SOHO 6 delivers wireless security
- By Paul Ferrill
- Jan 15, 2004
Wireless access points and DSL connections are essential elements of the telecommuter's dream. But that dream could easily turn into a nightmare without the proper security measures. Although there are a number of companies -- such as Linksys, a division of Cisco Systems Inc., and Netgear Inc. -- that offer low-cost wireless access points, few have the top-notch security features found in WatchGuard Technologies Inc.'s Firebox SOHO 6 Wireless firewall and virtual private network.
Firebox SOHO 6 Wireless conforms to a number of security standards. The firewall has an stateful inspection packet filter approved by the International Computer Security Association and IPSec 3DES 168-bit encryption. Although the default wireless configuration does not enable any security features, you can configure the device to require wireless clients to connect using the multiuser VPN software. You can log security events to a WatchGuard Security Event Processor or a syslog host, which makes it possible to remotely monitor the device for potential problems.
The WatchGuard LiveSecurity Service delivers security alerts about news, information and events that could affect the company's products, but you have to pay for the service after the first 90 days.
The optional WebBlocker service blocks access to certain Web sites. A list of potentially objectionable sites is organized into categories and maintained by a company called SurfControl. A one-year subscription for the service costs between $29 and $39 per machine, depending on how many licenses you buy.
I really liked the Web-based interface for the SOHO 6. Configuration options are easily accessible from the various administration Web pages. A View Configuration File option lets you see the contents of the file in a text page for easy printing. The only thing missing is the ability to save the file for backup purposes.
Administrators employing the Firebox SOHO 6 Wireless for small, remote offices will appreciate the fact that WatchGuard sells separate VPN Manager software for remotely managing SOHO 6 via a VPN connection from their Firebox II or III box.
Physical connections to the box include a four-port 10/100 Ethernet hub, a single Ethernet port for connecting to the external network or the Internet, and two 5dBi antennas. Other features include an external reset switch and power connector. On the front are LED indicators for power, port and wide-area network activity. A status indicator lights up when a management connection is in use, and an alert indicator blinks to signal an unauthorized connection to the SOHO 6's wireless port.
The firewall's default settings block all incoming services and disable the DMZ pass-through feature. System security is also disabled by default, meaning any computer on the trusted network can access the configuration Web pages. Enabling system security requires an administrator user name and password for future access.
The rest of the configuration options are fairly standard, including the ability to designate a range of IP addresses that will be assigned by the built-in Dynamic Host Configuration Protocol server, static IP addresses for designated computers and external network information such as details on the Point-to-Point Protocol over Ethernet connection. You also have the ability to disable traffic between the trusted network and the wireless network if you wish to keep them separated.
We found upgrading the firmware to be a simple process. WatchGuard distributes the upgrade as an executable file or a smaller flash memory file that must be installed manually. We were able to run the executable file and upgrade the firmware in a matter of minutes.
The latest firmware update (Version 6.3) from WatchGuard adds the ability to bridge the wireless local-area network with the four-port switch and assign IP addresses in the same subnetwork if needed. It also includes a client mode for linking two SOHO 6 devices without enabling other wireless clients to connect.
Overall, Firebox SOHO 6 really shines when it comes to security features. However, those security features come at a price significantly higher than some of the low-cost options on the market. Although you won't be able to take advantage of the faster 802.11g wireless cards with this product, you will be able to sleep better at night knowing that your wireless network has been secured by the strongest security practices available for this type of network.
Ferrill, based in Lancaster, Calif., has been writing about software for 15 years. He can be reached at [email protected]