The report conducted by the House Permanent Select Committee on Intelligence ... failed to provide clear information or evidence to substantiate the legitimacy of the Committee's concerns."</p><p>"The report released by the Committee today employs many rumors and speculations to prove non-existent accusations ... We have to suspect that the only purpose of such a report is to impede competition and obstruct Chinese ICT companies from entering the US market," the spokesperson added.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft urges users to apply latest security patch ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/639541/microsoft-urges-users-to-apply-latest-security-patch</link>
                                                                            <description>
                            <![CDATA[ Update address flaws in Remote Desktop Protocol ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">vepVzbZ3RHeBGndA2sD6B</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/kN9b34iSn7HpeHzktErFsa-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 14 Mar 2012 11:09:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Connor Jones ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/LPjgE2kGKixS9aF7Jdp2mT.png ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/kN9b34iSn7HpeHzktErFsa-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Security]]></media:description>                                                            <media:text><![CDATA[Security]]></media:text>
                                <media:title type="plain"><![CDATA[Security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/kN9b34iSn7HpeHzktErFsa-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft is urging people to waste no time in applying its latest security patch, warning that it expects to see exploits of patched vulnerabilities within 30 days.</p><p>According to Microsoft, update MS12-020 addresses two vulnerabilities in Microsoft's implementation of the Remote Desktop Protocol (RDP), and one of the flaws is a remote code execution vulnerability affecting all versions of Windows.</p><p>We expect to see working exploit code developed within the next 30 days.</p><p>Attackers could use the vulnerability to remotely access computers without authorisation.</p><p>Microsoft said it "strongly encouraged" users to make "a special priority of applying this particular update" because the potential rewards for attackers would make the vulnerability too tempting to ignore.</p><p>"We are not aware of any attacks in the wild and the remote desktop protocol is disabled by default," the company said in its security blog outlining the problem and how system administrators should deal with it.</p><p>"However, due to the attractiveness of this vulnerability to attackers, we anticipate that an exploit for code execution will be developed in the next 30 days."</p><p>Microsoft said attackers could exploit the vulnerability over networks before authentication was required because "RDP is commonly allowed through firewalls due to its utility".</p><p>The service runs in kernel-mode as SYSTEM by default on almost all platforms, the company said.</p><p>"We determined that this vulnerability is directly exploitable for code execution," Microsoft said.</p><p>"Developing a working exploit will not be trivial we would be surprised to see one developed in the next few days. However, we expect to see working exploit code developed within the next 30 days."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Fortinet FortiGate 111C ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/637801/fortinet-fortigate-111c</link>
                                                                            <description>
                            <![CDATA[ Fortinet's compact FortiGate 111C appliance has a remarkable range of security measures at an affordable price. In this exclusive review, Dave Mitchell puts it on test to see if it really does have every security angle covered. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">egJazvNSVnqUMkWCU3pX4S</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/K6AcvBS6iXnY23djzcfLUU-1280-80.png" type="image/png" length="0"></enclosure>
                                                                        <pubDate>Fri, 09 Dec 2011 16:21:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/png" url="https://cdn.mos.cms.futurecdn.net/K6AcvBS6iXnY23djzcfLUU-1280-80.png">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Fortinet FortiGate 111C]]></media:description>                                                            <media:text><![CDATA[Fortinet FortiGate 111C]]></media:text>
                                <media:title type="plain"><![CDATA[Fortinet FortiGate 111C]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/K6AcvBS6iXnY23djzcfLUU-1280-80.png" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="wbG3rADo2Kumw874ByTnyV" name="" alt="ITPRO Recommended award" src="https://cdn.mos.cms.futurecdn.net/wbG3rADo2Kumw874ByTnyV.jpg" mos="https://cdn.mos.cms.futurecdn.net/wbG3rADo2Kumw874ByTnyV.jpg" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div></figure><p>What makes it stand out is Fortinet's ASIC-based FortiOS operating system and the latest v4.0 introduces a heap of new features. At its foundation is the standard fare of SPI firewall plus IPSec and SSL VPNs, to which you can add intrusion prevention, anti-virus, anti-malware, anti-spam, web filtering and P2P app controls.</p><p>There's a lot more, though, as you have data leak prevention (DLP), integrated management of Fortinet's FortiAP wireless access points plus rogue AP detection, endpoint protection and vulnerability scanning.</p><p>We haven't finished yet as the 111C supports an optional 64GB SSD for high speed web caching, logging, DLP archiving and quarantining. There's still more as pairs of appliances can used for high availability and with one at each end of a site-to-site link they can perform WAN optimisation.</p><p>The 111C has eight, switched Fast Ethernet LAN ports and a pair of Gigabit WAN ports. It supports both NAT and transparent modes and we used the latter to drop it in between the lab's LAN and Internet connection. The cooling fans are very noisy so the appliance will need to go in a cabinet.</p><p>Fortinet quotes impressive performance figures for the 111C with an IPS throughput of 450Mbps. We tested this using the lab's Ixia Optixia XM2 chassis equipped with two Xcellon-Ultra NP blades and saw throughput settle comfortably at nearly 460Mbps.</p><p>The appliance's web interface opens with a smart dashboard which can be customised with widgets. These include traffic history graphs for selected interfaces, tables for top applications and sessions, license information, cache usage and system resources.</p><p>Each firewall policy comprises source, destination, schedule, service and action objects and you can assign various UTM profiles to each one. Anti-virus profiles define which protocols you want scanned and if you want infections to be removed or quarantined.</p><p>Fortinet provides its own URL filtering database and its eight main categories cover nearly eighty subcategories. You can block or allow entire categories or select options at the subcategory level, activate logging for each individual entry, apply usage quotas and enable a global Safe Search feature.</p><p>Application control policies use sensors for selected apps and Fortinet provides nearly 2,000 to choose from. Each policy can simply monitor and log usage or you can block them, reset the connection or apply a traffic shaper object created within your firewall policies.</p><p>The FortiGuard anti-spam measures are also controlled using policies which decide which mail protocols to scan, how spam is handled and which FortiGuard functions should be applied. For testing we created a policy that scanned all mail protocols for spam but only tagged suspect messages and passed them on.</p><p>We configured our Outlook clients to move tagged messages to a separate folder and left the appliance scanning live email for three weeks. At the end of the test we saw an impressive spam detection rate of nearly 99 per cent with only eight false positives.</p><p>DLP policies are used to scan traffic for file types, file sizes, fingerprints, conditions or expressions such as credit card and social security numbers. To use fingerprinting you upload files to the appliance or point it to a remote location and it will generate a checksum for each one.</p><p>DLP sensor policies can include any of these criteria and be used to monitor and log activity. For highly sensitive documents, you can set the policy to block the transfer or quarantine the user, the IP address or even the interface on the appliance the traffic was spotted on.</p><p>For vulnerability scans you use asset definitions based on IP addresses and ranges and each entry can be assigned Windows and Unix authentication details. Manual or regularly scheduled scans can be run on selected definitions and three levels allow scans to be run on port 80, all common application ports or the full port range.</p><p>Managing wireless networks with Fortinet's access points couldn't be easier as the appliance automatically detects them. We tested this with FortiAP 220 and 222 models and found we could create multiple SSIDs each with unique security and encryption settings and assign them to specific APs.</p><p>Along with rogue detection you also have the option of suppressing them. When a rogue is spotted it is listed in the web interface monitoring page where you can select it and activate suppression. The appliance's wireless controller then sends deauth messages to the rogue and any clients trying to associate with it.</p><p>The appliance provides local logging and reporting where you can view event, UTM, traffic and vulnerability scan logs and check on the quarantine store. Graphical reports can also be generated for bandwidth, application, web, email and VPN usage and displayed as high quality web reports with an introductory page and even a table of contents.</p><p>For more detailed reporting we recommend the optional FortiGuard Analysis and Management Service (FAMS). The appliance can be set to upload selected logs regularly to your account on this hosted service which are used to present an extensive range of detailed reports.</p><p>The FortiGate 111C provides the most comprehensive range of security measures we've yet seen in an SMB level appliance. It's easy to deploy and affordable as well with a bundle including the SSD, anti-virus, IPS, anti-spam and web filtering costing 3,543.</p><h2 id="verdict-14">Verdict</h2><p>SMBs that want a security appliance that covers every possible network security requirement need look no further than the FortiGate 111C. It’s very simple to install and manage, can be customised to suit with a wide range of optional packages, provides plenty of quality reporting tools and is offered at a sensible price.</p><p>Chassis: Desktop/rack mount</p><p>CPU: Fortinet FortiASIC</p><p>Network: 8 x switched 10/100 (LAN), 2 x Gigabit (WAN)</p><p>Storage: 64GB SATA SFF SSD (optional)</p><p>Ports: 2 x USB, RJ-45 console</p><p>Management: Web browser, CLI</p><p>Software: Fortinet FortiOS 4.0</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ IDF 2011: Intel unveils first fruits of McAfee acquisition ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/636106/idf-2011-intel-unveils-first-fruits-of-mcafee-acquisition</link>
                                                                            <description>
                            <![CDATA[ The new DeepSAFE security offering is different to the software protection approach, Intel and McAfee claim. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qdDmZWN3R2M3RdBFXAMZF7</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/rNL2snJBNZwrineb9dwr6T-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Tue, 13 Sep 2011 20:27:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Maggie Holland ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/rNL2snJBNZwrineb9dwr6T-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[IDF 2011 logo]]></media:description>                                                            <media:text><![CDATA[IDF 2011 logo]]></media:text>
