Put Up a Fence

Here's a look at two options for filtering content and keeping your network clean.

Ryan Elstad is a desktop server analyst at Syracuse University.

Any network that has students and computers will inevitably have malware running over its wires. However, you can minimize the damage with a good Web security gateway or unified threat management (UTM) device to filter content.

My department recently took a close look at two content filter appliances, one from eSoft — a company that has stepped up with devices that compete as UTM appliances — and one from network security stalwart SonicWall. We reviewed the eSoft ThreatWall 450 and the SonicWall Pro 2040.

UTMs have yet to win universal acceptance for content filtering. But we saw a UTM device as a way to stop malware from entering the network without having to rely on anything on the clients. The UTM works in the background and without requiring anything special from the clients it is protecting. Also, the all-in-one nature of the devices add a sense of completeness to the protection posture and allows for us to commit time to other projects.

eSoft ThreatWall 450

Why It Works for IT

eSoft combines a traditional proxy server and the deep packet inspection capability of a traditional firewall into one device, using these technologies for UTM. The eSoft devices cannot act as virtual private networks (VPNs), however, because they are not direct offspring of firewalls.

eSoft uses a simple wizard that walks you through the setup, gets the device running on the network and helps set the admin password. The final step of the wizard is to initiate a call home for updates. This is far simpler than the SonicWall installation.

The ThreatWall 450 handles filtering by breaking Web traffic into 40 content categories — such as mature, gambling and drugs — that you can block by checking a box for that category. eSoft periodically updates the category database and allows for the creation of 10 categories by the administrator to cover any unique circumstances. One of eSoft’s strengths is that it is easy to block instant messaging and peer-to-peer traffic — you just enable a few policies.

Perhaps the best thing eSoft has going for it is its logging system. Much more comprehensive than the SonicWall Pro 2040’s system, eSoft’s logging system creates easy-to-understand graphs and reports that are valuable to network administrators and serve as executive summaries for those who need to report on the network’s health.

Disadvantages

Because the ThreatWall 450 is a subscription device — as is the SonicWall Pro 2040 — you will have to keep paying for updates for new scanners. And while the eSoft device is easier to use than the SonicWall appliance, it can’t enforce network policies such as requiring that clients have antivirus software to access the network — a feature that SonicWall supports.

CDW•G Price: starts at $2,660

SonicWall Pro 2040

Why It Works for IT

SonicWall has taken the traditional firewall to another level with its Pro 2040 Web security appliance. The Pro 2040 combines parts of a traditional firewall with gateway-like features of proxy services and scanning engines for malware to create a powerful and well-rounded addition to your security infrastructure.

The architecture of the device is centered on zones and objects. This type of setup allows you to place policies on either zones or blocks of address space, allowing for a broad approach to your security posture. However, if you want to be granular with the security setup, you can apply policies to objects such as groups and users. The users can be local to the Pro 2040 or the device can connect to a Lightweight Directory Access Protocol or Remote Authentication Dial-In User Service infrastructure to help facilitate the authentication of users.

The Pro 2040 sets itself apart with its ability to customize the network address translation (NAT) setup. The device has a wizard that will walk you through creating the needed policies to get public server and services exposed to the wide area network. This includes Voice over IP and even multicasting services. The NAT also supports the setup of one-to-one, one-to-many and even many-to-many policies. This ability makes the Pro 2040 suitable for even the most complex environments. If the environment does not have a separate VPN infrastructure, the Pro 2040 comes with the ability to have 10 VPN connections using its IPSec VPN. The VPN client software even will allow for the remote computer to function as if it were inside the protected LAN, by applying the policies of the Pro 2040 to the remote computer’s connection.

Like most of SonicWall’s enterprise-class devices, the Pro 2040 will work with its Global Management System, allowing you to configure and manage the device from a central location. The device has a nice system status page to help you get a feel for what the device is seeing at that time, but it lacks an enterprise logging system that would encompass a search function to help find the needle in the network haystack.

The Pro 2040’s strength is its flexibility in fitting into a complex network. The part that makes the Pro 2040 better than a regular firewall and turns it into a UTM device is the gateway antivirus, antispyware and the spam filtering. In testing, the antivirus service caught the five common viruses attempting to download to the network. Add the antispyware, and the device becomes a modern total antimalware solution.

An exciting feature for the education environment is the Content Filtering Service (CFS). This service uses a dynamic database of URLs, domains and Internet protocol addresses to block material that should not be allowed inside the network. The content is organized into 12 categories by default, with the same sorts of categories as those the eSoft device uses. You can increase to 56 categories by upgrading the CFS — at a price. The CFS is policy-based, and policy can be set on all or specific groups.

Another item of interest for administrators in higher education is the ability to add a client anti- virus service. This service enforces antivirus policies and forces students to have up-to-date antivirus software on their computers before they can access the network.

Disadvantages

The UTM features of the device are subscription-based, so the ongoing yearly cost must be added to any budget. And the SonicWall Pro 2040’s complexity has a possible downside — if you lack expertise in this area on your staff, you will probably need a consultant to get it up and running.

The SonicWall device is a bit more complicated than the eSoft appliance. The experienced administrator can quickly get the device functioning, but if you are looking for a device that will quickly integrate into an existing authentication infrastructure, you might want to look elsewhere. The Pro 2040’s setup wizard is not really a complete wizard, because you must configure different services individually. That is why you need experienced networking staff or a consultant to complete the configuration of the device.

CDW•G Price: starts at $1,566