The intruder at the gate

By Matt Tett, Technology & Business Magazine

26 September 2005 12:58 PM

Tags: network, security, firewall, t&b, technology & business magazine, intrusion, detection, yes



		Contents Introduction CyberGuard SG710 Fortinet Fortigate 200A Juniper IDP 200 SonicWALL 5060 WatchGuard X1000 Tier-3 Huntsman Specifications How we tested Test Analysis Editor's choice About RMIT

CyberGuard SG710
This is a 1RU black chassis with a silver plastic bezel. The front incorporates 10, 10/100 Ethernet ports. There is a 9-pin serial console port on the front panel along with five status LEDs. The rear has an IEC power connector, switch, a small fan and empty expansion port.

Configuration, administration, and management are all done via a Web-browser interface. Good options are available to the administrator -- take, for example, the user configurable network ports which can be set to load balance Internet connections such as ADSL, cable, and so on.

Centralised management is available with syslog supported. The logging is relatively limited with nine predefined categories sent out to the syslog server port, or to e-mail. There is no report-generating tool integrated into this device. The logging for the IDS is limited to an external MySQL server. From here the administrator can export logs into several open source or commercial report generators and traffic monitoring systems. There is a basic syslog viewer built into the advanced section of the interface which does show some of the dropped connections and snort rules when they are applied -- this seems to be included more for diagnostic purposes.

Setting up the intrusion detection on the SG710 is straightforward, however, it is best to ensure the rest of the device is setup as the controls are very granular and it becomes worthwhile to ensure that the system is working across the LAN/WAN/DMS and other segments that are required.

There are two parts to the CyberGuard Intrusion Detection system. The first is similar to WatchGuard's in that it is a detection and blocking system (IDB), which can be configured to detect TCP and/or UDP probing and optionally set to block individual hosts after a certain number of triggers are set off. There are three default levels which can be used as a guide to set the sensitivity level of the IDB component -- these are Basic, Standard, and Strict. Administrators can add or remove individual items from these lists.

The second component in the Cyberguard IDS uses Snort. This is a rule-based detection system which compares traffic with a number of rules and therefore can pickup anomalies in the packets and block them.

There are about 45 rule sets included and the administrator can pick and choose whichever ones they want to apply.

Overall, this is a straightforward and easy-to-use device with a good range of ports that would provide the flexibility small businesses would need. A definite plus is the ability to set two WAN ports and provide fail-over or load balancing across two PPPoE ADSL connections or even cable connections. The next generation of the firmware (v3.2), which should be available when this review is published, promises to have more depth to its IDS/IDP solution and to add antivirus at the gateway as well (Clam AV).

Product	SG710
RRP	AU$4,490
Price range	AU$1,299 to $6,250
Vendor	CyberGuard Inc
Phone	07 3435 2888
Web	www.cyberguard.com

Interoperability
No reporting available, good levels of logging supported, very easy to use.
Futureproofing
Good levels of futureproofing are available, especially additional features in release 3.2 of the firmware.
ROI	½
Well priced for features.
Service
12 months warranty seems about average for these types of devices, extended warranty is available.
Rating	½