                                <media:title type="plain"><![CDATA[IDF 2011 logo]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/rNL2snJBNZwrineb9dwr6T-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>McAfee has stepped up the fight against cyber criminals by tapping into the power of hardware rather than just focusing on software-based defences.</p><p>The security giant, which was <a href="https://www.itpro.com/626215/intel-to-acquire-mcafee-in-768-billion-deal" target="_blank" data-original-url="https://www.itpro.com/626215/intel-to-acquire-mcafee-in-768-billion-deal">acquired</a> by Intel for $7.68 billion in August last year, took the wraps off the technology dubbed DeepSAFE at the <a href="https://www.itpro.com/626959/top-five-topics-at-idf-2010" target="_blank" data-original-url="https://www.itpro.com/626959/top-five-topics-at-idf-2010">Intel Developer Forum</a> in San Francisco.</p><p>As the bad guys continue to circumnavigate security software such as firewalls and antivirus protection, those wishing to keep their data safe need to fight back. But using the same weapons of old is no longer viable, or won't be in the long term, according to the two companies.</p><p>With the DeepSAFE technology platform, we're actually able to protect our customers and save them time and money.</p><p>By opting for a hardware-related approach and utilising features already present in Intel processors, threats residing beneath the operating system can be tackled in real-time before they affect consumer or business machines and cause any damage, according to McAfee. This approach will be particularly useful in combating rootkit attacks, the company claims, adding that it estimates there are currently 1,200 new rootkits detected on daily basis.</p><h3 class="article-body__section" id="section-what-we-think"><span>What we think...</span></h3><p>As a means of securing the software layer from the hardware layer, it's a good approach. Trend Micro has tried doing this before, and various BIOS builders have also built in capabilities to prevent root kits and so on. Indeed, Intel itself has stuff in the trusted computing platform that should do stuff like this.</p><p>One of the biggest issues though is if a false positive is flagged - such an approach is almost impossible to override. So a critical piece of software may not be installable.</p><p>For Intel, the biggest issue it has to worry about is that whatever it does at the silicon level with McAfee has to be open and something that others can also do otherwise the DoJ will jump down its throat on an anti-compete charge.<em>Clive Longbottom, founder, analyst firm Quocirca</em></p><p>"Many attacks are triggered when we launch a video or an application from one of our favourite sites. Often, users will see a warning that they click on through and ignore it," said Candace Worley, McAfee's senior vice president and general manager of Endpoint Security, as she demoed the technology in action.</p><p>While in beta now, the first DeepSAFE products are expected to hit the market this year, most likely initially focused on enterprise protection.</p><p>"Let's take a look at a system that's actually running the DeepSAFE technology. Here, running on top of DeepSAFE is beta software for a soon-to-be-announced product from McAfee that will do kernel node rootkit prevention," she added.</p><p>"Once again, the user clicks through the warnings and unknowingly installs the Agony rootkit. But, because the DeepSAFE technology and beta software is used, utilising the VT technology from Intel, we actually recognise the rootkit as it attempts to load into memory and we block the attack in real-time."</p><p>"With the DeepSAFE technology platform, we're actually able to protect our customers and save them time and money," Worley concluded.</p><p>CPU events can be monitored in real-time using the technology, which will also remove the hiding place for some of today's threats, meaning the currently undetectable becomes detectable and resolvable.</p><p>"2011 might be the year the industry got serious about security," Paul Otellini, Intel's chief executive, said during his keynote speech at IDF. "Intel has been serious about security for a long time Smartphones and tablets are not immune [from the threats]."</p><p>Alex Thurber, McAfee's senior vice president of worldwide channel operations took to Twitter to shout about the good news for its partner ecosystem.</p><p>"It is a new world of opportunity for our security partners," he tweeted. Indeed, Intel's Otellini highlighted the openness of the collaboration and the fact the virtualisation tech's APIs would be made available to others.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Top 10 social networking tips for enterprise - part two ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/635986/top-10-social-networking-tips-for-enterprise---part-two</link>
                                                                            <description>
                            <![CDATA[ We conclude our two-part look at what the big social networking sites had to offer businesses. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">2ZBiPDg9W8JRLgNVskQ6Lz</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/JWaDBu2vjSBd7FMi6Nn2Jc-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 07 Sep 2011 10:46:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Davey Winder ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/qKL6BZiS7oo9Hmyy2yd3WJ.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/JWaDBu2vjSBd7FMi6Nn2Jc-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[top 10]]></media:description>                                                            <media:text><![CDATA[top 10]]></media:text>
                                <media:title type="plain"><![CDATA[top 10]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/JWaDBu2vjSBd7FMi6Nn2Jc-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>6. Tap into Twitter with social CRM software</p><p>Andrew Yates, chief executive of Artesian Solutions suggests that the enterprise would be foolish to ignore social media as a source of sales intelligence. After all, as Yates points out, the average customer today expects you to know a lot about them so it's imperative that your sales team can leverage the social web to actively listen, engage and add value.</p><p>"Consider how a business could tap into Twitter with its 150 million net contributors to find a mention of a company, assess whether the sentiment was good or bad, understand the context of the subject matter, and then decide whether this was in some way relevant to their business, product or service?" Yates says, adding "The ability to filter the web and social media for this kind of 'inside' sales intelligence is essential".</p><p>Which is where a whole new category of social CRM software comes in, making it possible to sift through this content by intelligently deciphering what is relevant.</p><p>"By harnessing the power of social media in this way, it will be easy for companies to accelerate their sales by tracking their customers and competitors every minute of the day" Yates says.</p><p>"In a time when a single customer complaint from someone with influence can have more impact on a company's reputation than its best marketing," Rishi Dave, executive director of online marketing at Dell concludes "social media enables businesses to listen and respond instantly to customer queries, problems and comments".</p><p>7. Consider buzz monitoring software</p><p>Jonny Rosemont, head of social media at DBD Media (and previously responsible for setting up and managing the social media strategy at John Lewis) has a good tip for businesses looking to dip a toe into the social media water: do your research first. "The most important thing to do is to embark in some audience analysis to identify where your customers congregate online" Rosemont says, adding "if you are a business trying to attract consumers then the likelihood is that the most popular social networks (such as Facebook and Twitter) will be areas you will need to build up a dialogue on". But, as Rosemont told IT Pro, if you are targeting a specific niche or group of individuals such as business leaders or IT buyers for example, then there might be other avenues worth considering. "There are some great buzz monitoring solutions (e.g. Radian6) that can help you find your audience" Rosemont concludes "and you could always seek agency support to help you define your priorities".</p><p>8. Update your policies</p><p>Ensure that your current policies are updated to apply content control to social media usage. Which means making sure there are guidelines in place to cover both what your staff post and what they look at. Good policy helps mitigate the risk of bad practise such as the wrong information being published on a social network or accessing content that could impinge upon the health of your network.</p><p>"You need to make sure you have clear policy and usage rights in place for both employees posting in a business and personal capacity" Greg Day, security CTO and director of security strategy at Symantec for Europe, the Middle East and Africa (EMEA) reminds us, adding that it's also important to "understand the legalities behind ownership of posted comment. You need to implement data controls and have a plan in place for any occasion that may see you needing to revoke content".</p><p>9. Know the dangers</p><p>There are some pitfalls to avoid when doing business in the social networking sphere. Knowing what they are is vital in order to be able to avoid them. Jesse Engle, vice president of social media with ExactTarget, advises that you can actually lose followers (and therefore potential customers) by "spamming or posting boring information too often" or end up in court through posting confidential information.</p><p>This is why Engle insists that employees should be "educated in the art of social conversation". Nir Zuk, CTO of Palo Alto Networks, argues that responsible use alone is not always enough.</p><p>"Companies also need to be able to monitor social network traffic in order to detect threats" Zuk told <em>IT Pro</em> "this can be achieved by installing a next generation firewall system which can classify and protect all application traffic on corporate networks, unlike legacy firewalls. This can be thought of as a safe enablement model, which is ultimately about striking a balance between security and user independence".</p><p>10. Don't forget the four rule of social media engagement</p><p>And finally, Manish Sablok, head of marketing for North Europe at Alcatel-Lucent, reminds us not to forget the four basic rules of social media engagement: listen, prioritise, engage, integrate.</p><p>"Through true integration, companies gain the ability to listen to consumer sentiment about their brands and to prioritize customer sentiments to determine the appropriate actions, engaging with consumers as never before" Sablok says, concluding "Good social media practice integrates the resulting interactions across marketing, customer service, and other customer touch points to deliver a truly satisfying customer experience".</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ ForeScout Technologies CounterACT 6.3.4 ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/635509/forescout-technologies-counteract-634</link>
                                                                            <description>
                            <![CDATA[ Network access control (NAC) products are often seen as expensive and difficult to deploy. ForeScout's CounterACT claims to be anything but and in this review Dave Mitchell tests this latest virtual appliance. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">4D2p6En1mQd61wSHkLT3Yw</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/y54QvZLSYEPkEPijpGDGh4-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 10 Aug 2011 12:01:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/y54QvZLSYEPkEPijpGDGh4-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                        <media:description><![CDATA[Virtual appliance installation is straightforward and CounterACT requires a dedicated virtual switch for its span port.]]></media:description>                                                            <media:text><![CDATA[The ForeScout Technologies logo]]></media:text>
