Linux Today: Linux News On Internet Time.

The Phoenix Adaptive Firewall - Security Through Obscurity?

Dec 10, 1999, 05:41 (3 Talkback[s])
(Other stories by Emmett Plant)

By Emmett Plant
Editor, Linux Today

The Linux community is filled with people who do security for a living, and protect their networks with invaluable tools like ipchains. On December 13th, these people will be given a free opportunity to put another firewall solution through its paces.

That's when Progressive Systems, Inc. will start giving away a personal use version of its Phoenix Adaptive Firewall. According to Progressive Systems, Phoenix is the first Linux firewall to be certified by the International Computer Security Association (ICSA). Progressive claims that the level of session support in the fully-featured firewall allows it to secure desktops, home networks, or low traffic servers. Beginning December 13, the software can be downloaded from a variety of sites, including Progressive's home page, http://www.progressive-systems.com.

According to Alex Hutton, Director of Sales and Marketing at Progressive Systems, the 'personal use' version is only good for two 'user' connections, and is basically just a tool to see how well it will hold up. Hutton suggested that it will do well for people with small home networks.

The fact that Progressive's firewall is ICSA-certified will be important to some people in the purchasing seats at large companies, but their current stance on Open Source and security-through-obfuscation may not hold water with many seasoned Linux administrators.

"As a security-focused company, we have to put the concerns of the corporate user over the concerns of the open source ideal. If we could get 99% of our users to upgrade to every patch, that would be ideal and attractive to us, but patch rates aren't near that sort of return," said Hutton.

It seems that Progressive's biggest concern is that of inherent security, and when queried by Linux Today, Hutton alluded to several cases in which Apache and Sendmail were causing security holes, and that patches had been made available for the system, but 70% of the installations never set up the patch. To Progressive, opening up the source code would mean constant checking, re-checking and patching, and that would mean that customers would face a major security risk in the meantime.

While the personal use 2-user connection limit version will be free, the standard version sells for $2995 with no connection limits. SmartGate VPN from V-ONE is also available as an extension to the Phoenix Adaptive Firewall.

Progressive Systems has no plans to Open Source the firewall engine due to support issues and encryption laws, but they may Open Source some of their other software technology, which is a step in the right direction. Another good thing is that they're not jumping on a Linux bandwagon; Progressive has already been in the Linux and UNIX business for quite a while.

"We chose Linux not for the 'hype engine', but for the facts that Linux is fast and stable, and made our solution value competitive with NT firewalls," said Hutton.

For more information, visit the Progressive Systems Web site.