A hardware firewall you take with you
- By John Breeden II, William Jackson
- Jun 01, 2005
ZyXel device is the size of a PDA and easy to set up
The ZyWall P1 provides firewall and VPN protection for wired systems and fits in the palm of your hand.
You've no doubt heard that sometimes good things come in small packages, but a hardware firewall that fits in your palm? Intriguing.
ZyXel Communications Corp. of Anaheim, Calif., recently introduced just such a security appliance intended to keep mobile users behind an enterprise-class security curtain on the road. The $245 ZyWall P1 Personal Internet Security Appliance includes a stateful packet inspection firewall and an IP Security protocol virtual private network. It has 10/100 Mbps Ethernet WAN and LAN ports, yet measures just 3-by-5 inches and weighs 4.5 ounces.
'It's a small hardware-based appliance designed for mobile users,' said product manager John Castraje. 'You're moving the functionality off the PC and it can be centrally managed.'More than a cute gadget
Given that many hotels now offer broadband connections, and the fact that many government employees are encouraged to telecommute at least one day a week, a portable firewall is a great tool to have in your protective arsenal. Just because your room at the Hilton has a broadband connection doesn't mean it's completely secure, and if all you've got at home is a broadband modem, a hardware firewall is almost a must.
The ZyWall P1 can draw power directly from a USB port or through a bundled AC adapter plugged into an outlet. This is the first device we've seen that uses Ethernet exclusively for data and a USB cable to provide power. The company originally considered using a USB data interface, but throughput and driver issues sold them on using an Ethernet connection. Whatever the case, being able to leave the AC adapter behind is a plus. The USB power option worked fine in all our testing. Just don't hook up the USB cable and AC adapter at the same time.
Because Ethernet requires no driver, the ZyWall P1 will work with Macs, PCs or Linux clients. At its basic level, the ZyWall P1 provides firewall protection. If a hacker can get to the device via an IP address, they will simply find a box with no executable code to manipulate. This step alone eliminates most Internet-borne attacks such as device overflows. You can also optionally block Java, Active X and even cookies.
Future releases of the P1 are expected to include antivirus protection, spam blocking and intrusion protection, taking almost all security functions off the computer. The downside to this is that an appliance on a network connection does not protect against infections through disks, flash drives or connected devices. You'd need host-based software for that. But most malicious software today is delivered via network, and the appliance will stop the outbound spread of viruses from an infected computer.A whole VPN in your hand
In addition to a firewall, the ZyWall P1 provides a VPN connection back to your main office using 256-bit Advanced Encryption Standard encryption. If you've ever tried to set up a software VPN, you probably spent at least an hour trying to get the configuration right. The ZyWall P1, we found, is nearly plug and play. The easiest way to get up and running is to first connect the device into your host network and use the browser interface to configure it. It can be managed using H
TTP, Secure Shell (SSH) or Telnet.
Once you've set up the VPN, the device will remember your settings. When we deployed it at a remote location, it quickly established a VPN connection back to the GCN Lab network, which let us securely manipulate files and work as if we were in our D.C. office.
When using the VPN you're restricted to 30-Mbps throughput, which is more than fast enough to accomplish most tasks other than copying huge files. If you're just using the firewall, your maximum throughput jumps to 80 Mbps. We noticed occasional performance hiccups, but they seemed more likely due to Internet connection issues than ZyWall problems. As long as you have a good broadband connection, you shouldn't see any slowdowns.
The ZyWall P1 is an economical solution to a potentially costly problem'mobile computer security. Given the constant Internet-borne security threats we deal with everyday, it's a worthy addition to any mobile worker's notebook carrying case. And it can also provide a low-profile way of locking down unsecured remote desktops.
John Breeden II is a freelance technology writer for GCN.
William Jackson is freelance writer and the author of the CyberEye blog.