Close
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
Read Down
Sign in
Close
Welcome!Log into your account
Forgot your password?
Read Down
Password recovery
Recover your password
Close
Search
Menu
Search
  • Latest News
  • Big Data and Analytics
  • Cloud
  • Networking
  • Cybersecurity
  • Applications
  • IT Management
  • Storage
  • Sponsored
  • Mobile
  • Small Business
  • Development
  • Database
  • Servers
  • Android
  • Apple
  • Innovation
  • Blogs
  • PC Hardware
  • Reviews
  • Search Engines
  • Virtualization
More
    Home Applications
    • Applications
    • Cybersecurity

    Security Appliances Take Step Up

    By
    Cameron Sturdevant
    -
    March 20, 2006
    Share
    Facebook
    Twitter
    Linkedin

      Enterprise users of Symantecs integrated threat protection systems can now extend that protection to remote and branch offices with the introduction of two midsize appliances: the Symantec Gateway Security 1660 and Symantec Gateway Security 1620.

      Click here to read the full review of Symantec Gateway Security 1660 and Symantec Gateway Security 1620.

      2

      Enterprise users of Symantecs integrated threat protection systems can now extend that protection to remote and branch offices with the introduction of two midsize appliances: the Symantec Gateway Security 1660 and Symantec Gateway Security 1620.

      The 1U (1.75-inch) appliances, both of which were released at the end of February, come with new SGS (Symantec Gateway Security) 3.0 software that adds anti-spyware and anti-virus capabilities. SGS 3.0 also adds management hooks that will allow administrators to integrate the boxes with the SGS Advanced Manager 9500, an appliance that enables centralized policy management, configuration, logging, alerting and reporting for the SGS line.

      /zimages/6/28571.gifClick here to read more about Symantecs free service that rates threats for consumers.

      eWEEK Labs tested two SGS 1660 appliances with Version 3.0 software. Each integrates full application firewall, IPS (intrusion prevention system), IDS (intrusion detection system), SSL (Secure Sockets Layer) and IP Security VPN capabilities, as well as on-box anti-virus and anti-spyware scanning, content filtering, client compliance monitoring, hot-standby and dual ISP connectivity options.

      We tested the SGS 1660s with an SGS Advanced Manager 9500, which is based on a 2U (3.5-inch) Dell PowerEdge 2850 server platform. We used the management appliance to consolidate alerts and to configure policies on the SGS 1660s.

      The SGS 1620, which we didnt test, is rated for 100 users and 100M bps of stateful throughput. The SGS 1660 is rated for 200 users and 200M bps of throughput and offers VPN acceleration. The estimated street price for the SGS 1620, with all licenses and subscriptions, is $1,200, about $2,600 less than the SGS 1660.

      Our tests show that the SGS 1660 appli- ance is suitable as an entry-level network protection device for small organizations or for use in branch offices.

      The SGS 1660 will be especially useful at companies with a smaller or less experienced IT staff. During tests, we found the appliance simple to install and configure. It took only a couple of hours to configure the hot-standby capability and to add basic firewall policies to protect our test network of Web servers and desktop clients.

      As with any firewall, the bulk of setup and IT operation time will be taken up by configuring rules that will make network traffic conform to business needs.

      In this regard, the SGS 1660 stands a bit above competing devices, including Check Point Software Technologies Check Point Express security gateway, which can be bundled onto IBMs eServer xSeries 306, Fortinets FortiGate-300 Antivirus Firewall and Juniper Networks NetScreen-50.

      All these products provide similar functionality, although no one completely overlaps with any other.

      Client compliance

      One SGS appliance feature that was clearly added to gain a toehold in the endpoint access control space is the client compliance module, which allowed us to check for—and only for—the presence and currency of Symantec Client Firewall and Symantec anti-virus tools and definitions.

      We dont hold the paucity of checks against Symantec (not in this version, at least). It makes sense that the company would start on the client compliance path by looking for its own tools. However, we hope that future versions of the SGS family expand to include checks for other common desktop firewall and anti-virus tools.

      That aside, the SGS appliances ability to periodically check for compliance during connection with endpoints is an important advance.

      In fact, network managers should build into their protection tool kits the ability to ensure that an at-risk client, such as a laptop computer, can be checked at initial connection time and periodically while connected to the network to ward off dormant worms or other malware that might have been missed during startup scans.

      Next Page: The affects on network performance.

      TKTK

      Hark, who goes there?

      IPS functionality is often finicky to configure and almost always a high-maintenance item during the first several weeks of operation.

      Symantec ships the SGS appliances with what we found to be useful default IPS settings, allowing IT managers to get up and running relatively quickly and easily.

      During tests, the default intrusion prevention policies worked well enough, and extensive user-configurable options will allow IT administrators to mitigate impact on the network. For example, we were able to apply the low-security policy to our trusted inside interfaces and configure the intrusion event profile to determine which traffic types to monitor and which to block.

      /zimages/6/28571.gifRead more here about why columnist Larry Seltzer says that its time for anti-virus businesses to talk testing.

      Each network service that can be monitored—including the usual suspects DNS (Domain Name System), NetBIOS, TCP, UDP (User Datagram Protocol) and ICMP (Internet Control Message Protocol)—can be further refined by associating protocols such as HTTP that can be monitored by the SGS 1660 IPS module.

      The IPS module is based on signatures that can be added or fully modified only by Symantec through Live Update. While the effect on network traffic speed was negligible in our test environment, we hope that subsequent versions of the IPS module will allow IT managers to make manual adjustments to the policies to enable more fine-grained control of blocked traffic.

