Check Point Integrity 6.5

End point security (EPS) may be all the rage this year, but firewall maestro Check Point has been in this game longer than most thanks to its acquisition of Zone Labs a couple of years ago. It was particularly after the Integrity component, which Zone Labs developed to provide centrally managed security for end points.

Integrity provides a personal firewall client that includes anti-spyware tools, intrusion prevention, application controls, anti-virus scanner verification and management of IM services. Along with the TrueVector policy analysis service, the client also uses a system driver that protects the client when Windows isn't loaded.

All client activity is managed from a central Integrity server, which requires an existing DBL2, SQL or Oracle database, or it can use its own built-in database. It controls all client activity with policies that can be based on their physical or logical location and the type of connection such as a VPN or a wired or wireless link. Installation is a swift affair, and we had the server up and running with its default database in a matter of minutes. The client can be located in a shared location for pull installations, or the MSI package can be pushed out with an appropriate network-management tool. Note that to block access to systems that don't have the client installed, you must be using 802.1x port-based authentication.

Policies contain zones that identify specific types of networks. Your internal network would be declared in a trusted zone, while untrusted zones contain all your no-go areas. Anything in between can be placed in a special internet zone if required. The clients use a heartbeat to keep in touch with the server, and if disconnected can use a different policy that determines what they can access and how they're protected.

Policies can contain custom firewall rules and you can decide what applications may be run locally. Specific applications can be stopped from running, and we successfully tested this with a number of programs that were terminated by the client policy the moment we loaded them. Malicious code in web, mail and newsgroup traffic is monitored and handled by SmartDefence, which can terminate a suspect application. Enforcement rules check for specific application versions, filenames or service packs and if the Integrity client needs to be upgraded this can be done automatically, or users can be directed to a sandbox web page.

IM services can be strictly controlled with policies, and we were able to stop Windows Messenger from being used to send video and transfer files. Specific services, scripts and links can be blocked and IM traffic encrypted. The anti-spyware worked well, and we watched it blocking and deleting tracking cookies during testing. At the time of writing, Integrity had the facilities to check update versions for five anti-virus vendors including Sophos and Symantec, but by the time you read this Check Point should have its own optional anti-virus component available.

We found that policy creation could be complex and the Help files weren't overly informative. Even so, Integrity is simple to install and deploy, the policy-based access controls make it versatile and it compares well on price with most of the competition.

Author: Dave Mitchell