Review: IM Gets A Safety Net

Every IM poses a potential threat to a company's legal compliance, network and data security or business policies. Unified Security Gateway (USG) is Belmont, Calif.-based FaceTime Communications Inc.'s solution for securing realtime communications, which can be the trickiest network traffic to control.

The USG appliance connects to the SPAN/TAP port of a switch. Two additional Ethernet ports are also connected: a management port and a proxy port to connect internal IM clients to the device, which is preloaded with Linux and has two 1.6GHz dual-core processors and 4 Gbytes of memory.

The management interface is Web-based. Reviewers first configured network settings, adding domain information and primary DNS, and set up authentication against Microsoft Active Directory. Deployment in the lab also involved creation of policy groups, including one for a less restrictive policy (Admins) and one more restrictive (Users).

Policy setup was easy to navigate. Clicking on the Admins or Users group names brought up the policy configuration screen. From there, access and restrictions were configured for the more popular (and some not so well known) IM applications, P2P software, malware/adware and Web filters. Testers left the Admin group with access to the more mainstream applications, while the Users group was completely locked down.

In testing, clients accessing blocked sites were given a default warning message indicating that corporate policy did not allow access to those sites. The warning is customizable and can include graphics, such as the company's logo. Additionally, an e-mail alert can be sent to the user's mailbox. IM restrictions were set up to flag for specific words in the chat. When the specific word was typed, a system-generated message came on screen stating the policy was violated.

IM management is pretty detailed. There is a "spIM" setting, which is used to combat IM spam. A challenge response can be enabled to prevent bots from spamming IM sessions. IM chat is logged through IM transcript reports, listing the username, IP address and all text of the chat session.

Web filtering is set up by default though synchronization with the Secure Computing Control list. With filtering, there are the options of blocking, allowing access or "coaching." The coaching feature enabled the system to send a warning suggesting the user should not access the questionable site but did not block access to the site. Filtering can also block specific files.

P2P and malware filtering features give as much administrative control as Web and IM filtering and are as easy to configure.

With P2P filtering, the version of P2P software allowable can be defined. For example, if there is a known vulnerability in a particular version of an application that is allowed on the network and there is another version of the software patched against that vulnerability, administrators can give access only to the more secure version.

USG is priced at $24,995—that includes support for 1,000 users and full functionality. The system is scalable for an enterprise with more than 10,000 users. Solution providers can integrate the device in a network that has a firewall or an enterprise antimalware system already intact.

With a solution like USG, in conjunction with a strongly defined and consistently applied technology usage policy, solution providers can offer a formidable defense in the rapidly evolving and constantly challenging realm of realtime communications.