Switched On: A facile firewall sleeps with the fishes

Last week's laments about the iRoute nano aside, Apple popularized the notion of shrinking networking gear down to the size where it could be considered a travel accessory when it introduced the Airport Express. "Travel routers" from mainstream consumer networking brands Linksys and Netgear appeared soon after, and Apple went on to shrink its desktop Macs, iPods, and future PowerPC chip consumption.

Earlier this year, though, a Canadian security startup took the torch and created a portable firewall that far exceeds even the Airport Express in simplicity. While Apple's product presumes software-based setup, the Stingray — which resembles its cartilaginous namesake — is extremely simple to install. After plugging it in, you attach one Ethernet cable to your cable or DSL modem and the other to your PC or router. Stingray is the firewall for the five year-old. There isn't even an on-off switch although there is a big button that, far from erasing history, enables you to bypass the firewall if you're having problems with a particular service. Unfortunately, though, one must press this button every time one wants to enable an application.

There is no software to install, nothing to configure and nothing to update. Unlike many firewalls on the market that use a static rule set, the Stingray's is dynamically generated, making it theoretically harder to crack and certainly far easier to administer. Since there is no software component to the Stingray, it can work with practically any Ethernet-connected computer. If you think IBM was a big blue quitter for announcing earlier this year that it will drop support for OS/2 or delight in the dual PowerPCs of your original BeBox, the Stingray will cover you as well as users of Macs, Linux and Windows PCs.

While Stingray, Inc. doesn�t specifically market the Stingray as a travel firewall, I gave it a spin at a Marriott that uses the iBahn wired Ethernet connection, and was able to activate Internet connectivity with the Stingray between my notebook PC and the iBahn in-room Ethernet adapter. Had the hotel access been wireless, though, I could not have used the Stingray without physical access to the building�s wireless gear, which the hotel surely would not have granted. After a few hours of uneventful Internet use that included connecting to a corporate VPN, I tried it the following week at home where I plugged it in between my cable modem and wireless router.

At first, the Stingray worked equally swimmingly at home until it reached its Waterloo in the form of Sling Media�s Slingbox. I detected something fishy as the Stingray blocked access from remote locations. I wasn�t present at the device to enable the bypass nor could I command any evil assistants to �push the button, Frank.� With little recourse, the Ray was retired.

The Stingray makes the rare wrong tradeoff that too heavily favors simplicity over functionality. Future versions should do a better job of detecting application access and self-configure around those ports. If you�re not planning to do anything too far removed from pedestrian Web and email access on your computer and want to beef up your security simply, the Stingray may be your ticket to a safe holiday season and beyond. Unfortunately, though, more advanced users run the risk that some compelling new application could reduce it to a one-buttoned paperweight.