Tip

Product Review: SnapGear by CyberGuard PCI635

This review is part of the Product Reviews department in the May 2004 Information Security magazine issue.

EMBEDDED FIREWALL
SnapGear by CyberGuard PCI635
CyberGuard
Price: Starts at $399

CyberGuard's SnapGear by CyberGuard PCI635 packs full-featured security in a NIC. It optimizes firewall, IDS, VPN, QoS and Web-caching protection in an embedded card.

It runs uClinux on a form factor and allows PCI635 to run independently of the host operating system, which adds granular security control and a hardware-based performance kick at the local server level.

The technical and security features are enterprise-class, and the firewall exceeded our expectations, providing stateful packet inspection, traffic shaping, Web caching and VPN options that performed flawlessly during testing. The QoS packet shaping can control bandwidth used for high-priority traffic. Its Web cache adjusts from 1MB to 32MB and can be extended using the host drive array. The VPN system supports PPTP, L2TP and IPsec tunnels, and can act as a client or a server. PCI635 features an anonymizer, which strips identifying information from HTTP requests, and the user name and password mechanism is encrypted -- addressing a common vulnerability in security products.

When PCI635 is set up with the IDS activated and blocking and/or logging turned off, external scans show a dead host (or black hole). The IDS can also act as a distributed sensor for a Snort infrastructure.

    Requires Free Membership to View

However, we found a minor hole in the embedded Boa Webserver: Turning on the Snort-based IDS and activating its logging function makes it possible to perform a DoS attack on the local administration Web console by crashing Boa Webserver. CyberGuard says a new version of the firmware is being developed to plug this hole.

While PCI635's technical and security features are impressive, installation was an ordeal. We couldn't establish connectivity, even though we followed the installation manual step by step. After several attempts using the online wizard, we still had it configured incorrectly and had to call technical support. Within minutes, a professional, knowledgeable and patient staff member had walked us through a successful installation. CyberGuard, which acquired SnapGear late last year, says the installation manual is being revised.

Administration is done via Telnet, SSH or HTTP/ HTTPS, using the Boa Webserver. You can also configure it for central administration via the optional SnapGear Centralized Management System. While the Web console is standard fare -- with configuration options listed on the left side -- its lack of easily accessible online help is taxing. You need to sign onto the card, locate the support page, find the link to the technical support site, create a user account and then search the knowledge base. A simple help link on the main page would be easier.

Despite a minor security hole and poor documentation, SnapGear by CyberGuard PCI635 is a refreshing change of pace from the 'me too' products hitting the market. With the cost of rackmount servers, it's worth consideration and is a small price to pay for high-end protection.

-- TOM BOWERS

To read the rest of the reviews on BugScan, AEP SureWare A-Gate AG-600 and WebInspect Enterprise Edition 4.0, visit Information Security magazine's Product Reviews.

This was first published in May 2004

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.