Review: SIG-nificant SMB Security

The Secure Internet Gateway (SIG) 3000 appliance from McAfee is designed as an all-in-one tool that blocks spam, viruses, malicious Web sites and spyware. Supporting up to 200 users per device, the appliance targets small and midsize businesses looking for a comprehensive security solution that is easy and simple to manage.

CRN Test Center engineers installed the SIG 3000 in transparent bridging mode behind a firewall, which is the most common setup mode for customers, according to the vendor. Customers may also choose to configure the appliance in either the router or proxy mode.

Installation was easy and straightforward. The appliance was connected to a VGA monitor, keyboard and mouse before powering on the unit. Only one of the two Ethernet ports was used during the initial setup. After the appliance completed the Red Hat Linux boot sequence, engineers entered the appliance's host name, domain and an IP address using a menu interface. A few other LAN and NIC settings and the transparent bridge mode setting were also selected through the interface. Once the appliance was configured, engineers connected both ports on the box so that all Internet traffic flowed from the firewall to the box, and then onward to the network.

After the initial configuration, all management functions were performed through the SIG's Web interface. It's not necessary to connect a keyboard, monitor and mouse to the box for configuration and maintenance purposes. The management application is accessible from any computer on the same network.

Next: The Bottom Line SIG 3000 supports the major networking protocols: SMTP, POP3, HTTP, FTP and ICAP. Engineers tested e-mail through both SMTP and POP3 protocols and were impressed with the spam filtering capabilities. The box was able to catch most spam, even image spam. For the first test, the mail server applied its own spam rules. SIG correctly flagged spam messages that the mail server had missed. As a side experiment, engineers tested e-mail messages in a Google Gmail account. Engineers were impressed that SIG caught and flagged a few spam messages that Gmail missed, as Gmail is considered to have one of the better spam filters. As a second test, the spam filter on the mail server was turned off and the SIG handled all the spam filtering. The appliance flagged all the spam messages correctly.

SIG 3000 also scans Web e-mail accounts. While Yahoo offers virus scanning, it was a relief to know there was some protection for other accounts, including Hotmail and Gmail. Engineers tried downloading viruses and spyware from various sites, as well as surfing to sites that had harmful scripts embedded. SIG was able to stop all attempts.

While the device's strengths lie in spam filtering, virus scanning and malware blocking, administrators can take advantage of built-in tools to monitor bandwidth. SIG can also log all Web traffic so administrators can easily identify which Web sites users are visiting. Administrators can also send an on-screen warning or block Web sites entirely when a user tries to access inappropriate sites.

McAfee Site Advisor is built in to the appliance and monitors, warns or stops users from visiting malicious sites. Site Advisor also allows administrators to block and report use of inappropriate Web sites. The appliance also updates security definitions on a regular basis to keep its protection current.

SIG 3000 had a single processor, 512 Mbytes of RAM, a single hard drive, and a single power supply with 10/100/1000 networking. Later versions in the same series all have the dual processor. The unit is priced at $2,395 with an unlimited user license and one year of hardware and gold software support.