Arthur C. Clarke famously said that any sufficiently advanced technology is indistinguishable from magic, but he reckoned without the human tendency to take things for granted. In an age inured to amazement its not enough for things to be advanced to be astonishing - they usually now have to be small as well.
The latest technology to be put through the shrinker is, improbably, the firewall. Zyxels new Zywall P1 is a wallet-sized unit in red and silver plastic with an aluminium faceplate, five status lights (Power, WAN, VPN, Managed and LAN), four ports (power USB, LAN and WAN), and a tiny recessed reset button. It can probably lay claim to being the smallest hardware firewall in the world.
Despite being only 13cm long and 8cm wide (5 x 4 inches), and weighing 130 grams, the P1 contains enough hidden magic of its own to make it attractive for a IT admin looking to support laptop users on their travels. Security features include a 90Mbps-rated stateful inspection (SPI) firewall, and IPSec VPN support through accelerated DES/3DES/AES encryption in up to 34Mbit/s. Both are ICSA certified.
The P1s main selling point is obviously its portability, being light and small enough to fit in the hand. It can be carried around in a computer bag without being noticeable. Befitting its portable status, the P1 comes with a PVC looking carry case about the size of an old-fashioned filofax, which can be left covering the firewall even when it is being used. There are no bulky power adaptors to carry around as the P1 can be powered from a USB connection.
It would work fine at home, but that would depend on the set-up. If you have (as do a fair number of UK home users) a simple ADSL modem then you wont necessarily have an Ethernet interface to hook the P1 up to; if you have a router with an Ethernet interface then youll probably already have a firewall built into that anyway. Frankly, there are cheaper and better options for the home user.
The real use for the P1 is within a business that wants to impose specific firewall policies in hardware and remotely manage the devices in as simple a way as possible. The company has said it will support Zyxels Vantage CNM network management through a firmware upgrade, which should be imminent.
The Zywall P1 is an well thought out and simple-to-configure product, but does the road warrior of laptop cliché really need one? As long as youre only bothered about traffic moving in one direction, Windows comes with a serviceable software firewall and there plenty of other excellent products such as ZonbeLabs ZoneAlarm that do an even better job. The idea of keeping your security function in a neat piece of hardware is appealing, but it is also another piece of equipment to keep track of.
Equally, software firewalls have known weaknesses, are increasingly being targeted by malware directly, and dont always offer the level of firewalling built into the P1 such as the ability to monitor traffic out of as well as into the PC. It adds expense (the street price is around £135 + VAT /$170) but, on balance, it probably buys a degree of flexibility that security-conscious companies might want to look at more closely.
The P1 only has software firewalls as competition. Certainly, the firewall in Windows XP SP2 is not yet featured enough to stand up to life on the move.