Netgear targets SMB market with new security tool
ProSecure STM600 offers broad antispam, antimalware and content filtering alware and content filtering
Network World -
We tested the STM600, the high-end appliance Netgear started shipping in November, and found that it does an adequate job of blocking what you don't want, while making a minimal intrusion into your network.
The STM600 combines two main functions in a single appliance. First is e-mail protections, including antispam and anti-malware, as well as some content filtering. Second is Web and FTP client protections, including antimalware and content filtering.
The STM600 has an easy-to-use Web-based interface, and a separate out-of-band management port, which is a nice feature. In general, most network managers will be able to configure the STM600 in just a few minutes.
The e-mail protection features work on SMTP, POP3 and IMAP4 protocols. You identify what ports you're running these three protocols on, and then define a fairly simple policy on how to handle traffic.
Web protection is slightly more sophisticated. You start with the same configuration: define what ports you run HTTP, Secure-HTTP and FTP on, then say which policies will apply. The STM600 supports malware scanning, content filtering (such as blocking .EXE files or online shopping sites), URL filtering with your own block/allow lists of URLs and sites, application filtering for a list of about 18 common applications, such as BitTorrent, GoToMyPC, and Yahoo Messenger, plus man-in-the-middle HTTPS scanning.
The STM600 also allows HTTP users to authenticate themselves using a Web page, and you can use this authentication to apply exceptions to your basic policy.
Inline ins and outs
The STM600 acts as a "bump in the wire," meaning that it sits transparently in your network, doing its job, without any additional configuration of your Web clients, mail servers or DNS. That's quite a departure from other products in this space, which usually act as separate e-mail servers or Web proxies.
The advantage is that you don't have to touch anything. But there are also disadvantages. The most obvious is that now the STM600 is sitting "inline" in your network, controlling all traffic. If the STM600 locks up or otherwise starts misbehaving, everything can slow down or be cut off entirely.
Netgear partially works around this by putting fail-open ports on the STM600, which let traffic pass through untouched if the STM600 loses power. We tested this and found that the STM600 is only "mostly" transparent. Both when we power-cycled it, and when it rebooted, we had to clear ARP caches before communications would resume. You've got to be comfortable putting another device in the critical path between your network and the Internet to consider this approach.
Another unusual part of the STM600 configuration is that you don't really make it aware of IP addresses, only ports to scan. This means that, by default, the STM600 will scan traffic to every IP address on the ports you list. That can be a benefit, or it could cause mysterious network problems if you don't realize that even your test lab is being filtered. Fortunately, there is a way to exclude specific IP addresses or subnets from scanning.
- The Brave New World of Customer-Centric Manufacturing The Unique Opportunity for Manufacturers to Better Understand their Consumers
- Confront consumerization with convergence Virtualization expert Elias Khnaser spotlights the security, compliance, and governance issues that arise when enterprise users "consumerize" with shadow IT and public cloud...
- Implementing Energy Efficient Data Centers This paper explains how to quantify the electricity savings and provides examples of methods that can greatly reduce electrical power consumption.
- Virtualization and Cloud Computing: Optimized Power, Cooling, and Management Maximizes Benefits The effects that the cloud and virtualization have on the data center are discussed and possible solutions or methods for dealing with them...
- What should I look for in a Next Generation Firewall? SANS Provides Guidance With so many vendors claiming to have a Next Generation Firewall (NGFW), it can be difficult to tell what makes each one different....
- Why Are Customers Really Deploying an NGFW? It seems every IT Security expert is talking about the NGFW, but what are people really doing? This webcast covers 5 real-world customer... All Small Enterprise White Papers | Webcasts