                                <media:title type="plain"><![CDATA[The ForeScout Technologies logo]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/y54QvZLSYEPkEPijpGDGh4-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <figure role="gallery"><figure><img src="https://cdn.mos.cms.futurecdn.net/y54QvZLSYEPkEPijpGDGh4.jpg" alt="The ForeScout Technologies logo" /><figcaption>The ForeScout Technologies logo</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/LXqrFfBbNNk6qmcYxyLZg3.png" alt="Virtual appliance installation is straightforward and CounterACT requires a dedicated virtual switch for its span port." /><figcaption>Virtual appliance installation is straightforward and CounterACT requires a dedicated virtual switch for its span port.</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/jkZ8MS8rXCoHit5DeDtYgX.png" alt="The CounterACT Console is well designed and provides high levels of information about monitored systems and policy status." /><figcaption>The CounterACT Console is well designed and provides high levels of information about monitored systems and policy status.</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/3t9Jb7ZVXhNmjCKuV93M5K.png" alt="The new Dashboard in this latest version provides a useful overview of monitored systems and policy compliance." /><figcaption>The new Dashboard in this latest version provides a useful overview of monitored systems and policy compliance.</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/fJfR6g69KVodkYZcsGpprB.jpg" alt="Clients that are not compliant with CounterACT policies can access a web page that lists the reasons and can offer remediatio" /><figcaption>Clients that are not compliant with CounterACT policies can access a web page that lists the reasons and can offer remediatio</figcaption></figure><figure><img src="https://cdn.mos.cms.futurecdn.net/fk99xULC5LvvdDPpX4MbdB.png" alt="Policy creation is wizard driven and these can be used to check on required software products and apply a range of actions to" /><figcaption>Policy creation is wizard driven and these can be used to check on required software products and apply a range of actions to</figcaption></figure></figure><p>The network access control (NAC) market has seen a modest growth over the past few years, but the added pressures of compliance with data protection regulations has sparked increased interest. Established in 2000, ForeScout Technologies has been in this game longer than most and its latest CounterACT 6.3.4 is now available as a virtual appliance.</p><p>CounterACT is designed to provide full visibility of all network devices, users and applications, use baselines to determine their security posture and permit appropriate network access based on these findings. ForeScout offers it preinstalled on a range of hardware appliances, but now supports VMware ESX and ESXi</p><p>One of the biggest drawbacks of many NAC solutions is their inability to work within existing network infrastructures but CounterACT avoids these problems with two methods of network scanning. An OOB (out-of-band) mode uses a switch span port to see all network traffic and also allows CounterACT to provide intrusion prevention and apply virtual firewall policies. It can also query devices such as firewalls and routers about connected devices. This uses SNMP or CLI access and requires a plug-in for the device which ForeScout provides for all major vendors.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="LXqrFfBbNNk6qmcYxyLZg3" name="" alt="Virtual appliance installation is straightforward and CounterACT requires a dedicated virtual switch for its span port." src="https://cdn.mos.cms.futurecdn.net/LXqrFfBbNNk6qmcYxyLZg3.png" mos="https://cdn.mos.cms.futurecdn.net/LXqrFfBbNNk6qmcYxyLZg3.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">Virtual appliance installation is straightforward and CounterACT requires a dedicated virtual switch for its span port. </span></figcaption></figure><p>Virtual appliance installation is straightforward and CounterACT requires a dedicated virtual switch for its span port.</p><p>CounterACT uses a response port to enforce NAC policies with actions such as HTTP redirection, VLAN quarantining and virtual firewall blocking. If it spots potentially malicious traffic it also uses the response port to redirect the traffic to a virtual host it creates on the fly so it can examine it.</p><p>For installation, we created a new virtual machine on one of the lab's VMware ESX Server 4 systems. ForeScout provides an ISO image rather than an OVF template so you need to upload the file into the VM's datastore and set it as the boot media.</p><p>For OOB operations you create a new virtual switch with a dedicated physical network port on the VMware host. This is assigned to the CounterACT VM and must be set to promiscuous mode so it can see all traffic.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="jkZ8MS8rXCoHit5DeDtYgX" name="" alt="The CounterACT Console is well designed and provides high levels of information about monitored systems and policy status." src="https://cdn.mos.cms.futurecdn.net/jkZ8MS8rXCoHit5DeDtYgX.png" mos="https://cdn.mos.cms.futurecdn.net/jkZ8MS8rXCoHit5DeDtYgX.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">The CounterACT Console is well designed and provides high levels of information about monitored systems and policy status. </span></figcaption></figure><p>The CounterACT Console is well designed and provides high levels of information about monitored systems and policy status.</p><p>The appliance then starts identifying all devices on the network and automatically populating the console with their details. The scanning process uses the open source Nmap utility and is swift as after only a few minutes CounterACT had listed all our Windows Server 2003 and 2008 systems, Windows XP, Vista and 7 clients and other network devices including firewalls, printers and even NAS appliances.</p><p>The interface is well designed with a left pane showing all discovered devices plus policies and their status. The pane below allows views to be filtered where you place hosts with common attributes in groups and apply NAC policies to them.</p><p>Predefined policies are provided to get you out of the starting blocks, but it's easy enough to create your own. A classification policy places all new systems in the correct group so, for example, any that haven't authenticated to a recognized server can be classed as guests where they will have the appropriate policy applied.</p><p>Rather than block access completely, the policies can provide self-service and remediation services to guest users. You can present them with a web login page and the details they enter will be checked against selected authentication servers.</p><p>Guest network access can be configured automatically by using an ACL (access control list) or by placing the user in a separate VLAN. If a system pops up that you really don't want on the network, the policy can interact with a network switch and disable the port the system was seen on. Alternatively, you can apply the virtual firewall and use rules in the policy that determine what it can communicate with.</p><p>Compliancy policies check systems to ensure they have required components such as specific anti-virus software products. These can also check for apps such as IM and P2P and the policy can be set to terminate the program if the user tries loading them.</p><p>Mobile devices are on CounterACT's radar as it can manage products such as iPhones and iPads as well as Blackberry, Android and Windows Mobile smartphones. It can query the device and use policies to manage usage. For greater control ForeScout is now developing agents for them with an Android agent already available.</p><figure class="van-image-figure pull-" data-bordeaux-image-check ><div class='image-full-width-wrapper'><div class='image-widthsetter' ><p class="vanilla-image-block" style="padding-top:56.25%;"><img id="fk99xULC5LvvdDPpX4MbdB" name="" alt="Policy creation is wizard driven and these can be used to check on required software products and apply a range of actions to" src="https://cdn.mos.cms.futurecdn.net/fk99xULC5LvvdDPpX4MbdB.png" mos="https://cdn.mos.cms.futurecdn.net/fk99xULC5LvvdDPpX4MbdB.png" align="" fullscreen="" width="" height="" attribution="" endorsement="" class="pull-"></p></div></div><figcaption itemprop="caption description" class="pull-"><span class="caption-text">Policy creation is wizard driven and these can be used to check on required software products and apply a range of actions to </span></figcaption></figure><p>Policy creation is wizard driven and these can be used to check on required software products and apply a range of actions to non-compliant systems.</p><p>Although Windows clients that are part of an AD domain can have network access controlled without an agent, there are a number of circumstances where it is required. CounterACT can restrict access to external devices such as USB storage but needs the SecureConnector agent loaded which can be easily downloaded from a self-service portal or pushed out via a policy.</p><p>With this agent installed on a Windows 7 test client we created a policy to block all access to USB storage devices. When we inserted a flash drive the agent promptly blocked access. We also created policies that terminated IM and P2P apps - when we loaded Windows Live Messenger and a BitTorrent client, the SecureConnector agent closed them both down immediately.</p><p>ForeScout's CounterACT is a good choice for businesses that don't want to make any major changes to their networks to accommodate a NAC solution. CounterACT is comparatively good value and we found the new virtual appliance version easy to deploy and capable of providing strong policy-based network security and access controls.</p><p><a href="https://www.itpro.com/635509/forescout-technologies-counteract-634" target="_blank" data-original-url="https://www.itpro.com/635509/forescout-technologies-counteract-634">So what's our verdict?</a></p><h2 id="verdict-15">Verdict</h2><p>Compared with many NAC products, we found CounterACT easy to deploy and, apart from setting up switch span ports, requires no major changes to the existing network infrastructure. Its policy-based security makes it very versatile allowing administrators to provide controlled, secure network access to managed, unmanaged and guest systems as they attempt to join the network.</p><p>Operating System: VMware ESX/ESXi 3.5 and above Memory: 1.5GB Hard disk: 80GB free space</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Five tech sectors staring into the abyss ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/631945/five-tech-sectors-staring-into-the-abyss</link>
                                                                            <description>
                            <![CDATA[ The end is nigh for some areas of the tech industry. We look at which ones could be six feet under in the not too distant future. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">sNG3fqLgUY1n9U4bUVwfv6</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/sSEieu3PmTiWDVFYMqAUB-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Wed, 16 Mar 2011 13:02:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/sSEieu3PmTiWDVFYMqAUB-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Grave]]></media:description>                                                            <media:text><![CDATA[Grave]]></media:text>
                                <media:title type="plain"><![CDATA[Grave]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/sSEieu3PmTiWDVFYMqAUB-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>As we all know, nothing lasts forever.</p><p>Regardless of how wonderful a technology appears to be at the point of creation, it will eventually be replaced by something better.</p><p>Businesses need to keep up with what technologies could be redundant in years to come. If they don't, they'll risk being left with an IT infrastructure as healthy and as useful as a dying slug.</p><p>We take a look at five areas of the IT industry facing extinction areas where organisations may need to consider a complete rethink in how they are managed.</p><p>Some of these sectors may survive, others will not. Pay a visit to the business IT graveyard in the not too distant future and you might see their names engraved on tombstones next to the likes of floppy disks and dial-up modems.</p><p>Netbooks</p><p>If netbooks do become a thing of the past in the next few years, they would have had a very short life indeed. There are a number of clear indicators these little devices will be kicking the bucket some time soon.</p><p>First off, there's the figures. Over the last four months, sales of netbooks have declined rapidly. In December, year-over-year sales in Western Europe were down 18.4 per cent, according to research firm Context. In January they had fallen 22.5 per cent and in February 34 per cent.</p><p>These declines come despite netbook price drops. Across the continent, average netbook sales prices went down from 236 (205) in January 2010 to 218 (189) this year.</p><p>"They're still not selling in huge numbers," said Context's mobile analyst Salman Chaudhry.</p><p>"It looks very likely that the tablet market is replacing the netbook market I think it'll still have a small presence but no way near the peaks we saw in 2009 when they were defying all vendor demand."