A new product introduced last month at the RSA Conference 2001 in San Francisco by 3Com Corp. and Secure Computing Corp. aims to halt, or at least deter, network mischief carried out by insiders.
San Jose, Calif.-based Secure Computing has created a special version of its Sidewinder firewall technology that will reside on firmware on 3Com Ethernet network interface cards (NICs). These are the devices that plug into servers and client PCs and connect users to network servers through an Ethernet switch or hub.
The new network card will be called the 3Com Embedded Firewall and will be available from Santa Clara, Calif.-based 3Com in the third quarter, according to a joint announcement made by the companies.
At the same time, 3Com plans to market a special server that network managers can use to set security policies by sending instructions over a network to firmware in the network cards, a company spokesman said.
The ability to set security policies on the firewall built into the network interface card is what makes the new 3Com product different from similar products that simply encrypt data, according to Steve Hunt, vice-president of security research at Cambridge, Mass.-based Giga Information Group Inc.
Encryption just scrambles traffic sent across a network channel, Hunt said. The firewall technology in the new 3Com network interface cards enables network managers to push global policy settings to all such cards.
For example, a network manager can set policies that deter unauthorized network monitoring (sniffing) or the use of fake addresses for denial-of-service attacks (spoofing).
The technology would also let network managers specify policy by individual card, such as disallowing file transfer protocol usage on a specific server.
Michael Stark, a senior systems consultant at FleetBoston Financial Corp. in Boston, said the idea of a firewall on a network interface card is new to him. “But it actually seems like a great concept,” he added.
Stark said he is concerned, however, that the new card could slow down network throughput even though the 3Com device has an onboard processor.
Jerald Squires, security administrator at the Maryland Department of Transportation in Glen Burnie, Md., said a firewall on a NIC might make it easier to protect and administer PCs used by remote workers.
Squires said that his agency currently has remote users whose PCs are protected by personal firewall software but that it’s difficult to enforce a security policy on those PCs, because users can change firewall settings.
Although 3Com said the street price of a network card for a desktop PC would be a modest US$80, Hunt said that doesn’t spell immediate adoption of the new technology. Most companies buy their PCs with the cards already installed and replace them only every three or four years, he noted.
For more information, see 3Com on the Web at www.3com.com.