Unified Threat Management: Secure Computing's Sidewinder 2150 v7
This article can also be found in the Premium Editorial Download "Information Security magazine: CISO survival guide: 18 of the best security tips."
Download it now to read this article plus other related content.
We followed the same testing procedure as for the comparative review and tested how these products would work on a daily basis. While Sidewinder's IDS/IPS is wired to live inside its firewall module, it has a very flexible IPS coverage and can scan for attack signatures and behaviors. It can also explicitly detect outbound attack signatures. Sidewinder has a very useful front-page dashboard that shows alerts, CPU and memory usage, and other summary statistics in one convenient place. It is also easy to set up and change security policies.
|Authentication & Security||B
Sidewinder sets up most of it security policies for each network interface, but has separate controls for content filtering, antivirus and antispam modules that are applied across these interfaces. Sidewinder offers connections to a variety of authentication servers, including Radius, LDAP, Active Directory and iPlanet servers. It includes an IPsec VPN only--no SSL.
|Feature Module Integration|
Sidewinder uses Sophos antivirus scanning but also has its own SmartFilter content filtering engine. However, SmartFilter requires a separate Windows-based administration and configuration tool and its own obscure setup with nested sub-menus. This is because Secure Computing sells this as a separate product that can be run on other vendors' firewalls. We'd like to see it completely integrated into the main console. One nice feature is the ability to run several antivirus scanners in parallel on the same box to balance the processing load. A maximum 1 GB file attachment can be scanned.
Although Sidewinder was able to easily block Skype with its default settings, it doesn't have explicit protection rules for other IM/P2P protocols.
It does extensive port scanning, including ports used for VOIP, IM, P2P, SQL server and Citrix applications. It also protects against common Web server attacks, such as SQL injection and cross-site scripting.
Sidewinder offers solid security features and is easy to set up and manage. Its strengths are extensive IDS/IPS and antivirus scanning features; its biggest weakness is its separate content filtering module.
Testing methodology: We connected the Sidewinder box on a test network with Windows XP, Vista and Apple Macintosh clients and a Windows 2003 Enterprise Server, and ran tests using Skype, AOL and Google Talk IM clients, and various security penetration techniques.
This was first published in July 2007