If you've read Laura Taylor's Read
Your Firewall Logs! then you understand just how important it is to
review your firewall's logs on a daily basis. Unfortunately, firewall
logs can be cryptic and very difficult to analyze. There are a number
of firewall reporting products on the market that attempt to address this
problem, however one particular product recently caught our attention.
Unlike many of the other firewall reporting products on the market, Stonylake
Solutions' InsideOut Firewall Reporter is truly useful. InsideOut
reports the same basic type of information as most other firewall reporting
software, but does so in a manner that's surprisingly easy to comprehend.
the summer of 2000, Blair Robert (Founder Nevada Learning Series)
and Pradeep Pathade (former CTO of Nevada Learning Series) decided that
they were frustrated with other firewall reporting tools and needed to
develop a product that addressed the shortcomings of the firewall reporters
that were presently on the market. The duo formed Stonylake Solutions
and their dreams were realized in July of 2001 when they released the
first version of InsideOut.
first feature that makes InsideOut so unique is its accessibility. InsideOut
works on both Windows and Linux servers, and the reports
are Web accessible. InsideOut allows you to view real-time firewall statistics
through a Web browser from anywhere in the world. To showcase this functionality,
Stonylake Solutions has placed a live demo of InsideOut on their Website
(www.stonylakesolutions.com). This demo allows you to see firsthand exactly
what the InsideOut experience is like.
Web accessibility is nice, InsideOut's best features by far are the reports
that it generates. From the beginning Stonylake Solutions realized that
traditional firewall reports tend to be difficult to read. Often an experienced
IT professional will have to take special training just to be able to
understand what the reports are telling them. Even after attending such
training, the process of deciphering the reports tends to be very time
Solutions took a different approach though. They decided to develop a
firewall reporting product that was so easy to use that it could be used
by non IT people, with absolutely no training -- quite an accomplishment
for a firewall reporting product. With InsideOut, you can tell at a glance
exactly what's going on with your firewalls, rather than having to spend
hours going through the logs. You can see an example of one of InsideOut's
firewall reports in Figure 1.
1. InsideOut makes firewall reports that are extremely easy to read.
here for larger version
because InsideOut makes it easy to read the reports, it doesn't mean that
it sacrifices performance. InsideOut contains 10 major reports and is
capable of generating over 150 other types of reports. As you look through
the various reports, InsideOut's powerful navigation and drill down capabilities
make it easy to quickly access more detailed information about your firewall.
Additionally, the software contains hacker alerts that not only tell you
who's persistently chipping way at your firewall, but it will also notify
you if your specified refusal threshold is being threatened.
way in which InsideOut distinguishes itself from other firewall reporting
solutions is that it is the only firewall-reporting product on the market
that offers ad hoc, or on the fly, reporting capabilities. This means
that you can easily examine your firewall on a whim. This makes InsideOut
very useful for both forensic investigations and for simple connection
great thing about InsideOut is the price. At the time of the review, the
standard version was selling for $175, and the professional version cost
Next For InsideOut?
It seems obvious that InsideOut is setting a new benchmark for firewall
reporting. Even so, developers at Stonylake Solutions are already looking
to the future. Future versions of InsideOut will include features that
make the software even better than it already is.
of the first things that Stonylake Solutions plans on doing is expanding
the InsideOut firewall compatibility list. At the time that this review
was written, InsideOut only supported Check Point's Firewall-1, Cisco's
PIX firewall, NetScreen and BorderWare. However, in the
very near future, InsideOut will support other firewalls including Stonegate,
Raptor, Cisco IOS, Gauntlet, and Microsoft's Proxy
thing that Stonylake Solutions plans on doing in the near future is releasing
firewall specific versions of InsideOut. For example, in the future there
will be a version of InsideOut that's specifically designed for Cisco
firewalls, and another version that's designed specifically for Check
Point firewalls. The advantage to producing firewall specific versions
of InsideOut is that presently, each firewall manufacturer uses a different
set of codes to report on various events. By creating firewall specific
versions of InsideOut, it will be possible for the software to report
exactly what's going on with the firewall. For example, rather than simply
reporting that your firewall is being attacked, InsideOut will be able
to tell you exactly what type of attack is being attempted.
another way in which Stonylake Solutions plans on improving InsideOut
is by offering an enterprise edition. Presently, you must run a separate
copy of InsideOut for each firewall that you're running. Stonylake Solutions
recommends that each copy run on a dedicated server, although the server
can be a small one. This technique works well for companies that only
have one or two firewalls, but having software distributed across multiple
servers can cause management headaches for larger companies. The enterprise
edition will allow administrators to manage InsideOut through a single
server. As the enterprise grows, administrators simply need to acquire
additional InsideOut licenses.
In our opinion, InsideOut is an extremely effective firewall-reporting
tool that is well worth its nominal cost. As the product matures, we expect
to see InsideOut become a major contender in the firewall reporting market.
is Relevant Technologies' Vice President of Research and is a Microsoft
Certified Systems Engineer (MCSE). Mr. Posey is an award winning technology
author, and has published over 2000 articles for a variety of web sites
and printed publications including ZDNet, TechRepublic,
Microsoft's TechNet Portal, and Windows 2000 Magazine.
you're interested in acquiring a copy of InsideOut, or would like to know
more about it, you may contact Stonylake Solutions directly through the
contact information shown below:
P.O. Box 69102 12 St. Clair Ave East