Download technology report (pdf, 525k) - West Coast Labs

More documents

Recommendations

Info

4 TECHNOLOGY REPORT SUPPLEMENT FROM Equiinet NetPilot Plus DEVELOPER’S STATEMENT: The protection provided by the NetPilot’s SmartUTM is the most comprehensive available and includes anti-spam, antivirus, anti-spyware, intruder detection and prevention, advanced firewall, URL filtering, email policy controls and secure VPN support. Manufacturer Contact details Equiinet www.netpilot.com Equiinet NetPilot Plus has achieved the Checkmark Standard Certification for Anti-Spam solutions. www.check-mark.com FEBRUARY 2006 The NetPilot Plus device is a compact unified threat management (UTM) unit, which Equiinet claims has an anti-spam capability with Spam Assessment, SpamCop Plus and Bayesian filtering coupled to the product’s Email Policy Controls to add power and flexibility to effectively deal with spam. This acts as a two-layered approach, with each one having been integrated to provide common controls and <strong>report</strong>ing, Spam Assessment and SpamCop together with the Bayesian learning provide a powerful combination of standard spam countermeasures, while the Policy Controls can additionally provide quarantine, black and white listing and much greater management flexibility. NetPilot Plus is a compact appliance, with a sealed front that is ideal for sitting on a desktop or on a rack shelf in a server room. Indeed, the only components on the fascia are power and disk lights. The rear of the unit contains a PS/2 keyboard connector, parallel port, serial connection and VGA connection, and a rockerstyle power switch. The collection of two onboard NICs plus one further on an expansion card allows for a variety of network setups to be implemented. During the course of the testing program, Equiinet released a new version of the operating system, so the device was upgraded from version 3 to version 4. Thankfully, the interface look and feel did not really change and the knock-on effect in terms of the way that spam is handled did not affect the overall test outcome. Initial configuration can be performed either via a keyboard and monitor plugged into the unit itself; alternately a private network range is already setup on one of the NICs and a client machine may undergo an IP address alteration. All interactions are handled via a secure web interface – the client may use a standard web browser, and the device itself uses LYNX. The opening wizard asks for some basic details to perform the setup. Version 4 of the system is capable of performing lookups on both the internal network and an external ADSL line. This means that if DHCP is enabled the device can be plugged straight into a network and it can take a guess at how it should be setup. In practice this works fairly well, although if the administrator has a specific IP address set aside for the device, the network settings may need some alterations after first boot – these, however, are simple to find and quick to perform. Following the preliminary configuration of the device, the SSL encrypted interface is available to devices on the internal network. The spam functionality is easy to find, with the more generic settings being found under the section heading of email. Policy actions can be found under the Email Filter Policy section, and there are options here that allow for the creation or editing of policies in some detail. Spam functionality is enabled as part of the wider UTM functionality on version 4 or as a separate component on version 3 via a license key system, with keys obtainable from Equiinet resellers. The keys need to be entered into the interface along with the hardware serial number (found on the rear of the device) in order to benefit from the maximum protection that this device can offer. The NetPilot Plus has several options for dealing with suspected spam – it is possible to deliver it as normal with extra headers or to quarantine it on the device itself. Alternately the administrator can choose to have the message delivered to the administrative mailbox, either as a copy of the original or as an attachment. The training options available on received emails permit the reclassification of individual messages from the Email section or allow an en masse learning session under the Review and Learn banner within Email Filter Policies. Although the device adds in extra headers to emails, it does not currently allow for the alteration of the message subject line to reflect the nature of the email. The device leaves it up to the client email program to interpret these and mark them up as appropriate. THE VERDICT Equiinet's Unified Threat Management solution is well rounded. It boasts a friendly and simple interface with plenty of well written documentation. The NetPilot Plus takes the hard work out of configuration and has been a consistent performer during testing. www.westcoastlabs.org
