Every once in a while, I will either run into someone who remembers the old FAQ site I used to run here about Check Point FireWall-1 or I will get a fan letter about it. Both have happened this week.

I’m going to tell you a little secret about that old site. I really didn’t know all that much about Check Point, especially when I started doing it. I just wrote down what I learned both from my own experience and others. More importantly: I shared it.

Obviously doing the site helped me to learn the product back in the day. It also helped countless others and I do appreciate all the feedback I get from folks about it. I really do.

Anyway,  a while back, I decided, for various reasons, to put up an old version of my FireWall-1 FAQ up on a hidden page to take a couple of screenshots. By posting a link here, decided to make it available again by posting a note about it here. It is for nostalgia purposes only, given that most of the information is older than many people’s IT careers (circa 2000). Also, links are likely to be broken, etc.

Hopefully you’ll enjoy the walk down memory lane…

I figured I’d let some of the hoopla die down a bit before I offered my thoughts on Apple’s latest iteration of their mobile OS: iOS 5. It was officially released to the world on 12 October 2011 via iTunes, though the so-called “Golden Master” was released to developers (and consequently on Bittorrent) a week before.

The bottom line: if you have an unjailbroken iPhone 3GS or later: you should definitely upgrade. If you’ve dipped your toes in the jailbreak waters or, worse yet, used Ultrasn0w to unlock, you should likely avoid it unless you research very carefully.

I haven’t done a full analysis of the new features, but I can tell you what I’ve noticed. Note this is on an iPhone 3GS and an iPad 2. Your mileage may vary.

Notifications

Honestly, this was seriously broken before iOS 5. Popups are not an effective way of handling things. Especially for all applications. Now most notifications live in a tray that you pull down from the top, very similar to how it works in Android. You can configure what apps will show there and in what order. I like it better than how Android does it, though, because I get more information to boot and can easily clear individual application notifications. You can also configure which applications use the more traditional popup notifications versus the ones that live in the notification tray.

The Lock Screen

In addition to the notification tray, missed call and text notifications appear on your lock screen. There’s also a “camera” button that I’ve seen appear as well so you can activate the camera without unlocking. That said, I cannot get this to appear consistently on the lock screen.

The Camera App

The camera app has been improved with auto-focus and auto-exposure lock. You can also do minor photo editing: cropping, red-eye removal, an “auto-enhance” mode, and photo rotation. Not nearly as full featured as, say, Camera+ (which is still a great app) but good enough for me to revert back to the standard Camera app for most of my day-to-day use.

iCloud

Finally it is now possible to own and activate an iPhone, iPod Touch, or an iPad without a computer. This is due, in large part, to iCloud. Applications, their data, contacts, calendars, and device photos can be stored and/or retrieved “from the cloud.” You can even do firmware updates from the cloud as well.

Of course, with multiple iOS devices, I quickly ran into the “free” 5GB data limit. You can buy more, of course, or you can choose not to backup application data for some applications like I did. Or you can choose not to use iCloud at all.

iMessage

While I’ve tried to use things like TextPlus and Google Voice, they both leave something to be desired: they don’t “just work.” Neither will do text messages to international numbers unless those people sign up for the service.

iMessage just works. I just try and send a text as normal from the Messages app. If the person is using an iOS 5 device (and it can tell either by email address or phone number that I’ve already got configured for the user), it automatically is sent over iMessage, which is faster and cheaper than a conventional SMS. I can send text or pictures. It’s totally transparent to me other than the fact the text bubbles are in blue rather than green.

This is Apple’s answer to Blackberry Messenger except this just works without exchanging anything you don’t already have. I used it with a number of people–in some cases, not deliberately as I had no idea they used iOS 5 devices. It just worked as advertised. It’s hard to beat that.