      During tests, we spent quite a bit of time balancing among different combinations of the preset policies that we assigned to the various interfaces on the SGS 1660.

      We recommend that network managers start off with the lowest settings to ensure that desired network traffic is allowed through the SGS 1660. Based on our work, it shouldnt take more than a week of monitoring to safely adjust the IPS blocking policies to reach the right mix of network protection and business enablement.

      New in this version of the SGS 1660 Version 3.0 software are more than 100 new reports that significantly ease the administration of the appliance. We ran the reports from each of our SGS 1660 appliances, and both the SGS 1660 and 1620 can send event and alert data to the Advanced Manager 9500 appliance for organizationwide reports.

      Some of the most useful reports didnt have to do with performance or network events but, rather, with device configuration. When it comes to controlling ongoing management costs of a complex, policy-driven device such as the SGS 1660, configuration reports are crucial.

      /zimages/6/28571.gifSymantec gets caught in a Norton rootkit flap. Click here to read more.

      We were able to generate content-filtering profile, DNS record and global IKE (Internet Key Exchange) policy reports that detailed how our SGS 1660 was configured.

      Many of the policy reports also have corresponding performance reports, which network managers use to keep business managers apprised of network performance.

      Although not entirely new, content filtering is handled more gracefully in the Version 3.0 software that is supplied with the SGS 1600 models. We focused our testing on English language sites. However, the software supports double-byte characters for handling content violations in any language.

      Next page: Evaluation Shortlist: Related Products.

      Page 4

      Check Point Software Technologies Check Point Express security gateway Software-based solution that can be bundled on an IBM eServer xSeries 306 for quick installation (www.checkpoint.com/products/promo/express_gateway.html)

      Fortinets FortiGate-300 Antivirus Firewall An all-in-one appliance that includes anti-virus, anti-spyware, content filtering and VPN capabilities (www.fortinet.com/products/ telesoho.html)

      Juniper Networks NetScreen-50 Juniper appliance provides integrated security, including multiple DMZs (www.juniper.net/products/integrated/ ns_2550.html)

      Technical Director Cameron Sturdevant can be reached at [email protected].

      Check out eWEEK.coms for the latest security news, reviews and analysis. And for insights on security coverage around the Web, take a look at eWEEK.com Security Center Editor Larry Seltzers Weblog.

      Cameron Sturdevant
      Cameron Sturdevant is the executive editor of Enterprise Networking Planet. Prior to ENP, Cameron was technical analyst at PCWeek Labs, starting in 1997. Cameron finished up as the eWEEK Labs Technical Director in 2012. Before his extensive labs tenure Cameron paid his IT dues working in technical support and sales engineering at a software publishing firm . Cameron also spent two years with a database development firm, integrating applications with mainframe legacy programs. Cameron's areas of expertise include virtual and physical IT infrastructure, cloud computing, enterprise networking and mobility. In addition to reviews, Cameron has covered monolithic enterprise management systems throughout their lifecycles, providing the eWEEK reader with all-important history and context. Cameron takes special care in cultivating his IT manager contacts, to ensure that his analysis is grounded in real-world concern. Follow Cameron on Twitter at csturdevant, or reach him by email at [email protected]

      MOST POPULAR ARTICLES

      Android

      Samsung Galaxy XCover Pro: Durability for Tough...

      Chris Preimesberger - December 5, 2020 0
      Have you ever dropped your phone, winced and felt the pain as it hit the sidewalk? Either the screen splintered like a windshield being...
      Read more
      Cloud

      Why Data Security Will Face Even Harsher...

      Chris Preimesberger - December 1, 2020 0
      Who would know more about details of the hacking process than an actual former career hacker? And who wants to understand all they can...
      Read more
      Cybersecurity

      How Veritas Is Shining a Light Into...

      eWEEK EDITORS - September 25, 2020 0
      Protecting data has always been one of the most important tasks in all of IT, yet as more companies become data companies at the...
      Read more
      Big Data and Analytics

      How NVIDIA A100 Station Brings Data Center...

      Zeus Kerravala - November 18, 2020 0
      There’s little debate that graphics processor unit manufacturer NVIDIA is the de facto standard when it comes to providing silicon to power machine learning...
      Read more
      Apple

      Why iPhone 12 Pro Makes Sense for...

      Wayne Rash - November 26, 2020 0
      If you’ve been watching the Apple commercials for the past three weeks, you already know what the company thinks will happen if you buy...
      Read more

      eWeek has the latest technology news and analysis, buying guides, and product reviews for IT professionals and technology buyers. The site’s focus is on innovative solutions and covering in-depth technical content. eWeek stays on the cutting edge of technology news and IT trends through interviews and expert analysis. Gain insight from top innovators and thought leaders in the fields of IT, business, enterprise software, startups, and more.

      Facebook
      Linkedin
      RSS
      Twitter
      Youtube

      Advertisers

      Advertise with TechnologyAdvice on eWeek and our other IT-focused platforms.

      Advertise with Us

      Menu

      • About eWeek
      • Subscribe to our Newsletter
      • Latest News

      Our Brands

      • Privacy Policy
      • Terms
      • About
      • Contact
      • Advertise
      • Sitemap
      • California – Do Not Sell My Information

      Property of TechnologyAdvice.
      © 2021 TechnologyAdvice. All Rights Reserved

      Advertiser Disclosure: Some of the products that appear on this site are from companies from which TechnologyAdvice receives compensation. This compensation may impact how and where products appear on this site including, for example, the order in which they appear. TechnologyAdvice does not include all companies or all types of products available in the marketplace.

      ×