TECHNOLOGY REPORT SUPPLEMENT FROM 5 McAfee Secure Messaging Gateway DEVELOPER’S STATEMENT: McAfee Secure Messaging Gateway protects against spam, inappropriate content, phishing, worms, and viruses – all on a single appliance. It provides enterprise-class performance to meet the most demanding requirements. Manufacturer Contact details McAfee www.mcafee.com McAfee Secure Messaging Gateway has achieved the Checkmark Premium Certification for Anti-Spam solutions. www.check-mark.com McAfee has a broad product portfolio that secures systems and networks from known and unknown threats. We tested McAfee’s new e-mail security appliance called Secure Messaging Gateway. The product is a 1U rack mountable Dell unit that comes pre-loaded with a hardened Linux-based operating system plus McAfee security software and other prerequisites such as Java JRE 1.4.2. Setup was rapid and uncomplicated. The device was configured and ready to accept email within a few minutes. The well-written manuals have detailed instructions, documentation came in printed form for the hardware and in PDF form for the McAfee software. The device includes its own browser-like administration tools. Organizations that have deployed other McAfee security products will appreciate the fact that Secure Messaging Gateway can also be managed by McAfee ePolicy Orchestrator, the Java-based central management console that can direct the efforts of multiple McAfee security devices. The resulting span of control makes administrators more productive because they don’t have to visit individual clients or servers to setup company-wide security policies. It is easy to navigate around the various options and menus. The initial status screen shows a large amount of detail about the current state of the device. This includes not only traffic and detection statistics but also data such as the time and date of the most recent antivirus engine update, allowing the administrator to see at a glance the current state of play. The appliance utilizes multiple techniques to detect and block spam and phishing attacks. Some of the techniques, such as heuristic rules, are designed to be proactive in blocking “first time” spam. Other techniques, such as content filtering rules, have been developed to be reactive to new spam outbreaks and are automatically updated by McAfee every 10 minutes. McAfee’s spam management capabilities are particularly robust. The spam quarantine can either be on the appliance itself – a good choice for small organizations – or on a scalable Windows-based server that can store spam and whitelist settings for multiple appliances. Both administrators and end-users can configure blacklists and whitelists and can access the centralized spam quarantine via a web browser. In testing, the McAfee Secure Messaging Gateway did not block a single good message by mistake. However, if this were to occur, end users could search the spam quarantine for messages and release any that are found to have been inappropriately blocked. The appliance can also send each user a daily digest of the messages that have been placed into quarantine, and end users can release individual messages by clicking on the appropriate buttons in this digest. McAfee also provides an Outlook plug-in tool that allows end-users to submit samples of undetected spam, thus helping to “teach” the McAfee appliances about the user’s unique email characteristics. Once messages are submitted, the appliance can be configured to learn automatically or with administrative help. The McAfee appliance can be configured with different security policies to meet the needs of different groups within your organization. Also, messages can be scanned both inbound and outbound. McAfee claims that the latter option ensures that your organization is not unwittingly sending viruses or spam. Whilst not part of the current tests, this appliance also provides Content filtering policies which can guard against sensitive information leaving your network. McAfee’s appliance scans e-mail headers, bodies, and more than 300 types of attachments. Content filtering policies can block or modify messages that contain specific words or phrases that violate a content rule. Mcafee also claims that in addition to stopping viruses, spam and other unwanted messages, the McAfee Secure Internet Gateway blocks directory harvest attacks and other types of denial of service attacks against your messaging system to ensures that your mail servers stay up and running. THE VERDICT As another valuable tool from McAfee to protect corporate networks, the Secure Messaging Gateway solution is highly effective. It boasts an intuitive and well-thought-out interface which allows the administrator lots of control. Overall, it earned our highest rating: CheckMark Anti-Spam PREMIUM. www.westcoastlabs.org FEBRUARY 2006
Page 1 and 2: TECHNOLOGY REPORT - FEBRUARY 2006 V
Page 3: TECHNOLOGY REPORT SUPPLEMENT FROM 3
Page 7 and 8: TECHNOLOGY REPORT SUPPLEMENT FROM 7

Download technology report (pdf, 525k) - West Coast Labs

You also want an ePaper? Increase the reach of your titles

Delete template?

Save as template?