Unified Threat Management Device Roundup

Review by Enex TestLab
Page:

Testing Results

UTM Device External Tests Internal Tests Custom Outbound Firewall Policy Rules sets
Astaro Security Gateway 120 Port 4444 open 53 and 4444 open HTTP Traffic allowed, SSH traffic blocked as expected.
CheckPoint Safe@Office 1000N Zero ports found open 22,53, 80, 443 and 981 HTTP Traffic allowed, SSH traffic blocked as expected.
Netgear ProSecure UTM 50 Port 443 open 21,80 and 443 open HTTP Traffic allowed, SSH traffic blocked as expected.
SonicWall NSA240 Zero ports found open 22,80 and 443 open HTTP traffic allowed, SSH traffic blocked as expected.
WatchGuard XTM 810 Zero ports found open 4117,4118 and 8080 open HTTP Traffic allowed, SSH Traffic blocked as expected.

Test Analysis

In an ideal world we would expect every UTM device to have zero ports (and so no internal services) detectable via the internet. But as the results table shows, only three out of the five appliances achieved this, good results from Watchguard, SonicWall, and Check Point.

Astaro’s and Netgear’s products didn’t quite manage this goal, but each device only exposed a single port and both vendors’ reasoning is sound, the ports were available for remote administration. Additionally, each of vendors had put security controls in place to help prevent unauthorised access to devices through these exposed ports. Netgear’s ProSecure UTM 50 does not allow remote users to authenticate with the device from the WAN, unless specified by the LAN based administrator. Astaro’s Security Gateway 120 employs its 'block password guessing' feature. This deters unwanted brute force attacks by blacklisting IP addresses after three failed authentication attempts.

Generally, we'd expect to find some standard ports open by default because devices would be unusable without some basic access to begin with. In terms of customised outbound firewall policy rules we evaluated, each device fully complied with the rules we modified. For example, we internally blocked the SSH protocol on port 22 and allowed HTTP traffic requests on port 80 without issues.

Page:

Related Articles

  1. The Grill: Eugene Kaspersky

  2. Security demystified: Essential enterpirse anti-virus tips

  3. From CMO to CEO: Anametrix’s Pelin Thorogood

    CMO

Join the Computerworld Australia group on Linkedin. The group is open to IT Directors, IT Managers, Infrastructure Managers, Network Managers, Security Managers, Communications Managers.

More about: ASG, Astaro, CFS, CheckPoint, Check Point, DPI, Enex TestLab, eSecurity, etwork, Gateway, Gateway, Intel, Intrusion, LAN, Netgear, Nintendo, NSA, SEC, SonicWall, SSH, Watchguard, WatchGuard
Comments are now closed.
Related Coverage
Related Whitepapers
Latest Stories
Community Comments
Tags: content filtering, Uniied Threat Management (UTM), CheckPoint Safe@Office 1000N, Netgear ProSecure UTM 50, vpn, firewall, UTM devices, Astaro Security Gateway 110, WatchGuard XTM 810, UTM solutions, SonicWall NA240, anti-virus
Whitepapers
All whitepapers
Sign up now to get free exclusive access to reports, research and invitation only events.
Featured Download
/downloads/product/22/cdex/

CDex

CDex can extract the data directly (digital) from an Audio CD, which is generally called a CD Ripper or a CDDA utility.

Computerworld newsletter

Join the most dedicated community for IT managers, leaders and professionals in Australia