Review: McAfee Appliance Offers All-In-One Security

The Secure Internet Gateway (SIG) 3000 appliance from McAfee is designed as an all-in-one tool that blocks spam, viruses, malicious Web sites and spyware. Supporting only 200 users per device, the appliance targets small and mid-size businesses looking for a comprehensive security solution that is easy and simple to manage.

SMBs generally want an affordable tool that can do several different things at once. Putting together individual components is tricky because there may be gaps in security protection, and costs can balloon out of control. An all-in-one box like the SIG appliance fits the budgetary and physical space constraints that smaller customers regularly face.

CRN Test Center engineers installed the SIG 3000 in transparent bridging mode behind a firewall, which is the most common setup mode for customers, according to the vendor. Customers may also choose to configure the appliance in either the router or proxy mode instead.

Installation for the SIG 3000 was easy and straightforward. The appliance was connected to a VGA monitor, keyboard and mouse before powering the unit on. Of the two Ethernet ports, only one was used during the initial setup. After the appliance completed the Red Hat Linux boot sequence, engineers entered the appliance's hostname, domain and an IP address using a menu interface. A few other LAN and NIC settings and the transparent bridge mode setting were also selected through the interface. Once the appliance was configured, the engineers connected both ports on the box so that all Internet traffic flowed from the firewall to the box, and then onward to the rest of the network.

id
unit-1659132512259
type
Sponsored post

After the initial configuration, all management functions were performed through the SIG's Web browser interface. It's not necessary to connect a keyboard, monitor and mouse to the box for configuration and maintenance purposes. The management application is accessible from any computer on the same network. Since the appliance ships with a default IP address, if administrators had not assigned an IP address during the initial setup, the box would still be accessible using the default address. There's also a standalone Microsoft Windows desktop client that can be installed for configuration and maintenance.

SIG 3000 supports the major networking protocols: SMTP, POP3, HTTP, FTP and ICAP. Engineers tested e-mail through both SMTP and POP3 protocols and were very impressed with the spam filtering capabilities. The box was able to filter out most spam, even image spam. For the first test, the mail server applied its own spam rules. SIG correctly flagged spam messages that the mail server had missed. As a side experiment, engineers tested e-mail messages in a Google Gmail account. Engineers were impressed that SIG caught and flagged a few spam messages that Gmail missed, as Gmail is considered to have one of the better spam filters. As a second test, the spam filter on the mail server was turned off and the SIG handled all the spam filtering. The appliance flagged all the spam messages correctly.

SIG 3000 can also scan Web email accounts, which is very convenient. While Yahoo offers virus scanning, it was a relief to know there was some protection for other accounts, including Hotmail and Gmail. Engineers tried downloading viruses and spyware from various sites, as well as surfing to sites that had harmful scripts embedded. SIG was able to stop all attempts.

The Web interface has a menu displaying many different tasks, namely Monitor, Policy, Configure, Update, Email, Systems, Network, and Troubleshoot. The interface has a lot of built-in features, such as reporting and threat identification. Compliance-related reports are built-in to the system. The management application, while easy to navigate and to setup basic security rules, is jam-packed with lots of features and settings. It's a little too easy to accidentally skip over a drop-down box or menu option and entirely miss a feature.

The device's strengths lie in spam filtering, virus scans, and malware blocking. However, administrators can take advantage of various built-in network tools to monitor network bandwidth. SIG can also log all Web traffic by users and present them in a way administrators can easily identify what Web sites users are visiting. Administrators can also act to either send an on-screen warning or block Web sites entirely when a user tries to access inappropriate site.

It can also set up an NTP (time server), handle load sharing and specify the servers in an ordered list. A business rules engine helps define rules and constraints, such as mail size filtering and preventing files of a certain file size from being e-mailed outside the company.

McAfee Site Advisor is built in to the appliance and monitors, warns or stops users from visiting malicious sites. Site Advisor also allows administrators to block and report use of inappropriate web sites. The appliance also updates security definitions on a regular basis to keep its protection current.

SIG 3000 had a single processor, 512Mbytes of RAM, a single hard drive, and a single power supply with 10/100/1000 networking. Later versions in the same series all have the dual processor. The unit is priced at $2,395 with an unlimited user license and 1 year of hardware and gold software support.