Symantec provides secure environment on insecure machines

Published 8 February 2006

Santa Monica, California-based Symantec is moving into a number of advanced forms of firewalls and security solutions which have been made possible by the continued increase in computing performance to cost ratio. Don Ng, Symantec’s regional field director for Symantec Gateway Security, told the Asia Security 2006 conference in Thailand that one of the biggest changes in 2006 will be a rethinking of firewall architecture due to affordable computing power and a move to push secure channels out on to insecure platforms. Today, more and more people are doing online banking at home, but traditional paradigms of security assume that the client’s PC is secure, that it does not possess any back doors or Trojan keyloggers. Such security is far from certain when people use e-banking facilities from public access Internet kiosks and cafes.

This is where Symantec comes in, offering Security on Contact, a solution for banks that use applets to provide a secure environment on an insecure machine. What helps in this are changes in firewall architecture. Companies typically use a two-tiered firewall solution with a basic level 3 or 4 firewall facing the Internet, which does preliminary screening, preventing known patterns and port attacks from getting through. The packet would then be sent to a level 7 (application-level) firewall which looks not just at the origin/speed/port of the incoming data, but also inside the packet and thus can filter out attacks on a more detailed level. Today more companies are choosing to put a level seven firewall up directly facing the Internet — and this is made possible by increases in CPU speeds.

Symantec’s new solution is designed to fail-secure to prevent people from trying to break the firewall itself, while at the same time the solution can be run on grid servers so that a hardware failure does not shut down the organization’s connectivity.

-read more in this report