</p><p>Then there's comment from within the industry. Apple chief operating officer Tim Cook said last year that he was unable to "think of a single thing a netbook does well." Even earlier in 2010, Steve Jobs described netbooks as "just cheap laptops."</p><p>It's obvious Apple has an agenda here, but when an actual netbook vendor is compelled to put out a statement saying it will continue to produce the devices, you know something must be up.</p><p>Earlier this year, a senior employee at Acer reportedly said the manufacturer would be leaving the netbook segment altogether to focus on tablets. Although Acer then came out to assure the public it would continue making netbooks, it admitted "the computer market is changing."</p><p>Indeed it is, and one change that looks likely is the usurping of netbooks by tablets. Convertibles like the <a href="https://www.itpro.com/629815/dell-insprion-duo-review" target="_blank" data-original-url="https://www.itpro.com/629815/dell-insprion-duo-review">Dell Inspiron Duo</a> could also put a dent in netbook sales, although that particular machine failed to astound <em>IT PRO</em>.</p><p>Nevertheless, the IT Grim Reaper is starting to swing his scythe in the direction of netbooks.</p><p>Back in the 1990s, the firewall was being touted as the answer to all our security problems. It's clear now that our belief in the technology as an effective protector of the corporate network was somewhat misguided.</p><p>Whilst they remain semi-useful, standard firewalls simply cannot protect against the myriad threats that organisations face today.</p><p>"The type of threats we are seeing around at the moment are not hindered by the firewall at all," Mark James, technical manager at ESET UK, told <em>IT PRO</em>. "The majority of infections we are dealing with at present tend to be delivered in such a manner that having a firewall or not has no bearing on the threat being installed. User education is much more effective than a firewall in these situations."</p><p>Admittedly, it would be a surprise to see the firewall completely disappear, but people have been talking about its demise for some time now.</p><p>James' colleague David Harley, senior research fellow at ESET, said it is unlikely the final nail in the firewall's coffin will be hammered down in the near future. However, he suggested it's likely the industry will see fewer basic desktop firewalls and perhaps even less industrial strength devices around the gateway.</p><p>"At all levels, protection is much more about multilayering nowadays than it is about single defensive layers, whether it's at the desktop or further back into the cloud," Harley added.</p><p>If firewalls are to survive, it may need adoption of next-generation firewalls (NGFWs) to ramp up fast. These systems offer more than your standard firewall, in particular the ability to detect application-specific attacks. They can also allow IT admins to enforce granular security policies around application use, on top of packet filtering.</p><p>This kind of application management has just not been available on legacy firewalls.</p><p>Gartner recently predicted the installed base of NGFW will increase to 35 per cent by 2014, so uptake could be set to spike very soon.</p><p>Nevertheless, it'd be fair to say the firewall of the 1990s, with its limited application awareness, is on life support and it'll be time to pull the plug soon.</p><p>Landline phones</p><p>There's some decent evidence out there pointing to the death of the landline phone. First off, not using one can save businesses money.</p><p>A plethora of alternative services are out there that give you connectivity, from VoIP to the simple use of a company mobile. Not only do they allow businesses to make cheaper calls, they mean workers can be anywhere and keep connected with both customers and coworkers.</p><p>During a recent meeting at <em>IT PRO</em> offices, Vodafone showed us how unified communications was negating the need for a landline phone. Instead, companies can use a mix of mobiles and 3G desk phones for all their calls.</p><p>Businesses can simply move their fixed line numbers over to Vodafone, as part of the One Net Express deal, and have a setup where workers can use that same number across as many devices as they choose. Of course, employees can still use their own mobile number, but as many customers value locality, the ability to use faux landline numbers could provide real value to a business. Well, according to Vodafone at least.</p><p>"Not only are these services now more available, we are also seeing that SMEs are using these services to improve competitiveness."</p><p>Looking across the pond, some big names have even indicated the end could be nigh for landlines altogether. Not so long ago, Ivan Seidenberg, chief executive of Verizon Communications, said the company was not all that bothered about wired up phones, according to a <a href="http://bits.blogs.nytimes.com/2009/09/17/verizon-boss-hangs-up-on-landline-phone-business" target="_blank">New York Times</a> report. Given how long Verizon has been in the landline business, it's clear prognostications surrounding the technology's death are not to be balked at.</p><p>If we're being realistic though, landlines themselves are not going to be ripped up or left to rot anytime soon. But with people working longer yet more flexible hours, and with mobile technology moving at the pace it is, there won't be much need for a wired-up phone for every worker in the coming years.</p><p>Office desktops</p><p>Let's be clear here: we do not believe desktop computers are going to disappear from offices in the next few years. This is more of a long-term prediction.</p><p>Also, inside organisations needing lots of computing power, souped-up workstations will still be used. We're talking about typical office desktops here.</p><p>Now, there are a number of instructive signifiers in today's world pointing to the end for standard office desktops.</p><p>Many heard Apple chief Steve Jobs waxing lyrical about the <a href="https://www.itpro.com/631564/need-to-know-apple-ipad-2" target="_blank" data-original-url="https://www.itpro.com/631564/need-to-know-apple-ipad-2">iPad 2</a> being the "post-PC" device. Now whilst it's implausible that particular Apple product will replace PCs across the world, Jobs may have been onto something.</p><p>Given how rapidly the world is taking to mobile devices like tablets and smartphones, those boxes beneath your desks could be a thing of the past in the not too distant future.</p><p>Then there is desktop virtualisation. If you can acccess a desktop OS on a mobile machine (Citrix recently showed us Windows 7 running on an iPad), why do you need to bother with so many desktops? Well, you don't.</p><p>According to Lewis Gee, from IT intelligence vendor Centrix Software, shifting business user behaviours coupled with companies' willingness to drive down IT costs could spell the end for desktops.</p><p>"There are certainly a number of drivers that are going to change the end user device," Gee told <em>IT PRO</em>. "Part of that is going to be around a very corporate-led cost-cutting exercise where they need to reduce the number of desktops."</p><p>With the consumerisation of IT, which finally seems to becoming a reality rather than just a buzz phrase, the desktop will be less frequently used as employees bring in their laptops or tablets to work on.</p><p>Of course, the challenge for the IT department will be to offer workers flexibility whilst still being able to deliver critical applications. There are also clearly security issues to deal with indeed, the consumerisation of IT is another danger the firewall doesn't cover. If a worker brings in a virus to the corporate network, there's nothing a firewall can really do to stop it.</p><p>Whilst the IT department will have to cope with a range of problems associated with the decline of the desktop, they need to recognise it is happening and be prepared.</p><p>This is one contentious area, but it is worth talking about. When Nicholas Carr released his book The Big Switch: Rewiring the World, from Edison to Google' in 2008, he angered a lot of people by suggesting utility computing (i.e. the cloud) would replace the need for a corporate IT department.</p><p>Carr argued the situation was analogous to the early 1900s when electric utilities replaced company-run power facilities.</p><p>Given vendors' proselytising of cloud computing over the past year, which really jumped up a notch during and after the recession, the argument that the IT department as we know it will soon be no more has become a little more plausible. If customer data and critical applications are delivered via the cloud, not much would be left for in-house IT workers to do, right?</p><p>Well, perhaps. There are various pertinent arguments against Carr's claims. Firstly, most companies have invested so much in their infrastructure it's highly unlikely they will just dump it all any time in the next few years.</p><p>Furthermore, cloud computing as a sector currently represents less than 10 per cent of the overall IT market, so businesses clearly aren't entirely convinced just yet. Trust issues remain too, as the majority of companies are not yet willing to hand most of their IT infrastructure over to an outside firm.</p><p>Nevertheless, as more companies start outsourcing their operations and adopt technologies like Platform-as-a-Service, there will have to be less for the IT department to do.</p><p>This could mean one of two things: corporate IT departments will a be slimmed down, less vital part of an organisation, or, and this is more likely, IT workers will have more time to focus on other areas of the business.</p><p>In the latter scenario, businesses could really benefit as the IT department gets more time to use its expertise and drive costs down across their company by employing the most efficient and effective technologies. The business would benefit, the IT department would be happy, vendors would still be able to sell their wares, and analyst firms would be left beaming as their glorification of the cloud would still be justified.</p><p>Whatever happens, the make-up of today's IT department looks set to be irrevocably altered in the coming years.</p><p>The end</p><p>As has always been the case in the IT industry, things are moving fast.</p><p>Admittedly, many of the same debates that were raging years ago, such as cloud computing, are continuing today, but actual advancements in hardware and software have never abated.</p><p>Organisations have to decide whether to take the plunge and be early-adopters or to sit and wait before investing, hoping they won't get left behind.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Microsoft downplays Windows vulnerability ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/631219/microsoft-downplays-windows-vulnerability</link>
                                                                            <description>
                            <![CDATA[ Microsoft says a vulnerability could allow remote code execution, but it's not likely anyone will be able to do it. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">hXaZSKY8Dsb84ZzMNd1opE</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/whVeUMqQDnons5LMrJsZrj-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 18 Feb 2011 12:10:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/whVeUMqQDnons5LMrJsZrj-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Security]]></media:description>                                                            <media:text><![CDATA[Security]]></media:text>
                                <media:title type="plain"><![CDATA[Security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/whVeUMqQDnons5LMrJsZrj-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Microsoft has downplayed a Windows vulnerability affecting all versions of the OS that could allow remote code execution.</p><p>Earlier this week, a proof of concept exploit was released but Microsoft suggested it was unlikely that the flaw could be used for remote code execution.</p><p>The bug was discovered on the BROWSER protocol, which runs on top of the Server Message Block (SMB) protocol on Windows.</p><p>"This vulnerability affects Windows machines that have been configured to (A) use the BROWSER network protocol and (B) that then become Master Browser on the local network," said Mark Wodrich, from the Microsoft Security Response Centre, in a <a href="http://blogs.technet.com/b/srd/archive/2011/02/16/notes-on-exploitability-of-the-recent-windows-browser-protocol-issue.aspx" target="_blank">blog post</a>.</p><p>"The BROWSER protocol uses an election process to determine which system will act as the "master" in terms of data collection and response handling."</p><p>Wodrich said the vulnerability was more likely to affect server systems running as the Primary Domain Controller.</p><p>"Enterprise networks the Primary Domain Controller (PDC) will become Master Browser, but depending on the network configuration, other computers on the network can become Master Browser, and therefore be vulnerable," he explained.</p><p>Wodrich said remote code execution would be possible "if the corrupted memory is used by a thread running on another processor before the RtlCopyMemory triggers a bugcheck, and in a way that can be used to change code execution."</p><p>"We feel that triggering any such timing condition reliably will be very difficult," he added.</p><p>Wodrich said that businesses following best practices should block the BROWSER protocol at the edge of firewalls to limit attacks on the local network.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Qualys launches open source firewall project ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/631033/qualys-launches-open-source-firewall-project</link>
