I'll start with the disclosure: I don't work for SCC, tho' I do have
several
school friends who do...
I've been running Sidewinder versions 2.2 and 3.0 for about a year now.
I was responsible for the selection of our Internet firewall, and chose
Sidewinder because of the "type enforcement" (which prevents hostile
processes from accessing files or memory or any of those other bad
things), because changes to executable code on the system are
forbidden when the network connections are live, and because there's
no all-powerful "root" account on the system despite its being a
modified
BSD UNIX. None of the other commercially available application proxy
firewalls have security features this strong built into the operating
system
(at least, not that I was able to identify during my product review!).
The initial installation of the 2.2 software was pretty ugly, due to the
complexity of our corporate network and our struggle with getting
exactly the right hardware components. However, throughout the
installation and, in fact, throughout our work with SCC, we've found
the technical support staff and developers to be tremendously
helpful. None of my outstanding support issues have "out-stood"
more than a couple of days. Our PC environment provides plenty of
opportunity to stress our suppliers (we've got an internal network
with over 2000 Win95 PCs and servers ranging from NT to an IBM
SP2, with lots of VAXen thrown in for good measure), and SCC met
the challenges head-on.
As the person responsible for integrating firewall security into all
of Cerner's network applications, I'm a lot more productive thanks
to the robustness of the Sidewinder and the solid relationship I have
with Secure Computing.
(Honest, they're not paying me for this.)
I'm not quite as familiar with the 3.0 software, having only installed
it
last week, but it appears to have a much more flexible User/Groups
mechanism. My only qualm at the moment is that I've got two boxes
with pretty complicated user access rules and access control lists,
and at this time I have no idea of how to port that information into the
upgraded system.
I considered the Gauntlet system in my initial product review, but a
couple of the executive level requirements for the Internet firewall
(read: non-technical) precluded its use. I was able to directly compare
the Sidewinder with the Eagle system, the Digital Firewall (don't know
if that's still its name) and IBM's product -- none of these three had
such good OS-level security as the Sidewinder did.
Tina Bird
UNIX System Administrator
Cerner Corporation
|
|
