Security

Lock IT Down: Consolidate your security efforts with Symantec's 5-in-1 appliance

Learn how one appliance solves five security problems


Viruses and other threats continue to become more complex and insidious, and it’s a constant battle to keep up with them. But there's some good news. Symantec has introduced a product that promises not only to improve network security but also to ease your network security burden—and maybe even save a little money in the process.

Symantec’s Gateway Security appliance is a gateway server that offers five security functions to guard networks from viruses and malicious attacks. This article will introduce the product’s features to help you determine whether the device could be a cost-effective and viable solution for securing your network.

Overview
Symantec’s Gateway Security appliance (Figure A) is a rack-mountable server designed to improve upon existing security measures by integrating technologies to better handle “blended” threats, such as CodeRed and Nimda. Because the gateway rests at the perimeter of the network, threats are stopped before they have a chance to get into the network itself.

Figure A
Symantec’s Gateway Security appliance promises robust, easy-to-manage security.


The Gateway Security Appliance combines five protection measures:
  • Firewall
  • Virtual Private Networking (VPN)
  • Intrusion detection
  • Content filtering
  • Antivirus

The interoperability of these technologies enables the device to deal with complex network threats, which must pass through a series of inspections, thus minimizing the chances of penetration. As Figure B shows, no traffic can reach other devices on the network without first passing through the Gateway’s security checkpoints.

Figure B
Gateway Security rests between your network and outside threats.


Symantec’s appliance thus filters and scans incoming traffic before it touches your internal network. Its positioning in this manner, coupled with the integration of multiple security measures (as illustrated in Figure C), should translate into solid protection.
Figure C
Model
5110
5200
5300
Nodes (license limit)
50
250
Unlimited
Suggested nodes
50
250
1,000
Maximum throughput
40 Mbps
80 Mbps
80 Mbps
Sustained throughput
12 Mbps
(8 x T1)
40 Mbps
(1 T3)
40 Mbps
(1 T3)
MSRP
$11,790
$23,590
$51,990
Estimated street price
$8,000
$18,000
$43,000
Compare the features of Symantec's three models of the Gateway Security appliance.

This appliance could streamline your security workload by allowing you to set up all of these security features in one deployment rather than through five separate deployments. It also provides a single interface to administer these security services. Of course, the main drawback is that the appliance is a single point of failure. Any virus or an intruder that gets past it will have unfettered access to the network.

Let's take a closer look at what this appliance offers in each of its five main features.

Firewall
Gateway Security’s firewall is ICSA-certified and uses IP security protocol (IPSec) technology to monitor traffic. You can set policies for traffic control to filter what is allowed in and to block outgoing traffic that does not comply with sanctioned network use.

Because the device is ICSA-certified, you can rest assured that it complies with industry security standards. For detailed information about the criteria the ICSA uses to certify firewall products, check out their firewall page.

VPN
Symantec’s appliance features VPN functionality to secure links between the corporate office and remote users. The appliance uses data encryption to help secure VPN connections and also monitors traffic at the network and application levels. It supports public key infrastructure (PKI) and Internet key exchange (IKE) encryption to authenticate users. It also supports a variety of other authentication technologies, including digital certificates, Windows NT Domain Login, S/Key, SecureID, and X.509 certificates, as well as TACACS+, RADIUS, LDAP, and other authentication protocols.

Once again, Gateway Security’s VPN feature is ICSA-certified to comply with industry standards.

Intrusion detection
The Gateway Security appliance employs over 80 attack signatures to detect and block network intrusions. The device will also notify administrators of any attempted attacks on the network, including probes.

In addition, the device will identify security weaknesses and needed updates to the system. Attack signatures are automatically updated via Symantec’s Live Update to ensure that it can handle the latest network threats.

Content filtering
The appliance allows admins to filter Internet content to block access to certain URLs and newsgroups. This will help prevent users from performing non-business-related activities on the Web, preserving bandwidth for necessary tasks. It also prevents users from accessing inappropriate sites against company policy. The device can block traffic from suspicious IP addresses and will reject packets from any blacklisted IPs.

The Gateway Security appliance can also block e-mail messages by subject line content, attachment type, and message size. Thus, e-mail messages containing content common to typical virus threats spread in this manner can be effectively prevented from entering the network, and e-mail usage policies can be enforced.

Antivirus protection
Of course, no network security product would be complete without some kind of antivirus protection. The Gateway Security appliance takes advantage of the same technologies present in Symantec’s Norton AntiVirus product, including NAVEX, its trademarked modular virus-scanning engine. The appliance’s antivirus feature can detect viruses in e-mail, file transfers, and Web traffic. Live Update can be used to update virus definition files, enabling the appliance to detect and guard against the latest virus threats.

Benefits and drawbacks
The biggest advantage of Symantec’s Gateway Security appliance is that it consolidates several security features into one device. It offers a common interface to manage all of its features, and smart setup wizards can be used to configure the various settings. This makes the device easy to set up and administer. You'll get protection from outside threats with a lot less hassle than if you're administering multiple devices and multiple programs, especially when those programs run on different operating systems.

Since the appliance acts as a gateway between the network and the Internet, the chances of a threat getting into the network are minimized. Of course, as I mentioned, a potential drawback of this setup is that if the Gateway Security appliance fails, the network is left open to attack. You'll need to provide some protection on Web and e-mail servers as a backup in case the first line of defense is down.

Another possible concern is that since all traffic is routed through the device, it could create a bottleneck that hampers network performance. However, Symantec says that the Gateway Security appliance will deliver high performance and promises high availability and load balancing. If the device can perform as Symantec claims, there shouldn't be any bottleneck problems.

Overall, Symantec’s Gateway Security appliance is a promising new product that may especially benefit small and midsize companies looking for a cost-effective and easy security solution. The consolidation of several security functions into one device managed through a single interface makes this an attractive option that many companies may want to check out.

For detailed information on the product’s features, including support options, be sure to check out the fact sheet at Symantec’s Web site.

Editor's Picks

Free Newsletters, In your Inbox