                                                                            <description>
                            <![CDATA[ Qualys opens up on a web application firewall project, admitting it is taking a risk with competitors. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">97ZpCoP8nFSjxfQnWE5CZR</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/UvtBJBeasN5TGu8HRufQPZ-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 14 Feb 2011 14:39:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/UvtBJBeasN5TGu8HRufQPZ-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Firewall]]></media:description>                                                            <media:text><![CDATA[Firewall]]></media:text>
                                <media:title type="plain"><![CDATA[Firewall]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/UvtBJBeasN5TGu8HRufQPZ-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Qualys has announced an <a href="https://www.itpro.com/625198/top-10-open-source-alternatives" target="_blank" data-original-url="https://www.itpro.com/625198/top-10-open-source-alternatives">open source</a> project to design a superior web application firewall.</p><p>Codenamed IronBee, the initiative will see security professionals share ideas under the Apache Software Licence v2.</p><p><a href="http://www.qualys.com" target="_blank">Qualys</a> was inspired to start the project due to the rise in the use of web apps and the emergence of cloud computing, which together have opened up businesses to even more threats.</p><p>"No single company alone can fight the sophistication of attacks we are now facing," said Philippe Courtot, chairman and chief executive (CEO) of Qualys.</p><p>Akamai Technologies has already signed up, but there was no word on what products either company would commercialise at the end of the project.</p><p>Ivan Ristic, director of engineering at Qualys, told <em>IT PRO</em> the end goal is to produce an exceptional product that the company can take to market and he was not concerned about sharing code with competitors.</p><p>"There is certainly a risk for us for someone else to use the code and create a rival product, but we are willing to take that risk," Ristic said.</p><p>"A large part of this project is going to be information sharing on threats, on what the bad guys are doing, etc."</p><p>Although he could not give any precise figure, Ristic said Qualys has poured a significant amount of investment into IronBee, with three people working full time on the project and another threat researcher set to join soon.</p><p>By making IronBee open source, businesses will also benefit as any product coming out of the initiative would not lock firms in with the vendor, Ristic said.</p><p>Qualys hopes to have whatever comes out of the project in production by the third or fourth quarter of this year, Ristic said, pointing out "you have to make your money somewhere."</p><p>"Open source doesn't have anything to do with business," he added.</p><p>Elsewhere, Qualys has been busy at the RSA Conference USA 2011, where the firm again indicated it is running a noticeably open operation.</p><p>For instance, the firm announced QualysGuard Vulnerability Management can now integrate with Trend Micro Threat Intelligence and Trend Micro Deep Security.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Windows Azure & 360 Lifecycle case study ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/629602/windows-azure--360-lifecycle-case-study</link>
                                                                            <description>
                            <![CDATA[ As a software provider for the financial industry, 360 Lifecycle needed to make its solutions more accessible to its clients. Windows Azure and cloud computing made this possible. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">cYcVgoTpA49utyzLmyJwH1</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Db6ZRmaJQXQiweeXv9pcJA-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 20 Dec 2010 12:44:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Stuart Andrews ]]></dc:creator>                                                                                    <dc:source><![CDATA[ https://cdn.mos.cms.futurecdn.net/mEdNR8woAJQHLpiEiLNoD.jpg ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Db6ZRmaJQXQiweeXv9pcJA-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[360 logo 2]]></media:description>                                                            <media:text><![CDATA[360 logo 2]]></media:text>
                                <media:title type="plain"><![CDATA[360 logo 2]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Db6ZRmaJQXQiweeXv9pcJA-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <h3 class="article-body__section" id="section-introduction"><span>Introduction</span></h3><p>360 Lifecycle, a leading provider of software for financial and mortgage advisors, was finding challenges in growing its business effectively. Its single-tenanted, server-based applications required too much investment to attract smaller firms, and infrastucture issues made it time-consuming to support new clients. Needing a way forward, it found one with software partner, Dot Net Solutions, and Microsoft's Windows Azure and SQL Azure platforms. By migrating its applications to Windows Azure, 360 Lifecycle has developed a fully scalable, highly cost-effective and easy to provision product, and been able to focus on software, not infrastructure.</p><h3 class="article-body__section" id="section-the-situation"><span>The Situation</span></h3><p>360 Lifecycle is a leading UK Independent Software Vendor (ISV) for the financial services industry, producing end-to-end client, team and product management solutions. Its software is used by financial and mortgage advisers across the UK to manage customer relationships, track opportunities and provide comprehensive, reliable advice. A related product is used by financial service companies to handle teams of advisers and ensure compliance with UK law.</p><p>The software was originally designed by the technical team working at parent group, Lifetime Financial Management Ltd, to support its own businesses, which advise over 40,000 customers spread throughout the UK. However, in January 2009, 360 Lifecycle opened up the application to other financial service providers.</p><p>To begin with, the company focussed its efforts on medium-sized and large organisations, which had the servers and infrastructure required to run the software on-premises. However, the financial services industry extends not just to a few large organisations, but to many thousands of small businesses, which may have as few as one to ten employees. By restricting its audience, 360 Lifecycle felt that it was failing to address as much as 75% of its target market.</p><h3 class="article-body__section" id="section-major-issues"><span>Major Issues</span></h3><p>Three issues stood in the way. First, the cost of setting up the necessary servers and network infrastructure was a considerable investment for smaller firms. Secondly, the costs for 360 Lifecycle in provisioning and supporting its software made servicing the smallest firms financially non-viable. Finally, while 360 Lifecycle could arrange hosting for smaller firms, many felt uncomfortable about making their data accessible to a company that was, effectively, part of a competitor.</p><p>360 Lifecycle looked at various options, including a number of application hosting platforms, but these never really addressed the core issues. For example, a simple application update might take an hour or so per server, meaning support costs for each client and additional workload for 360 Lifecycle. While it was technically possible to scale the services to provision new businesses, the numbers didn't always add up. In the words of the company's IT Director, David Steele,"the business wouldn't scale because we really couldn't add more customers. We'd reached the limit, to some extent, of what we could do overnight."It was time to find a new way forward.</p><h3 class="article-body__section" id="section-the-solution"><span>The Solution</span></h3><p>At this time, 360 Lifecycle started working with Microsoft Gold Partner, Dot Net Solutions. Dot Net advised 360 Lifecycle to look at Microsoft's Windows Azure and SQL Azure platforms. These scalable hosting platforms would allow 360 Lifecycle to deliver its applications from the 'cloud', with the software hosted on Microsoft's network of state-of-the-art data-centres.</p><p>"The profile of the organisations they were looking to sell to meant that they needed the comfort factor that Azure was a state-of-the-art platform with a well-established vendor" says Dan Scarfe, Chief Executive for Dot Net Solutions." You compare the costs of Windows Azure to an equivalent hosting company, and it's a fraction of the cost, but you've still got a big brand name behind it. It seemed to be a great fit."</p><p>Windows Azure gives us the ability to scale much faster and make the product available quickly and on an online basis for small users. It also enables us to manage users more efficiently.</p><p>Carlos Thibault, Managing Director, Lifetime Financial Management Ltd.</p><p>Working closely with Scarfe and Dot Net, Steele and his team were able to move the 360 Lifecycle application from the existing, single-tenanted server-based application to Windows Azure and SQL Azure within six weeks. Eight weeks later, it had migrated its existing product base."It was very easy" notes Steele. "It never felt difficult, or hard." Steele even feels that 360 Lifecycle could have made the process even easier by using the Windows Azure Drive feature. This allows developers to mount the Binary Large Object (BLOB) services Azure uses for cloud-based storage as virtual hard disks. However, having seen the benefits of a cloud-based approach, 360 Lifecycle wanted to embrace the new paradigm."We thought that, if we're going for the cloud, let's go all-in and do it properly"says Steele.</p><h3 class="article-body__section" id="section-the-benefits"><span>The Benefits</span></h3><p>Using Windows Azure might not have been the only solution for 360 Lifecycle, but it's certainly the best. The reasons why come down to five key benefits:</p><p>Costs - With Azure's advanced, highly scalable architecture, you only pay for the databases that you actually use, and not the infrastructure that supports them. "Compare that with a traditional hosting company, where you've got to build your own SQL environments and pay for the SQL licensing costs" says Scarfe. "If you want to build it in a highly available and fault tolerant environment, the costs go through the roof." Using Azure means 360 Lifecycle only pays for capacity when it has customers who need it. There's no forecasting and no risk, and the company's customers can use 360 Lifecycle without investing in infrastructure and support.</p><p>No infrastructure burden - Microsoft supports and maintains the Windows Azure data-centres, guaranteeing 99% uptime and availability. Even though 360 Lifecycle was not responsible for the majority of its customers' servers, problems there would often end up in support calls to the company. "Infrastructure is the bane of any software company's life."explains Dot Net's Dan Scarfe. "90% of the problems you have, have nothing to do with software. It's the operating systems breaking, the firewalls going down and all this nonsense plumbing that distracts from where we really add value - at the application layer."</p><p>With Azure, this is no longer the case."All of those issues just go away" adds David Steele, "Because there's nothing to manage." As a result, 360 Lifecycle can concentrate on what it does best software and leave the rest in Microsoft's safe hands.