« Previous 1 2 3 4 5
New versions of the Endian and Sophos UTM solutions
Warhorses
Web Application Firewall
The Web Application Firewall (WAF) in the Sophos UTM Firewall provides an Apache web server-based reverse proxy to protect its own web server against SQL injections, cross-site scripting attacks, and other web-based attacks. Furthermore, it scans connections to the web servers in both directions for viruses and blocks clients with a bad reputation. In version 9.2, WAF also gets a new engine and a new pattern recognition feature, which Sophos promises to update continuously via Up2Date.
The new version of Sophos additionally extends the maximum file size for uploads from 128MB to 1GB. Also new is a function for reverse authentication. The Web Application Firewall then handles authentication for web applications, to protect the latter. After successful authentication in basic or form mode, the firewall then passes on the results to the configured back-end servers. This function is clearly targeted at customers of the now-defunct Microsoft TMG (Threat Management Gateway) product, which offered similar functionality.
Conclusions: Sophos UTM 9.2
The new version of Sophos sets standards in the UTM landscape in terms of functionality and usability. New features, such as two-factor authentication and SPX encryption, have been at the top of customer and partner wishlists for some time. Botnet detection, advanced threat protection, and the new DLP functions help Sophos make life a little easier for security admins. These requirements are part of everyday life in medium-sized companies and can be quickly and easily implemented with version 9.2. It's a pity, however, that the DLP functions so far only protect email messages against accidental and deliberate information leakage. A function that also searches outgoing HTTP(S) connections for sensitive data and blocks messages where appropriate is still missing.
Something for Everyone
The new versions of the Endian and Sophos UTM firewalls provide much that is new. With the HTTPS proxy, the revised VPN GUI, application identification, and the new ntopng
live network monitoring, Endian catches up to other providers. Sophos is again innovative in this price range with two-factor authentication, SPX email encryption, botnet detection, and optimized WAF.
Whether you prefer the feature-rich Sophos UTM or the leaner Endian firewall depends not only on your own individual security requirements, but also on the type of deployment – physical or virtual. Endian offers support for VMware, Xen and KVM; Sophos additionally supports Microsoft's hypervisor Hyper-V.
Infos
- Endian Essential Firewall: http://www.endian.com/us/community/download/efw/
- Endian sales query: http://www.endian.com/us/how-to-buy/sales-inquiry/
- Sophos UTM Home Edition: https://secure2.sophos.com/en-us/products/free-tools/sophos-utm-home-edition/download.aspx
- Sophos UTM Essential Firewall: https://secure2.sophos.com/en-us/products/free-tools/sophos-utm-essential-firewall/download.aspx
- Advanced Exploitation of Xen Hypervisor Sysret VM Escape Vulnerability: http://www.vupen.com/blog/20120904.Advanced_Exploitation_of_Xen_Sysret_VM_Escape_CVE-2012-0217.php
- Virtualization vulnerabilities related to hypervisors: http://cybersecurity.mit.edu/2013/10/virtualization-vulnerabilities-related-to-hypervisors/
- IBM X-Force 2010 Mid-Year Trend and Risk Report: http://public.dhe.ibm.com/common/ssi/ecm/en/wgl03003usen/WGL03003USEN.PDF
- ntop: http://www.ntop.org
- Sophos feature requests: http://feature.astaro.com/forums/17359-utm-formerly-asg-feature-requests
- Sophos UTM downloads: ftp://ftp.astaro.de/pub/UTM/v9/
- Google Authenticator: https://support.google.com/accounts/answer/1066447
« Previous 1 2 3 4 5
Buy this article as PDF
(incl. VAT)