Security For The Cost-Conscious
In addition, companies are using remote access to connect corporate resources to branch offices. An integrated solution that would combine remote access with security is an ideal one in these cost-conscious times.
Check Point Software Technologies Ltd.'s UTM-1 Edge X appliance provides just such a solution. The UTM-1 Edge X was easy to get incorporated into our test network. Set to DHCP by default, a laptop connected via Ethernet was used to get to the management console. The console has a wizard that assists in getting network settings and the device to the current updates quickly and with no headaches. The network objects to be protected by the device can be set up as a range of IP addresses, or individual nodes can be defined.
The management feature opens up to a Welcome page with links on how to obtain additional services and how to access additional product documentation. A minor quibble—the network status page is under the "Report" tab, which is a little confusing because it's not reportable information, it's a realtime monitor of what is currently happening on the network. So that's not the most logical placement for it.
No matter, though, because the information that Status Monitor gives is useful and well-organized. At-a-glance information on Internet connection status, any active VPN tunnels, as well as the status on antivirus and other services are available. There is also a Resource Utilization widget that displays in-use memory amounts, CPU utilization, node amounts and other information.
An Event Log keeps track of all activity going on with the appliance. During testing, any task done involving the device from a firmware upgrade to test user logins were recorded. We set the firewall to the medium security setting. Settings are changed via a slider icon. There are also intrusion-detection/intrusion-protection capabilities called SmartDefense in the interface. SmartDefense can be configured using a wizard or manually. It protects against threats like Denial of Service attacks, port scans, HTTP exploits and others. We configured SmartDefense to use the default settings by configuring it through the wizard.
We tested the defenses of the UTM's firewall by initiating a number of attacks using Core Security Technologies' Core Impact. A Denial of Service attack was detected, prevented and logged in the security log file of the Edge X device with the following message: "SmartDefense: Welchia DoS attack detected. The Welchia worm uses the Microsoft DCOM vulnerability or a WebDAV vulnerability. After infecting a computer, the worm begins searching for other live computers to infect. It does so by sending a specific ping packet to a target and waits for the reply that signals the target is alive. This flood of pings may disrupt network connectivity." The attack was successfully blocked by the device.
SmartDefense can also be used to block peer-to-peer applications, instant-messaging programs and game traffic as well. We configured a block on the MSN Messenger application. Trying to launch Messenger from a client machine under the guard of the UTM-1 Edge X, we received a pop-up message: "We were unable to sign you into Windows Live Messenger at this time." In the UTM's management console under the Security Log was an entry stating, "SmartDefense Block Reason: MSN Messenger." The device blocks MSN Messenger traffic by identifying MSN Messenger fingerprints and HTTP headers. When we set the appliance to Unblock MSN messenger, access was allowed instantaneously.
The VStream AntiSpam service can scan for spam by content and can check SMTP connections against an online IP reputation database. A solution provider can define antispam policy rules for clients, as well as create a "Safe Senders" list.
VStream AntiVirus is configured to scan against standard services like Web, FTP, IMAP, and Mail Servers can also scan against the Microsoft Networking (NBT) service. The device also has VPN capabilities. There are three ways to allow VPN access: through the Internet, from internal networks or through the Layer 2 Tunneling Protocol. Another wizard (this device is pretty user-friendly) walks an administrator through setting up either a remote access VPN site that allows users to establish remote access sessions to different networks or a site-to-site VPN that allows for the establishment of a secure and permanent link between the local network and a remote one.
Load balancing, a Quality of Service utility called Traffic Shaper and a native remote desktop service are some of the other features that make this a hearty UTM for the branch office.