Newsstand

I like the idea behind newsstand–put all your electronic periodicals in one place–but until applications are updated for it, your newsstand will look kind of empty. Mine only has the Wired app in it. It would be nice if I could also put, say, Instapaper or Flipboard in it, but alas, I cannot. I also cannot move the Newsstand icon into a folder. Very irritating.

Twitter Integration

Something else that came as part of iOS 5: Integration with Twitter. You can not only tweet pictures from the photos and camera app, but other Twitter apps can make use of your Twitter credentials stored in iOS as well. You can also update your contact pictures with information from Twitter.

The only annoying part is you need to have Twitter’s official app installed to use these features. I personally don’t use that app. I prefer Tweetbots, instead.

Summary

I know there’s a lot more features to iOS. I’m only scratching the surface, but these are the things I’ve used so far. What are your favorite iOS 5 features?

The folks at MemoryCardZoo.com sent me a Samsung MicroSD card, which various reviewers have said has “amazing levels of durability, being water, magnet, and shock proof.” How do they fare against standard MicroSD cards? Well, I decided to put it to the test and put together a video showing what I did.

From Verizon Stops Illegal Tethering, Follows AT&T – Mobiledia – The Mobile Future – Forbes.

Verizon today began blocking customers from tethering their data through jailbroken apps, following in AT&T’s footsteps as the company fights to stay on top of the U.S. wireless market.

The Basking Ridge, N.J.-based carrier now requires users have a hotspot-capable data plan if they want to tether data from their smartphones to other devices. Users who try to tether through jailbreak apps like MyWi will be redirected to a Verizon webpage where they can upgrade to a capable plan for an additional $20 a month.

Well that didn’t take long. The minute one of Ma Bell’s children does something anti-consumer like raising prices on unbundled SMS or eliminate unlimited data plans, the other is surely to follow. And AT&T wonders why people are so against their proposed merger with T-Mobile? And unlike what I said before, I’m definitely against the AT&T/T-Mobile merger now.

So let me get this straight. We can’t do unlimited data anymore. Even those who have it on a grandfathered basis on AT&T are gonna get throttled if they are in the top 5% of users. I’m waiting for Verizon to start pulling the same crap sooner or later.

And, to make matters worse, if we allow some other device to use that data via tethering, we have to pay more for the privilege? Sounds a bit like the old Ma Bell practice of charging you monthly for the privilege of having another phone jack in your house.

At least the old Ma Bell guaranteed universal service (meaning, you could get phone service anywhere). Not only can we not get service everywhere with these jokers, we pay out the nose for the privilege. Sounds like the worst of both worlds to me.

From via Securing Mobile Devices May Be an Impossible Task:

Attacks against smartphones such as BlackBerrys, iPhones and Android phones have become quite prevalent in recent years and many of them have focused on getting malicious apps on users phones. Thats a quick and easy way to get access to user data and sensitive information. But there are a slew of other real and potential vectors that attackers have at their disposal no, as well. Going after the device firmware is one potential method, as is attacking the mobile infrastructure itself.”

If I can update your phone remotely, I own the phone at every level and I own you. Its game over,” said Don Bailey, a senior security consultant at iSEC Partners, said during the panel discussion.

While I myself have been thinking about mobile security, this is an angle I didn’t even consider. If hackers can pwn the mobile phone network itself, well, everyone’s mobile device is in danger. There’s not much you can do about it, either.

By now I’m sure you’ve seen, heard, or read Check Point’s official announcements made at NASDAQ this morning. This is by no means a regurgitation of the official press releases, but it is my own personal take on what was announced. If you want to see the announcement for yourself, check out the recording!

(Just to be clear, I work for Check Point and these are my own thoughts.)

Check Point R75.20

This release (press release, download) brings a number of new features. One of the most anticipated ones is the ability to inspect outgoing SSL traffic. Not just for Application Control, where it is most needed given the proliferation of sites requiring SSL, but in all the various software blades we support. And its included as part of the relevant software blades license (i.e. it’s not a separate charge).