</p><p>Easy to provision new customers - Windows Azure and SQL Azure make it easy to add new customers, virtually on demand. 360 Lifecycle's clients don't need to invest in new servers or network infrastructure, and 360 Lifecycle doesn't need to waste time load-balancing and testing hosted databases. "With Azure, it's done" says Steele "I press a button, I change a number in a config file, and I've got a new provision. "In fact, the company has already created provisioning tools that enable it to get a new customer up and running within minutes. "It's given us confidence to go out and talk to people" says Steele. "We can grow now, we can get as many people up there as we want."</p><p>Azure is secure - 360 Lifecycle's customers are understandably concerned about security, and Microsoft's fully-secured and protected, state-of-the-art data-centres give them just that. As Steele explains, "When you're in a sales pitch and they ask Where will my data be hosted?' you can say 'at Microsoft's data-centres' and see them physically relax. They know it's safe."</p><p>What's more, with the data hosted by Microsoft and away from Lifetime Financial Management's own servers, concerns about data leaks evaporate. "We've managed to have separate databases for each customer" notes Dan Scarfe, "which means you don't have any of the concerns about data leakage that you quite often have in multi-tenanted environments."</p><p>Uses existing skill sets - Part of the speed and ease with which 360 Lifecycle and Dot Net were able to move the software to Azure comes down to the fact that it's based on well-established Microsoft technologies. Once the teams got to grips with SQL Azure and BLOB storage, the rest was easy. "It's Windows Server, it's SQL Server, it's all the applications that developers know and love" says Scarfe, "but available at massive scale on the Internet. There's no real learning curve you have to go through. You have to grasp how it works, but it's not like you have to learn any new languages or anything you're unfamiliar with.... everything that is available on premise is available in some form in the cloud. The ramp-up and on-boarding time is very minimal."</p><h3 class="article-body__section" id="section-conclusions"><span>Conclusions</span></h3><p>Since moving to Azure, 360 Lifecycle has already added several new customers to its roster, and is set to add more during the early part of 2011. "Already we've done a number of pitches to businesses - a couple of medium businesses and some large businesses - where the cloud technology has definitely been an interesting differentiator and does allow the overall cost of the implementation of the product to be significantly reduced" says the Lifetime group's Managing Director, Carlos Thibault.</p><p>Apart from where you have to, I would almost recommend that people didn't run their applications on-premise. Even if you've got the stuff - the kit sitting in the corner - the built-in disaster recovery, and the peace of mind that someone else is looking after all this stuff makes it all worthwhile. It's not all about cost-savings, though those are significant. Just that peace of mind means that if you can, you should do it.</p><p>David Steele, IT Director, Lifecycle 360</p><p>For Thibault, the current state of the industry combined with new legislation arriving in 2013 puts 360 Lifecycle in a strong position. "There's a desire to reinvest in technology to support businesses, and what the cloud allows us to do is to be able to pitch and position the product as an opportunity for businesses to do that without massive capital expenditure." The company is so happy with the new Azure-based product that it's looking to roll it out into other industries. "A lot of the principles apply to whichever business you're in."</p><p>David Steele is even more effusive. "We're over the moon" he says. "It really makes so much difference to a small software company. It takes so much away from me that I don't have to worry about any more. Across the whole of the business. It has a positive effect on sales, a positive effect on support and provisioning. Everything we do, it touches and makes easier."</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Are businesses at risk of WikiLeaks attacks? ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/629383/are-businesses-at-risk-of-wikileaks-attacks</link>
                                                                            <description>
                            <![CDATA[ Denial of service attacks against WikiLeaks, as well as companies that refuse to do business with it, have raised the stakes for cyber-crime. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">bjTTnvDpDQzh2GPXQnA8uQ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/8MKyt7do2RKuj3GqM5onfY-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Fri, 10 Dec 2010 15:43:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Stephen Pritchard ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/8MKyt7do2RKuj3GqM5onfY-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Security warning]]></media:description>                                                            <media:text><![CDATA[Security warning]]></media:text>
                                <media:title type="plain"><![CDATA[Security warning]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/8MKyt7do2RKuj3GqM5onfY-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>ANALYSIS:The blurred -out image of the young hacker on the <a href="http://www.bbc.co.uk/news/technology-11968605" target="_blank">BBC News</a> might not strike fear into business leaders. But perhaps it should.</p><p>The hacker, who identified himself as "Coldblood", claimed to be a member of the Anonymous group behind distributed denial of service (DDoS) attacks on Mastercard, Visa, Amazon.com and PayPal. The companies were targeted, Coldblood told the BBC, because they had "bowed to Government pressure" to withdraw services from WikiLeaks. WikiLeaks itself was hit by several DDoS attacks after it released US diplomatic cables to the press.</p><p>Fears are growing that the type of attacks aimed both at WikiLeaks, and its former business partners, are creating an environment that is increasingly dangerous for any organisation doing business online.</p><p>Although security experts point out that mounting the type of attacks that took place against Visa and Mastercard is illegal in the UK, under the provisions of the 2006 Police and Justice Act, prosecuting individuals behind cyber attacks is fraught with difficulty. It remains all too easy for hackers to base themselves, or their botnets, in countries where the law is more lax.</p><p>Security professionals worry too that, now groups such as Anonymous have demonstrated both the ease and the power of cyber attacks, others will follow their lead. Governments are already concerned about military-style cyber attacks on countries, such as those that affected Baltic states and Georgia; both NATO and the UK government, in its recent <a href="https://www.itpro.com/627700/government-funding-boost-to-fight-cyber-crime" target="_blank" data-original-url="https://www.itpro.com/627700/government-funding-boost-to-fight-cyber-crime">defence and security review</a> have made cybercrime and cyber warfare defence a higher priority.</p><p>"At the highest level, it is not a question of focusing on WikiLeaks. This comes down to what people are doing, not their motivation," says Professor John Walker, a member of the Security Advisory Group at ISACA and CTO of Secure-Bastion. "We need to think about the next reason for using it [DDoS attacks]. It is a threat that faces every organisation that faces the Internet."</p><p>Businesses are also concerned that they might, through no fault of their own, become caught up in cyber attacks driven by political economic or other motives beyond their control. Online businesses in particular will have thousands of customers, and little way of knowing if a customer might be caught up in the type of controversy that has affected WikiLeaks in the future.</p><p>Break down the Government walls</p><p>Government agencies and bodies such as NATO can, of course, afford to take steps to detect and prevent cyber attacks, and they can also call on their intelligence services to try to predict where the next attacks might come from.</p><p>Commercial businesses, though, are forced to rely on their security vendors, IT consultants and own in-house IT teams to bolster defences. After the recession, Professor Walker cautions, some companies may well find their defences are lacking. "Security has been impacted. Businesses now need to see how secure they are," he said.</p><p>The first and urgent steps to protect a business against cyber attacks need not be expensive, however. At ISACA, Professor Walker advises carrying out an urgent security review. Mid-sized businesses and enterprises should have the resources to do this themselves.</p><p>If they do not, a few thousand pounds spent on external testing is a far better than running the risk of the significant downtime and reputational damage that follows a successful attack, he suggests. When businesses do carry out such audits, often the result is that they find they can switch resources to where they are more effective; new spending is not always necessary.</p><p>But businesses that trade online, or depend heavily on the public internet for their collaboration and communications tools, might need to delve deeper into their technology platforms to ensure they are resilient. Firms need to make sure operating systems, web servers, databases and firewalls are up to date and fully patched, and that they are watching logs for suspicious activity. IT staff should also ensure they receive up to date security information from the vendors, as these are a valuable early warning system. "DDoS attacks against websites can be difficult to fend off, as we saw with MasterCard and others over the past couple of days," explains Dave Beesley, MD of consultancy Network Defence. "However, there are strategies that companies can take to defend themselves against cyber threats generally. "The first is to make sure that their web platforms, operating systems and applications are running the latest up-to-date patches, as attackers often seek to exploit known vulnerabilities. And web gateways and firewalls need auditing to ensure their rule-sets are capable of dealing with attacks."</p><p>IT professionals should act quickly to check their security, and to reassure their companies' boards that all that can be done, is being done. No-one can say how the WikiLeaks saga will end, but the unfortunate truth is that cyber attacks are here to stay.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Celestix MSA 3200i review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/628534/celestix-msa-3200i-review</link>
                                                                            <description>
                            <![CDATA[ Microsoft has replaced its venerable ISA Server with Forefront TMG 2010 and Celestix delivers it as a complete plug-and-go security appliance. Read this exclusive review of the MSA 3200i to see if it is a more sensible alternative to buying and installing TMG yourself. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">x51SrQkBWjyYjRmMrudFAL</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/B5hVnTrPQV2KS4QnaF5pbL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 11 Nov 2010 17:46:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/B5hVnTrPQV2KS4QnaF5pbL-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Celestix MSA 3200i]]></media:description>                                                            <media:text><![CDATA[Celestix MSA 3200i]]></media:text>
