|E-NEWSLETTER PREMIERE ISSUE|
|Cisco ASA Aids Security|
|Windows 7: Securing Removable Drives|
|Unified Threat Management|
|Fighting Off Future Attacks|
With cybersecurity a continuing priority, more and more network managers are turning to a new class of network security appliance to blunt attacks from viruses, spyware, and vulnerability exploits. Often referred to as unified threat management (UTM), these appliances combine a firewall with powerful processors and a variety of software gateways to stop threats that launch from both outside and inside the network.
SonicWall offers the NSA E5500, an enterprise-class multipurpose security appliance that can sit at network junctions, acting as a firewall, network bridge and all-around guardian against malicious content and malware.
The E5500 is the entry point into SonicWall's NSA E-series. A single E5500 can protect a network of a few hundred users, handling 15,000 network connections per second and providing in-depth defense as a gatekeeper to traffic going to and from the Internet.
The E5500 can also provide protection against internal threats, screening traffic passing between nodes of the network. And it protects down to the desktop as well with its antivirus and antispyware client software -- the use of which can be enforced by the E5500, denying network connections to unprotected systems. The client antivirus and antispyware software, Enforced McAfee, can be linked to any web, e-mail, or File Transfer Protocol connection, intercepting infected or malicious files before they are downloaded.
As a gateway, the E5500 can do content filtering on all network traffic as it passes through. It supports application-level filtering, blocking or limiting bandwidth for various types of applications (such as YouTube videos or unauthorized file-sharing programs, for example). It also can monitor traffic to perform intrusion prevention, responding to denial of service and malware attacks.
Most of the E5500's firewall and filter capabilities are services that require a subscription. If you sign up for SonicWall's content-filtering service, the E5500 can screen out web content that has been rated as objectionable or malicious based on a dynamic database of suspect web addresses. There's also an antispam service that blocks unwanted and virus-carrying e-mail at the network gateway.
Additionally, the E5500 can provide protection for remote sites with encrypted virtual private network connections, supporting up to 4,000 site-to-site VPN tunnels to connect to remote networks, or up to 4,000 computers connecting over the Internet using client VPN software.
Why It Works for IT
Although it's an enterprise-class appliance, I found setup and management to be incredibly straightforward. Initial settings can be configured from the front panel of the appliance, but most of the software configuration can be managed centrally through a web interface. Called the SonicWall Global Management System, the web tool lets an administrator manage multiple appliances across an enterprise and get real-time monitoring data.
It also provides high performance. Powered by an eight-core high-performance processor, the E5500 has all the oomph it needs to perform its content- and application-filtering tasks at 1 gigabyte per second or better. That means there's little if any latency, and users likely won't even notice a difference in application performance.
The E5500 can be configured for automatic failover, and a high-availability port lets you to configure a second E5500 appliance as a backup, which will take over in the event of a system failure.
The E5500 can also be set to apply different policies to network zones. Each of the system's eight Gigabit Ethernet ports can have different policy settings. For example, I configured the test system as a primary gateway to the Internet, with wireless network and LAN zones for clients and a DMZ for Internet-facing servers, each with different levels of protection.
Although the annual service licensing model provides a set of well-integrated, well-supported defenses, it carries an annual recurring cost if you want to take full advantage of its capabilities.
Additionally, while the management tool is fairly straightforward to use, it's not something to be put in the hands of an inexperienced technology staffer. Make sure that you adequately train the systems administrator who's going to manage this piece of your security arsenal.