SSL inspection is done by essentially doing a “man in the middle” on the traffic. The gateway dynamically generates a certificate for the destination website, which is presented to the client when they connect. This allows the Security Gateway to see the traffic “in the clear” and make the relevant security decisions. The connection is encrypted as it leaves the gateway with SSL. Since SSL inspection is more intensive than inspecting HTTP traffic, and potentially creates potential regulatory issues by its use, you will have granular controls as to when this feature is invoked.

Another new feature in R75.20 is a completely revamped URL Filtering blade. While Check Point is still selling this as a separate product, it is actually integrated with Application Control. Applications and URL Filtering categories are given equal billing in the now combined Application Control and URL Filtering rulebase. You can do user-level URL filtering (with Identity Awareness) and can take advantage of our UserCheck technology to inform users of the policies. We can also handle HTTPS websites and custom categories. The categories themselves have also been substantially updated.

Unlike with previous versions of URL Filtering, where the entire URL filtering database was stored locally on the Security Gateway, the new engine makes use of the cloud. Commonly accessed URLs and their categories are stored in a local cache on the gateway. Over 99% of your web traffic should be met by the local cache on your gateway. When someone accesses a URL not in the local cache, the URL Filtering database in the cloud is consulted, with the result being stored in the local cache for future use.

The Data Loss Prevention (DLP) blade also gets a substantial update in R75.20. HTTP performance is substantially improved in this release and you also gain the ability to examine HTTPS traffic as well. A large number of additional “out of the box” datatypes are now included. We also integrate with an internal Microsoft Exchange server so DLP can be performed on internal email as well as email leaving the organization.

SecurityPower

A common complaint I’ve heard from Check Point customers over the years is that the performance numbers we quote for our appliances don’t reflect what performance you’ll get in the real world with real world traffic patterns. This is because performance numbers have been historically quoted for a single firewall rule (any any any accept) with the most optimal traffic pattern (1500 byte UDP packets). To be fair, this has been the standard industry practice for some time now. Every vendor of network equipment performs tests like this.

Unfortunately, this isn’t a good indicator of how an appliance will perform under real world conditions. With that in mind, Check Point has developed a new testing methodology for its appliances using a real rulebase (100 rules) with real-world traffic patterns (both based on industry standards and actual patterns seen at Check Point customer installations). This rulebase and traffic pattern exercises all of the various features and functionalities available in our Security Gateway. Based on those tests, Check Point has rated each appliance with a SecurityPower Unit rating (SPU).

One could call the SPU an arbitrary metric. What it gives you is a relatively simple way to compare appliances and the relative security load they can handle. More importantly, an SPU can be generated for a given set of requirements (required blades, throughput, number of connections, and so on). You can then compare that against the available appliances to ensure you choose the right security appliance for the right security task.

Check Point has developed a tool that does exactly this. It will be available shortly. Personally, I think this is a big deal.

New Appliances

Two new appliances are being launched today for the data center: the 21400 (press release, product page) and the 61000 (press release, product page). These appliances are aimed squarely at the data center, where tens or even hundreds of megabits gigabits per second of throughput are needed!

The 21400 is a powerful 2U platform that features massive port density (up to 37 1000-base-T ports, 36 1000-base-F SFP ports, or 12 10GBase-F SFP+ ports), 50 GB of firewall throughput, 21GB of IPS throughput, hot-swappable redundant power supplies and disk drives, and an optional Lights-out Management card. Everything you’d expect from a carrier-grade chassis. The appliance runs both R71 and R75 with SecurePlatform.

The 61000 series, on the other hand, is a monster appliance! It’s a 14U (DC) or 15U (AC) bladed chassis that, when fully loaded, will support 200GB of firewall throughput today and, with future hardware and software enhancements, will support over 1TB of throughput in the future! Aside from all of the various connectivity and redundancy options, the appliance acts as a single platform that, when new hardware blades are added, automatically configures itself to distribute the load between the blades! The platform currently runs a 64bit version of SecurePlatform based on R75.

