UNIFIED THREAT MANAGEMENT
Sidewinder 2150 v7
REVIEWED BY DAVID STROM
Price: Varies; as tested, $35,900
In its June issue, Information Security tested six Unified Threat Management (UTM) boxes; this month we review Secure Computing Sidewinder UTM, specifically the large-enterprise 2150 appliance. The new Sidewinder release was too late for the comparative evaluation, but would stack up in the middle of the pack.
Sidewinder has a collection of different software management tools. Unlike most other UTM products, it does not have a built-in Web server but uses a Windows-based tool that doesn't run on Vista yet. One big drawback is that the product doesn't include a DHCP server for the local network; you'll need to supply your own. It took about an hour to set up.
Sidewinder doesn't allow multiple concurrent administrators to save configurations, although they can view configuration and monitor operations. It also comes with dual power supplies, which is handy if one fails. It also has two available add-in slots in the model we tested.
We followed the same testing procedure as for the comparative review and tested how these products would work on a daily basis. While Sidewinder's IDS/IPS is wired to live inside its firewall module, it has a very flexible IPS coverage and can scan for attack signatures and behaviors. It can also explicitly detect outbound attack signatures. Sidewinder has a very useful front-page dashboard that shows alerts, CPU and memory usage, and other summary statistics in one convenient place. It is also easy to set up and change security policies.
|Authentication & Security
Sidewinder sets up most of it security policies for each network interface, but has separate controls for content filtering, antivirus and antispam modules that are applied across these interfaces. Sidewinder offers connections to a variety of authentication servers, including Radius, LDAP, Active Directory and iPlanet servers. It includes an IPsec VPN only--no SSL.
|Feature Module Integration
Sidewinder uses Sophos antivirus scanning but also has its own SmartFilter content filtering engine. However, SmartFilter requires a separate Windows-based administration and configuration tool and its own obscure setup with nested sub-menus. This is because Secure Computing sells this as a separate product that can be run on other vendors' firewalls. We'd like to see it completely integrated into the main console. One nice feature is the ability to run several antivirus scanners in parallel on the same box to balance the processing load. A maximum 1 GB file attachment can be scanned.
Although Sidewinder was able to easily block Skype with its default settings, it doesn't have explicit protection rules for other IM/P2P protocols. It does extensive port scanning, including ports used for VOIP, IM, P2P, SQL server and Citrix applications. It also protects against common Web server attacks, such as SQL injection and cross-site scripting.
Sidewinder offers solid security features and is easy to set up and manage. Its strengths are extensive IDS/IPS and antivirus scanning features; its biggest weakness is its separate content filtering module.
Testing methodology: We connected the Sidewinder box on a test network with Windows XP, Vista and Apple Macintosh clients and a Windows 2003 Enterprise Server, and ran tests using Skype, AOL and Google Talk IM clients, and various security penetration techniques.