Full Text

InfoExpress CyberArmor Suite Enterprise Personal Firewall 1.1

Of our tested software, only InfoExpress' CyberArmor Suite Enterprise Personal Firewall 1.1 seemed truly ready for deployment on remote-user machines, since it's the only one that generates ID numbers for policy files and tracking purposes. The other products rely on network settings and are therefore better suited to internal LAN use. CyberArmor also can be configured to maintain different policy files for various environments-a very convenient feature if you wish to have a different set of firewall rules take effect when, for example, the user is making a VPN connection as opposed to a normal Internet connection.

The CyberArmor Suite comprises four components: The CyberArmor client is installed on each remote PC. CyberServer records alarms and status notifications from CyberArmor-equipped computers and allows that information to be viewed via the third component, CyberConsole. Finally, Policy Manager enables policy files to be created and published to the Web server.

In our tests, initial setup and deployment were painless. Policy Manager comes with a default policy file that creates three networks for you-- corporate, Internet and VPN. Many standard Trojans are filtered out in the default policy file.

CyberArmor outscored the other tested products in protection capabilities. It supports inbound and outbound port filtering, and ICMP blocking and application control.

CyberArmor uses Perl-style regular expressions to block or allow programs by name, wild-card or command-line arguments. You can also block programs spawned by other programs. For example, you can block all .vbs files executed within Microsoft Outlook Express but let them run if Qualcomm Eudora spawns them. The policy file comes preconfigured with common Trojan names, so it caught the default Back Orifice file. We didn't see any automatic updates of the Trojan names, but because the names are stored in a policy file, adding new fingerprints manually shouldn't be too difficult-- as long as you know what to look for. Unfortunately, there's no guarantee that Trojans will be caught. For example, renaming Back Orifice foobar.exe allowed it to run. Nmap was unable to return an OS fingerprint but listed most TCP ports as filtered...