Both appliances, which are referred to as Data Center Appliances, are available now on the Check Point pricelist.

Mobile devices are, like any powerful tool, a double edged sword. They enable unprecedented ability to access and create information from anywhere! They are also a huge problem for information security.

Unlike a traditional PC, where there are a number of solutions to address various information security needs, mobile devices (those running iOS, Android, Symbian, Blackberry and others) provide little if any mechanisms for third parties to provide security solutions. Beyond ActiveSync integration, which itself is potentially untrustworthy (remember how iOS used to lie to Exchange servers that their mail store was encrypted?), other options for securing the device or data on the device are limited.

That said, mobile operating systems have had the benefit of experience of other operating systems. They are designed to be more resistant to intrusion by requiring signed code, employing sandboxing, limiting the available APIs, and more. It doesn’t eliminate the risk of security vulnerabilities, but it does minimize the risk known ones will occur.

Unfortunately, the “baked in” security only addresses a small segment of potential security issues. It does nothing to address future security issues that might crop up. Due to the limited APIs, it is not possible for third parties to address these issues without cooperation from the OS vendor (e.g. Apple, Google, Nokia). Unfortunately, security threats evolve far faster than an OS vendor’s ability to mitigate these threats on their own. Just look at how long it took Microsoft to enable the firewall in Microsoft Windows by default, implement driver signing, or any number of other security mechanisms that are just the default on mobile operating systems.

Even so, the most important feature of a mobile device–the ability to access and share information from anywhere–is also a threat to an enterprise. The potential for data leakage is substantial! All I have to do is take a picture of a whiteboard in an office with confidential data on it using an Android phone with Google+ automatically uploading my photos “in the cloud” to have a potential data leak! Not to mention using your personal device to access mobile email and working with attachments.

Even if adequate tools existed to address all the issues on mobile devices, one should not blindly rely on these tools. It comes down to people understanding the security implications of their actions and adjusting their actions accordingly.

I have a habit of keeping older technology around. Just because it’s not new and shiny doesn’t mean it won’t continue to be useful.

Such is what I have found with my Think Outside Stowaway Sierra Bluetooth Keyboard. I bought it back in 2007 to pair with the Nokia N800 tablet. While the Nokia N800 never lived up to its full potential (and given what’s Nokia’s plans are for Meego, one wonder why they bothered to release the N950), the Think Outside Keyboard can still be used with any Bluetooth-enabled Smartphone or, in this case, my iPad 2.

I remembered why I liked this keyboard initially: it’s more or less a full sized keyboard complete with arrow keys. This makes it very easy to type on. It also folds up into a reasonable size, which makes it very portable.

For the sake of argument, I’ve taken some comparison pictures with the Zippy BT-500, which is a portable keyboard I reviewed previously. As you can see, the Zippy keyboard is a smaller keyboard, but the keys are too cramped to type on comfortably. This Think Outside keyboard is definitely better to type on.

The only thing I don’t like about it is that the keyboard is not suitable for using on anything but a flat surface. However, I can’t complain about the cost of this keyboard since I paid for it four years ago. With a fresh battery, it still works pretty good.

Think Outside got acquired by iGo at some point and they’ve stopped selling these or similar keyboards. It’s a shame, because a variant of this keyboard will still sell pretty well today.

I don’t normally write about something as mundane as HDMI cables. They’re all the same, right?

RedMere Technolgies makes an active-cable technology that various video cable manufacturers can incorporate into their cables to make them smaller, lighter, and more flexible, yet provide excellent video quality. While that’s certainly nice even for your typical HDTV components, where the thinner cables are really desirable is for portable devices such as mobile phones.

