[Updated Aug. 25, 2004] — Security appliance vendor CyberGuard has begun migrating its operating environment (OE) from SCO Unixware to CyberGuard Linux, rebranding its entire line of firewall/VPN appliances with the new Linux-based V6 OE and encouraging existing customers to upgrade.

According to CyberGuard product manager Andy Tate, CyberGuard will continue to support its Unixware-based V5 operating system for several years. “We're going to continue to maintain that platform for at least two years. We encourage [customers] to move to the new platform, but we will not leave any customer behind.”

Tate notes that CyberGuard's Global Command Center (GCC) does not yet support CyberGuard appliances running V6, meaning that large enterprise customers will be stuck with V5 for a little longer. A version of GCC is expected in November that will support monitoring of V6 devices, remote start-up and shutdown, and even firmware updates. The ability to centrally manage policy and rules on V6 appliances from within GCC will come later, though, according to Tate.

Why Linux?

Previously, the OE in CyberGuard's FS-, KS-, and SL-series firewall/VPN appliances (pictured in stack at right) was based on SCO Unixware version 2.1.3, with security enhancements added by CyberGuard, according to Tate. However, SCO no longer maintains that version of the OS, prompting CyberGuard to investigate moving to an open source operating system. “It was obsolete as far as SCO is concerned,” said Tate. “We've been maintaining it, but we wanted to get out of that business.”

Tate says CyberGuard has spent more than five years working on the V6 platform, which was developed in the company's Ft. Lauderdale headquarters. V6 was initially architected with an OS abstraction layer that made it OS-agnostic. However, according to Tate, “We've now locked it into Linux, because we think Linux is the best horse in the race due to its popularity and the critical mass behind it, and its industry-wide acceptance. We evaluated a number of open source operating systems before choosing Linux.”

Tate denies that SCO's legal adventures against Linux played a role in the decision to move away from the legacy Unix OS.

The move away from Unixware will enable CyberGuard to add advanced, modern capabilities to its security appliances. The company is already working on a Linux-based OE based on a 2.6 Linux kernel, according to Tate, which will add support for IPv6 and could potentially support blade architectures. “We're looking at new high performance architectures that won't be supported in Unixware,” said Tate.

The switch to Linux will also enable CyberGuard to evaluate a much broader range of hardware platforms. The company bases its security appliances on COTS (commercial off-the-shelf) platforms, such as network appliance platforms from Intel.

Product lines rebranded

Along with its move to Linux, CyberGuard has rebranded its “Classic” product line according to the following scheme:

• The “FS” Series devices are now available as the TSP 1000 series, when running Linux
  
• The “KS” Series devices are now available as the TSP 3000 series, when running Linux
  
• The “SL” Series devices are now available as the TSP 5000 series, when running Linux

The “TSP,” or “Total Stream Protection” devices are said to enable user-specific and application-specific security policies. In particular, application-specific policies are designed to guard against infections such as Sobig, MyDoom, and others that operate at the application level. The devices use “contextual aggregation” to assemble packets into session-aware contexts, before inspecting data at “all seven layers” of the OSI networking model, the company claims. It says the TSP devices offer 79 inspection points at the application layer, and 30 at the packet-filtering layer, the most granular inspection available.

Other advanced features include mandatory access control (MAC) and multi-level security (MLS), which “completely insulates” the OE layers used to inspect and transport packets from those that allow the firewall to be configured and managed.

Industry analyst Jason Wright of Frost & Sullivan commented, “CyberGuard's new version TSP series blends positive security model 'known good' application behavior with 'known bad' signatures and 'acceptable use' policies to provide granular application-layer protection.”

 
This article was originally published on LinuxDevices.com and has been donated to the open source community by QuinStreet Inc. Please visit LinuxToday.com for up-to-date news and articles about Linux and open source.