F5 rounds out feature set on SSL VPN

F5 Networks Inc yesterday announced the June availability of FirePass 5.0, the next version of the SSL VPN system it acquired when it bought uRoam Inc last year, and promised a raft of new security and interoperability features.

Some of the upgrades represent F5 playing catch-up on the competition, while others, such as the ability for the devices to grant full network access to any IP application on Linux and Mac clients, seem to be unique to F5.

The company has also made FirePass part of its iControl strategy for the first time. It has opened an API that will allow developers to have their applications launch SSL VPN tunnels to the FirePass gateway, so users are not required to log on separately.

The gateway itself has had layers of attack prevention added so it can now detect incoming cross-site scripting, SQL injection and buffer overflow attacks, according to director of product management Dore Rosenblum

Because SSL VPN gateways can be accessed from essentially any computer, client security risks are often cited as their main drawback. So F5 seems to have done a lot of work on the client security side, including policy compliance.

It’s currently fashionable with SSL VPNs to permit some kind of host integrity checking before granting application or network access. This usually means checking whether antivirus or other security software is installed and running on the access device.

In current versions of FirePass, this component can only check endpoints for running processes but in version 5.0, it will be also able to look for registry entries and other information when constructing compliance profiles, Rosenblum said.

In the forthcoming 5.0, of the antivirus software on the market only is supported on the very granular level that detects versions and definition levels, which put F5 a little behind the competition. But Rosenblum says the firm intends to support more in future.

The new FirePass will also be able to allow partially compliant endpoints to access only quarantine networks, where they can download whatever is needed to become compliant, for the first time. Previously, the devices could only make allow/deny decisions.

Also new is Protected Workspace, in which each VPN session is carried out in a protected area of the disk and all the temporary files are cleaned after the session ends. This is not unique to FirePass.

What is unique, and patent-pending, is a new password-entry interface designed to evade keystroke loggers. The Virtual Keyboard makes users click each letter of their passwords on a graphical keyboard that moves around on the desktop after each click.

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

Sign up for our regular news round-up!

Sign up for our weekly news round-up!

Sign up to the newsletter: In Brief

I would also like to subscribe to:

Thank you for subscribing