Important Technical Features
Now let's consider the technical features of a security product:
Intrusion detection: Dedicated intrusion-detection systems should be deployed in "bridged" configurations to keep them invisible to traffic, crackers, etc.
Packet filter: By default, firewalls should be set to a policy of "whatever is not allowed is denied." Note that routers deployed as packet-filtering firewalls also fall into this category.
VPN: Finding a good VPN appliance means understanding how it will be used in the enterprise and making sure that it can support many operating systems and variations to ensure enterprise-wide usage. Keep this in mind if you need special VPN client software to connect to your appliance or service.
Proxy server: Proxy servers should be set up so that only limited numbers of TCP/IP ports and IP address ranges are allowed to use the proxy server and can be connected via the proxy server. Keep in mind that a misconfigured proxy server can cause an internal security breach.
Authentication: Use strong authentication methods that can be integrated into the enterprise and tied to any single sign-on systems that already exist. Challenge-response systems such as SecureID, Crypto Card, and S/Key can go a long way toward preventing brute-force attacks and users with weak passwords becoming a security issue.
NAT/PAT: Support for NAT and/or PAT can help by creating DMZs that can be managed very easily using this method.
URL filter: A URL filter can assist with preventing access to or from URLs that have unwanted content, or prevent an outsider from seeing internal content.
Virus scan: Doing a virus scan at the network edge or at a chokepoint can prevent intrusion of viruses. In the event that an internal system is infected, virus scans can keep the infection from spreading inside or to the outside of the enterprise.
Penetration testing: Penetration testing systems and applications are usually run outside of an appliance. If you can find an appliance or vendor that can do penetration testing from the outside and vulnerability testing from the inside, that's a valuable feature to have at your disposal.
Packet sniffer: Having the ability to capture arbitrary traffic for analysis is a definite plus for network troubleshooting and locating rogue traffic, such as unauthorized VPNs, tunneled traffic, unauthorized wireless access point(s) and ad hoc wireless installations, and unauthorized protocols in tunnels.
Email content filter: Depending on the needs of your organization, you may want to filter inbound and outbound email for content to prevent unauthorized disclosure of information, for archival purposes, or for other reasons. This can be done inside your MTA, or it's possible to find an appliance or service that can do this for you. Make sure that you're aware of any laws that may govern your use of this kind of feature.
Number of supported hosts, dial-up backup, GigE support, IPv6 support, wireless support: Try to find an appliance or vendor that will support various configurations, including modem/ISDN communication fallback for circuit outages, Gigabit Ethernet (GigE), and/or fiber-optic connectivity; wireless 802.11x support; and IPv6. Keep in mind that a properly segmented network/WAN/LAN configuration lends itself to all of the above. It's also important to make sure that your appliance or service can scale to your needs. Determine the number of users, servers, and devices that will be using your network, do a future forecast of how much that number will grow, and make sure that the future number can be supported.