This review is part of the Product Reviews department in the May 2004 Information Security magazine issue.
SnapGear by CyberGuard PCI635
Price: Starts at $399
CyberGuard's SnapGear by CyberGuard PCI635 packs full-featured security in a NIC. It optimizes firewall, IDS, VPN, QoS and Web-caching protection in an embedded card.
It runs uClinux on a form factor and allows PCI635 to run independently of the host operating system, which adds granular security control and a hardware-based performance kick at the local server level.
The technical and security features are enterprise-class, and the firewall exceeded our expectations, providing stateful packet inspection, traffic shaping, Web caching and VPN options that performed flawlessly during testing. The QoS packet shaping can control bandwidth used for high-priority traffic. Its Web cache adjusts from 1MB to 32MB and can be extended using the host drive array. The VPN system supports PPTP, L2TP and IPsec tunnels, and can act as a client or a server. PCI635 features an anonymizer, which strips identifying information from HTTP requests, and the user name and password mechanism is encrypted -- addressing a common vulnerability in security products.
When PCI635 is set up with the IDS activated and blocking and/or logging turned off, external scans show a dead host (or black hole). The IDS can also act as a distributed sensor for a Snort infrastructure. However, we found a minor hole in the embedded Boa Webserver: Turning on the Snort-based IDS and activating its logging function makes it possible to perform a DoS attack on the local administration Web console by crashing Boa Webserver. CyberGuard says a new version of the firmware is being developed to plug this hole.
While PCI635's technical and security features are impressive, installation was an ordeal. We couldn't establish connectivity, even though we followed the installation manual step by step. After several attempts using the online wizard, we still had it configured incorrectly and had to call technical support. Within minutes, a professional, knowledgeable and patient staff member had walked us through a successful installation. CyberGuard, which acquired SnapGear late last year, says the installation manual is being revised.
Administration is done via Telnet, SSH or HTTP/ HTTPS, using the Boa Webserver. You can also configure it for central administration via the optional SnapGear Centralized Management System. While the Web console is standard fare -- with configuration options listed on the left side -- its lack of easily accessible online help is taxing. You need to sign onto the card, locate the support page, find the link to the technical support site, create a user account and then search the knowledge base. A simple help link on the main page would be easier.
Despite a minor security hole and poor documentation, SnapGear by CyberGuard PCI635 is a refreshing change of pace from the 'me too' products hitting the market. With the cost of rackmount servers, it's worth consideration and is a small price to pay for high-end protection.
-- TOM BOWERS
To read the rest of the reviews on BugScan, AEP SureWare A-Gate AG-600 and WebInspect Enterprise Edition 4.0, visit Information Security magazine's Product Reviews.