                                <media:title type="plain"><![CDATA[Celestix MSA 3200i]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/B5hVnTrPQV2KS4QnaF5pbL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>It's taken Microsoft a long time to get serious about its Internet Security and Acceleration (ISA) Server with the last update occurring in 2006 and comprising nothing more than a service pack. Its latest Forefront Threat Management Gateway (TMG) 2010 is its long awaited successor and Celestix' new MSA 3200i appliance delivers it ready to go out of the box.</p><p>Supplied to us by <a href="http://www.wickhill.co.uk" target="_blank">Wick Hill</a>, the 3200i is one of a large family of MSA threat management gateways from Celestix and is aimed at businesses with 100 to 500 users. It has TMG Workgroup Edition installed but if you want load balancing, failover and centralised management of multiple appliances then the 3200b model is the one to go for as this has the Branch Edition loaded.</p><p>At its foundation TMG provides the same core features as ISA Server so you get an inbound and outbound security gateway, support for IPsec VPNs and forward and reverse web proxy services. A big difference is that TMG is 64-bit only, but it also offers a lot more security features than ISA Server ever did.</p><p>It comes as standard with an SPI firewall, HTTP/HTTPS traffic inspection and Microsoft's NIS (network inspection system) which scans traffic looking for Windows exploits. Options include web filtering and virus protection which are both activated with a subscription to Microsoft's Web Protection Service. Email security and anti-spam measures are also now available with the optional Forefront Protection for Exchange which doesn't support any third-party mail servers.</p><p>The appliance has Windows Server 2008 Standard 64-bit and TMG preloaded. For the quickest deployment we suggest connecting it to a network with DHCP services. If you want to assign a static IP address immediately you'll have to do this using the jog dial and LCD panel on front of the appliance.</p><p>You'll also need to use the dial and screen to create a base firewall rule to allow remote management access. We found the dial a pain to use for setting addresses but at least once we'd finished it could be locked down and secured with a PIN.</p><p>With a DHCP-enabled network, you can go straight to web browser management where you'll be greeted with the Celestix Comet interface. This has been designed specifically to remotely manage TMG and it starts with a wizard to help get you up and running.</p><p>You have four deployment options and we chose to position the appliance in the lab as an edge firewall. An advantage of having Windows Server on the appliance was it only took a few minutes to integrate it into our AD domain.</p><p>Firewall policies can be applied to AD groups and users which consist of source and destination networks or hosts, allow or deny actions and protocols. Wizards are also provided for securely publishing LAN resources such as Exchange web access, SharePoint sites or web servers. For the latter you also have an option for declaring server load balancers.</p><p>TMG's web security is vastly superior to ISA Server as malware inspection is carried out automatically whilst NIS uses a regularly updated signature database to watch out for known exploits. Web filtering gets a big boost as Microsoft now provides over seventy URL categories that can be blocked at the gateway.</p><p>We found the URL filtering worked very well with our test clients blocked from all manner of dubious sites including games and gambling. A new feature is an option to allow selected users to override a blocking rule. TMG's URL category query tool also proved very useful during testing.</p><p>The TMG reporting interface sees a modest redesign and the latest SP1 update brings in user activity reports so you can see what individuals have been up to and those that have used the rule override option. The reports can be very detailed and can be used to view traffic patterns, cache, protocol and application usage plus security alerts.</p><p>Basic real time monitoring is provided but we found it really annoying that no report on the current activity could be raised until the following day. TMG still uses the Dailysum utility from ISA Server which can only query the reporting database once a day.</p><p>Email security can begin once you've typed your Exchange servers and mail domains in to TMG and wizards are provided to create basic policies. This component snaps neatly into the TMG console and assigns SCL (spam confidence level) scores to suspect email.</p><p>Based on their SCL score, spam messages can be deleted, rejected or quarantined but no options are provided for tagging subjects and letting them through. TMG provides tough anti-virus measures as it uses scanning engines from Kaspersky, Authentium, Norman, VirusBuster and Microsoft.</p><p>Forefront TMG 2010 is a vast improvement over ISA Server as it provides a wealth of new features including web filtering, anti-malware, anti-virus and HTTPS inspection. Existing users of ISA Server would do well to upgrade but the change to a 64-bit operating system means they must do a clean install and migrate their settings to TMG.</p><p>The Celestix MSA 3200i looks a much more sensible choice as it has everything preinstalled and ready to run. It's also unlikely you'd save much cash by doing it yourself as you'll need to factor in TMG licensing costs plus the dedicated server hardware and underlying Server 2008 64-bit OS and, of course, your valuable time.</p><h2 id="verdict-16">Verdict</h2><p>It makes sense for existing users of ISA Server to move up to Forefront TMG 2010 as it has a wealth of new security measures. Our main issues are that TMG’s optional messaging security only supports Exchange and the separately licensed web filtering and anti-virus features will push the price up. Even so, the MSA 3200i takes all the hard work out of deploying TMG and will probably work out better value than trying to do it all yourself.</p><p>Chassis: 1U rack Processor: Intel Core 2 Duo Memory: 4GB DDR2 RAM Network: 6 x Gigabit Ethernet Storage: 1 x 320GB SATA hard disk Ports: VGA, 2 x USB2 Software: Windows Server 2008 Standard 64-bit, Microsoft Forefront TMG 2010 and Celestix Comet preloaded Options: Annual support from Wick Hill, from £419 ex VAT</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Barracuda launches NG Firewall 5.0 ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/627688/barracuda-launches-ng-firewall-50</link>
                                                                            <description>
                            <![CDATA[ Barracuda NG Firewall 5.0 has been launched, featuring improved performance and remote management capabilities. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">2WVKTH1phrvFSTduNTZweT</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/zG4XHuHdYGwgRYnuu7NL-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Thu, 14 Oct 2010 14:03:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Tom Brewster ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/zG4XHuHdYGwgRYnuu7NL-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Security]]></media:description>                                                            <media:text><![CDATA[Security]]></media:text>
                                <media:title type="plain"><![CDATA[Security]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/zG4XHuHdYGwgRYnuu7NL-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p><a href="http://www.barracudanetworks.com/ns" target="_blank">Barracuda Networks</a> has launched an update to its NG Firewall appliances, enabling 64-bit multiprocessing capabilities.</p><p>The addition means Barracuda NG Firewall 5.0 will be able to take full advantage of top-end multi-core processors, the manufacturer claimed.</p><p>The ability to scale up to multiple cores means companies can get firewall application control throughput speeds of up to 21Gbps without changing their hardware.</p><p>Dr Klaus Gheri, vice president for product management for Europe, the Middle East and Africa (EMEA) at Barracuda, said this additional performance had taken "a long time" to integrate into the firewall, "but it is an important milestone."</p><p>"Performance changes are the most needed ones," he told delegates during a press conference in Austria today.</p><p>"Customers have been nagging us for this and it is big news for them."</p><p>The update also included Active Recovery Technology, designed to enable administrators to manage appliances in remote locations without the need for travel.</p><p>Companies can use the technology to deploy as well, as recover remote appliances, centrally through the Barracuda NG Control Centre, meaning administrators can initiate diagnostics and fixes for remote problems without leaving their department.</p><p>The Barracuda NG Firewall firmware release 5.0 is available from today and comes at no extra cost for current customers.</p><p>The firewall comes in 11 different appliance models and as a virtual appliance for VMware, all of which cost between 499 and 27,499 each.</p><p>The update comes nine months after Barracuda's acquisition of Austrian-based <a href="http://www.phion.com/INT/Pages/default.aspx" target="_blank">phion</a>, whose technology has been leveraged for use in the firewall product line.</p><p>Much of the focus at today's Barracuda summit has focused on the work with phion, with the former's chief executive (CEO) Dean Drako reiterating the positives of being "better together."</p><p>Drako said Barracuda lacked a traditional firewall product and phion ended up being the perfect fit.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ Symantec announces its data encryption plans ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/627577/symantec-announces-its-data-encryption-plans</link>
                                                                            <description>
                            <![CDATA[ After anti-malware and firewalls, the company moves deeper into data protection. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">tpKukcLQPR9PvZLctrGzre</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/wVrX5XS59SEW9jmJLPTxeS-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 11 Oct 2010 11:37:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Eric Doyle ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/wVrX5XS59SEW9jmJLPTxeS-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Security on keyboard]]></media:description>                                                            <media:text><![CDATA[Security on keyboard]]></media:text>
                                <media:title type="plain"><![CDATA[Security on keyboard]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/wVrX5XS59SEW9jmJLPTxeS-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>Symantec has revealed its plans for three companies it acquired this year, marking a bold move into the data encryption business.</p><p>The security specialist announced that it will be releasing three related products a year from now.</p><p>The first will be based on Whole Disk Encryption created by PGP, which it bought in June, along with GuardianEdge. Symantec said it will add support for Advanced Encryption Standard New Instructions (AES-NI). The AES extension was announced by Intel earlier this year to enable encryption conversions to work more efficiently with Intel Core processors.</p><p>The PGP product will also support another Intel technology. Anti-Theft (AT) has been added to select Core and Core vPro chips to allow a remote poison pill' to be activated. This renders the computer unusable if a laptop goes missing or is decommissioned but can be reversed if a lost computer is recovered.</p><p>Symantec also announced that GuardianEdge's Device Control will be rebranded to establish its Endpoint Encryption product line. Endpoint Encryption Device Control will target removable storage devices and control port access, monitor device usage and audit file transfers to these drives. The company will also add Mac OS X support for Apple's computer range.</p><p>The third announced product has also been derived from the GuardianEdge portfolio. It will be called Symantec Endpoint Encryption Removable Storage Edition. As a companion to the Device Control product, this will exercise access and transfer control over data transfers based on file content.</p><p>The third acquisition was authentication specialist Verisign in August. Symantec said it is still formulating detailed plans for integration with its products. One possibility the company outlined was the combination of secure access with PGP's encryption products to harden system security.</p><p>Symantec is a highly acquisitive company and the Verisign buy-out is the 69th acquisition the company has made since its founding in 1982.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ WatchGuard XTM 510 review ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/626842/watchguard-xtm-510-review</link>
                                                                            <description>
                            <![CDATA[ WatchGuard’s latest XTM appliance has a wealth of network security measures, but management is a weakness. Read our exclusive review of the new XTM 510 to find out more. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">boKhFQXa2TzhqHvoEugx3N</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/Nzg98jDUMSVXuLYVR6JPnV-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 13 Sep 2010 11:35:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Dave Mitchell ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/Nzg98jDUMSVXuLYVR6JPnV-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[The WatchGuard XTM 510]]></media:description>                                                            <media:text><![CDATA[The WatchGuard XTM 510]]></media:text>