RedMere’s PR agency sent me a couple of cables for my Nokia E7 to review (they didn’t know if I needed an HDMI-C Mini or HDMI-D Micro cable, turned out it needs an HDMI-C). They were RedMere-branded cables, but RedMere themselves doesn’t make cables for sale. These are representative samples of cables you can find for sale from various manufacturers and retailers.

I hooked up my Nokia E7 to my HDTV using both the RedMere-supplied cable as well as a regular HDMI cable connected to my Nokia-supplied adapter. I could not tell the difference between the two cables in terms of video quality, but there’s a clear difference between the thickness and weight of the cables. The RedMere cable clearly wins in terms of portability, being lighter and thinner than even my Micro USB cables I couldn’t imagine putting a regular HDMI cable in my travel bag due to its thickness and size.

There are a number of manufacturers that make cables with RedMere technology inside. If you’re looking for a smaller, thinner HDMI cable, you can’t go wrong with one of these cables.

As implied by my review of the Hammerhead case for iPad 2, I am now the proud owner of an iPad. Yes, I successfully resisted the siren call of Steve Jobs long enough. However, a funny thing happened: I spent a few days on the road with Kellman and saw how he used his. That pretty much sold me on the utility of the iPad.

Kellman did a number of really cool things:

• Had ubiquitous connectivity thanks to the built-in 3G modem. This isn’t so much of a concern for me when I travel in the US, but when I travel outside the US, it’s very much an issue. The iPad 2 is unlocked so I can easily swap in a SIM card from a different operator. I can also easily sign up for a prepaid data package right from my iPad (though I haven’t tried this yet).
• Did a presentation from his iPad. You can get a cable for your iPad that allows you hook up to a VGA projector, use Keynote to give the presentation, and control the presentation with an iPhone! No laptop required!
• Accessed a number of computers remotely using LogMeIn Ignition. While this is a rather pricey app at $29.99, it gives you the ability to control any number of PCs or Macs from your iPad using the well-known LogMeIn service without any additional charges. I recently tried this out with my computers and it works well.
• Flipboard. I had heard about it, but until I actually saw how it worked with my own eyes, I didn’t really get it. Now I do. It integrates Twitter, Facebook, and a number of news/information sources from the web and presents it in a magazine-based format that is very compelling.

Given the above, the fact I already had a significant investment in the Apple universe (having purchased an iPhone 3GS two years ago and an iPod Touch for the family last year), and the fact that none of the Android tablets I looked at were nearly as compelling, including the Samsung Galaxy Tab 10.1, which is was the closest, I pulled the trigger and bought one. It wasn’t cheap, that’s for sure, especially since I opted for the 64gb version with 3G.

Once I got it home, and given my recent experiences with the Nokia E6 and Nokia E7, I began to understand why people really love the iPad. The software is one aspect, of course. Then again, as an iPhone/iPod Touch owner, I already knew this. What made it more compelling was, quite honestly, the larger screen.

It’s not just to see the content better, though I certainly found that to be one reason to like the iPad. The screen size also enables one to utilize a touch interface either. This point was driven home to me when I was evaluating the Nokia E6 with its small but touch-enabled screen. Having the real estate to actually perform the various touch actions is very important. The iPad has that. In spades.

The other obvious benefit to having a large screen is you can have an even larger battery. 10 hours is quite a lot of battery life. While I haven’t been able to get anywhere near running the battery down, it certainly will last a normal day. Considering I frequently fly to Israel, which takes me almost 24 hours, having a gadget that can last the entire journey without having access to a power plug is certainly desirable. I’m putting this to the test as I type this.

The iPad 2 has both a front-facing and rear-facing camera. The camera quality is nothing to write home about, of course, though I can find uses for this. I have smartphones to capture higher-quality pictures, anyway.

In any case, I am very happy with my iPad purchase. I wish more of the apps I had previously purchased previously were iPad enabled. I had to spend some money to buy iPad-enabled versions of many of the apps I was actively using, which is far preferable to using iPhone apps in the emulation mode.