With insider attacks on networks becoming more common, 3Com has launched a range of Network Interface Cards (Nics) which contain embedded firewalls.

A joint FBI/Computer Security Institute survey of 538 US companies last year found that 49 per cent reported incidents of unauthorised network access by insiders.

"Perimeter firewalls are not very good at fighting malicious code on the inside," said Randy Smith, 3Com's product line manager. "You never know if hostile code has taken over a server."

The embedded firewall has no interaction with the host computer's operating system and reduces processor load as this no longer performs the function of a firewall.

It means that neither the end user or the operating system can tamper with the firewall on the Nic.

The embedded firewall controls user access and filters all traffic regardless of whether it originated from inside the corporate network or from the internet.

The Nics are configured from the network by a normal Windows server running a policy server application via a secure 168-bit 3DES encrypted channel. The policy server is protected by its own embedded firewall Nic.

Security experts have welcomed the development but warned that it is not a complete solution to security.

"If the local user or administrator is not allowed access to the card itself from the host machine, then this does add an extra layer of security," explained Waidat Chan, security consultant at network security specialist Interrorem. "But it would not be a direct replacement for a proper firewall."

He emphasised the continuing need for companies to adopt perimeter firewall and intrusion detection systems.

The server Nics will cost $129 with five server client licences costing $750. Desktop Nics will cost $120 and 50 desktop client licences will cost $2,250. The policy server software costs $995. All Nics come with NetWare 3.x/4.x/5 Server, ODI Client and Windows Me/2000/9x/NT drivers.

No UK pricing details are available as yet. 3Com is currently working on a Gigabit Ethernet server Nic and a wireless version.