                                <media:title type="plain"><![CDATA[The WatchGuard XTM 510]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/Nzg98jDUMSVXuLYVR6JPnV-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>With their fire-engine red chassis, you can't mistake a WatchGuard Firebox appliance. The latest to join this family are the new XTM models which aim to offer mid-range businesses a complete yet good value gateway security appliance.</p><p>There are four models in the family and the improved hardware specification is designed to give them a big boost in performance. They are endowed with a 2GHz Intel Celeron 440 processor along with 1GB of DDR2 memory and, for the XTM 510 on exclusive review here, WatchGuard claims a high firewall throughput of 1.4Gbps.</p><p>A feature that gives WatchGuard's appliances greater longevity than much of the competition is that you don't have to buy a new box when the current one runs out of steam. You could start with the entry-level XTM 505 which offers a firewall throughput of 850Mbps and upgrade performance simply by applying a new license. For the XTM 510 it would cost a further 2,365 to turn it into an XTM 520 which would increase firewall performance to 1.9Gbps. When the time comes you could then upgrade it to a full blown 530 and up performance to 2.3Gbps.</p><p>All XTMs offer a single 10/100 port for WAN duties and six Gigabit ports for LAN functions as well as up to five DMZs. The two USB ports at the front are a new feature these let you connect a flash drive and copy the unit's configuration to it for safekeeping.</p><p>For deployment you now have three options as WatchGuard has added a transparent bridged mode to the standard routed and drop-in options. The oddly named FireCluster aims to improve high availability. Previously, you could only run appliances in active/standby mode which is expensive as one does nothing, but you can now run them in active/active mode where load balancing is performed across cluster members.</p><p>With all services activated you get an SPI firewall, deep packet inspection plus support for IPsec and SSL VPNs. These are augmented with anti-virus, anti-spam, IPS and web content filtering. It's certainly a bumper bundle of security measures, but WatchGuard's management process is a strange brew that may not be to everyone's taste.</p><p>At the top of the tree is the WatchGuard System Manager (WSM) which provides a central location for managing and monitoring multiple appliances. Along with this you need to install the WebBlocker, log, reporting and quarantine servers which can be loaded on one reasonably specified system or spread across the network.</p><p>The WebBlocker filtering service is cumbersome as it runs on any Windows system on the LAN for which the appliance proxies all HTTP and HTTPS traffic. After installation you have to manually download the category database. We were gobsmacked to see that WatchGuard still expects you to use Windows' Task Scheduler to automate database updates.</p><p>We had no problems loading all the various components on one Windows Server system. The installation routine also allows you to pick which servers you want, so it's easy enough to load them on different systems. For testing we also opted for routed mode and dropped the appliance in between our LAN and WAN.</p><p>The appliance uses policies created using the separate Policy Manager. Policies determine how traffic is handled and each one contains details of the source and destination networks plus application proxies, packet filtering and custom rules. The proxies are a valuable feature as these provide Layer 7 content inspection, anti-virus and IPS facilities.</p><p>You have a good range of proxies to choose from, including ones for HTTP, HTTPS, FTP, SIP, H.323, POP3 and SMTP. The last two proxies make very light work of controlling messaging as you don't need to provide them with any details about internal mail servers. The Commtouch spamBlocker service is configured from the SMTP and POP3 proxies. We've seen quite a few security vendors moving over to the Commtouch service which isn't surprising as it works extremely well.</p><p>Commtouch spamBlocker works with many ISPs allowing it to passively monitor mail messages and compute hashes for each one. This allows it to identify spam very quickly as it simply compares hashes sent to it from the WatchGuard appliance with its own servers. Messages that trigger a response will receive either a confirmed spam, bulk or suspect message categorisation and you can apply actions such as allowing, tagging, denying, dropping or quarantining.</p><p>WebBlocker actions are configured from the HTTP and HTTPS proxies and you have a choice of over fifty categories to block or allow. With Websense behind the scenes we found performance to be extremely good with it blocking our test clients from all manner of time wasting sites.</p><p>Web filtering gets a boost from WatchGuard's ReputationAuthority service. With information gathered from WatchGuard's global network of appliances, it can determine whether incoming web traffic can be trusted by applying a score to it. You also get the new local override feature where a user can access a blocked site by entering a password.</p><p>The XTM appliances can now be accessed via a web browser which provides configuration access along with monitoring services. However, there is limited access to policy creation and modification as you can't, for example, configure the spamBlocker or WebBlocker functions within the relevant policies. This has to be done from the Policy Manager.</p><p>With only a single XTM appliance on test we found management complex due to the number of utilities and server components that need to be loaded. The WatchGuard System Manager and its associated servers are best suited to handling multiple appliances.</p><p>Nevertheless, the XTM 510 looks comparatively good value especially as the licenses include unlimited users. It performed exceptionally well during testing and the multitude of proxies also makes it very versatile.</p><h2 id="verdict-17">Verdict</h2><p>During testing we found the XTM 510 performed very well with both the WebBlocker and spamBlocker features particularly impressing us. The appliance is good value, performance can be easily upgraded in steps and the myriad proxies allow the creation of very versatile security policies. However, the method of management is best suited to large, distributed deployments of WatchGuard appliances and is too complex for single appliance installations.</p><p>Chassis: 1U rack Processor: 2GHz single core Intel Celeron 440 Memory: 1GB DDR2, 1GB CompactFlash card Network: 1 x 10/100, 6 x Gigabit Ports: RJ-45 serial, 2 x USB Software: WatchGuard and Firebox System Managers plus WebBlocker, Report, Log and Quarantine servers Options: Upgrade from XTM 510 to 520, £2,365 (ex VAT)</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
                                <item>
                                                            <title><![CDATA[ UK sixth lowest for cyber attacks ]]></title>
                                                                                                                                                                                                <link>https://www.itpro.com/624892/uk-sixth-lowest-for-cyber-attacks</link>
                                                                            <description>
                            <![CDATA[ Although the UK ranks fairly well on a global scale, the number of cyber attacks is still significant. ]]>
                                                                                                            </description>
                                                                                                                                <guid isPermaLink="false">qYvqfcgR2YJTYhLeBeQSUZ</guid>
                                                                                                <enclosure url="https://cdn.mos.cms.futurecdn.net/6LehPeWHjC2taJNaCJx2kC-1280-80.jpg" type="image/jpeg" length="0"></enclosure>
                                                                        <pubDate>Mon, 05 Jul 2010 16:29:00 +0000</pubDate>                                                                                                                                                                                                                                <category><![CDATA[Firewalls]]></category>
                                                    <category><![CDATA[Security]]></category>
                                                                                                                    <dc:creator><![CDATA[ Hannah Douglas ]]></dc:creator>                                                                                    <dc:source><![CDATA[ null ]]></dc:source>
                                                                <dc:description><![CDATA[ null ]]></dc:description>
                                                                                                                                <cf:isSponsored>false</cf:isSponsored>
                <cf:hasAffiliateLinks>false</cf:hasAffiliateLinks>
                <cf:isPaid>false</cf:isPaid>
                                                                                                                                <media:content type="image/jpeg" url="https://cdn.mos.cms.futurecdn.net/6LehPeWHjC2taJNaCJx2kC-1280-80.jpg">
                                                            <media:credit><![CDATA[null]]></media:credit>
                                                                                                                                                                                                                                    <media:description><![CDATA[Cyber attacks]]></media:description>                                                            <media:text><![CDATA[Cyber attacks]]></media:text>
                                <media:title type="plain"><![CDATA[Cyber attacks]]></media:title>
                                                    </media:content>
                                                    <media:thumbnail url="https://cdn.mos.cms.futurecdn.net/6LehPeWHjC2taJNaCJx2kC-1280-80.jpg" />
                                                                                                                                                                    <content:encoded >
                            <![CDATA[
                            <article>
                                <p>The UK has come in sixth place in a list countries with the lowest number of attempted cyber attacks, below the likes of India, Germany and Brazil.</p><p>The number of attempted cyber attacks per thousand PCs was 107 for the UK, which has well over 55 million active PCs, according the study released today by SecureWorks.</p><p>This meant there were nearly six million attempted attacks within the country's borders during the time of the study, which began in January of this year.</p><p>SecureWorks, a global information security company, claimed the study showed there were more than a handful of vulnerable computers worldwide.</p><p>"Overall, the study shows that not only are organisations and individuals putting themselves at risk by not securing them, but they are actually providing cyber criminals with a platform to compromise other computers," said Jon Ramsey, chief technology officer for SecureWorks.</p><p>Ramsey claimed the reasons for different numbers of attacks among countries could be due to a country's internet speed or how well ISPs educate and protect their clients regarding security.</p><p>He said protection through traditional methods like firewalls and anti-virus software should be combined with intrusion prevention services, access control and data encryption, among others, to effectively analyse and defend systems.</p><p>"As the use of online banking, shopping, social networking and other sensitive computer activities are increasing in popularity, the basics of computer security must be implemented." Ramsey concluded.</p>
                                                            </article>
                            ]]>
                        </content:encoded>
                                                </item>
            </channel>
</rss>