|
||||||||||||||||||||||||||||||||||
|
||||||||||||||||||||||||||||||||||
Home owner A decides he will protect his property by surrounding the perimiter of his lot with a brick wall. Not a bad idea at first glance. His house is certainly protected. Homeowner B decides he will protect his property by getting a guard (sentry):
So far, so good. Both solutions seem to do the job. BUT here is where some problems arise. Homeowners A & B both like pizza. They want it delivered. Both also want their mail and newspapers delivered. As well as garbage picked up. And so on. These are all services desired by both families. And it just so happens that each service in this town requires its own unique entrance into the property. As a result, here is what we have after permitting such access:
Home owner A has had to essentially "punch holes" in his brick wall to give various wanted services access to his property. Home owner B, however, has only had to tell his sentry which services are desired. Once instructed, the sentry will permit access to those authorized and deny all others. And there is more!The sentry employed by home owner B is also quite clever and fast. As instructed by home owner B, the sentry has setup various trip wires ("triggers") in some of the windows....windows which the homeowner never intends to use. When an intruder tries to gain access through one of these booby-trapped windows, the sentry is alerted. The sentry then immediately catches the intruder, escorts him off of the property, and bans him from further access. For all others, however, the property can be accessed as if nothing had happened. The Importance of Payload InspectionThere is one additional feature of IPNetSentry which is not available in any other firewall product for the Macintosh: payload inspection (also known as packet inspection). Here is where this is important. Say you are running a web hosting server. Because you are running a server, you will want to permit incoming connections, typcially on TCP Port 80 (the standard port for web servers). With a typcial firewall, you will simply add a "Pass" filter for ALL datagrams coming in where the destination port equals 80. BUT do you really want to permit all such datagrams? Not really. There are worms out there which specifically target web servers (Nimda, Code Red, etc.), hence you would like to inspect the incoming datagram destined for your server BEFORE granting access. A normal firewall has no way of doing such payload inspection. It is as if the firewall sees that the delivery is from the pizza guy, but never bothers to look in the pizza box. But IPNetSentry can "look into the pizza box" making sure what is being delivered is what is wanted. By doing so, IPNetSentry can uniquely detect and stop Nimda, Code Red, File Maker Pro Hacker access attempts before these datagrams even reach your server(s). These are the main differences between IPNetSentry and other Macintosh firewall based products. The differences are significant.
You might be asking "But wait...firewalls are well known as security products. Even Sustworks IPNetRouter has firewall capability. So why this different approach with IPNetSentry?" The reason for the different approach has to do with the number of machines being protected by the security agent. Firewalls are designed to protect several machines on a LAN (local area network) which is connected to the Internet. They give a network administrator complete control over what Internet services are available from the outside world and who can access these services. For such situations it often makes more sense to have a single administrator setting up a firewall than it does to have everyone on the LAN doing their own thing (especially when it comes to "punching holes" in a firewall...imagine what a mess this could become). For the single machine user, however, a firewall is most often overkill. It can actually become more of a burden to administer than it is a benefit. Hence IPNetSentry: Simple and intelligent security for your Macintosh.
|
|
|||||||||||||||||||||||||||||||||
© 2000-2003 Sustainable Softworks Privacy
Policy Contact
Us |