The array of Internet firewalls continued to widen last week as Morning Star Technologies, Inc. and Sterling Software, Inc. offered new products to protect corporate networks.

Sterling Software's Connect:Firewall gateway and Morning Star's SecureConnect firewall router embody differing approaches to Internet security, but each boasts a reasonable price tag for the features it offers.

Connect:Firewall costs just under $19,000, while the Morning Star SecureConnect router costs up to $5,000. Internet provider Performance Systems International, Inc. last week said it bought $2 million worth of the SecureConnect firewalls in order to provide a leased firewall service for only $250 per month.

Connect:Firewall

Sterling Software's Connect:Firewall, a Unix-based application-layer firewall, permits incoming and outgoing access to the Internet by specific application and time limits as defined by a systems administrator. The firewall gateway can be set up to automatically encrypt TCP/IP packets between sites, maintain audit logs of connections and supply real-time alert notifications via pager when hackers attempt intrusions.

Its management system allows an administrator to set up usage parameters for firewalls at remote sites. With the Configuration Validation Toolkit, security administrators can generate automated systems tests and reports.

For its firewall users, Sterling Software also runs a "firewall boot camp," a free week-long training session to inform companies how to use the firewall and develop a corporate security policy, said Thomas Clare, Sterling Software's marketing manager of its communications software division.

Stephen Perkins, president of the division, said Sterling Software developed Connect:Firewall for its own use when the company decided to give up leased T-1 lines between remote offices in favor of Internet connections.

"We had T-1 lines going to all parts of the globe," Perkins said. "But when we looked at the costs involved, we realized that to really save money, we had to use the local IP provider."

Sterling Software, with more than 75 offices worldwide, now has 38 Internet gateways to the corporate TCP/IP network. The company estimates that it is saving about $10 million per year by using the Internet instead of T-1 lines.

SecureConnect

In a somewhat different approach to Internet security, Morning Star is offering a network-layer firewall that can be set up to only allow data to flow between specific IP addresses in encrypted form. Dave Ford, Morning Star's chief executive officer, said the SecureConnect firewall works with an Authentication Server that challenges remote users to prove their identity before network entry through handheld authentication devices from CryptoCard, Inc. and other token manufacturers.

Like the Sterling Software product, Morning Star's firewall provides an audit trail and alarm surveillance. John Pescatore, an analyst with Falls Church, Va.-based consultancy IDC Government, said there are more than 30 firewall products on the market today, but since many are hard to install and maintain or are unstable, only about 13 really meet the needs of businesses.

IDC Government, which evaluates all new products, will be testing the Sterling Software and Morning Star firewalls, as well. While "new" is not an advantage in the security field, where equipment is judged according to a timeworn ability to withstand real-world attacks,

SecureConnect and Connect: Firewall both offer end-to-end encryption and audit support, which are basic necessities, according to Pescatore.

Before purchasing a firewall, each company should critically evaluate its own technical savvy in security, he emphasized.

Technically strong organizations might devise their own firewall from freeware, while organizations with average technical support might buy hardware and software appropriate to their specific needs and the importance of the data to be protected.

Companies with little technical expertise should consider a firewall service.

Morning Star: (614) 451-1883; Sterling Software: (214) 868-5000.