Anti-virus and anti-spam plus web content and message filtering are all critical components, but rather than having to deal with a bunch of disparate products, it is proving a lot more practical to have them all in one bag.
The Webwasher 1000 (WW 1000) looks to have all the angles covered because it amalgamates CyberGuard’s complete CSM (Content Security Management) software suite and delivers it as an appliance-based solution.
With a 1U Intel SR1300 rack server as its foundation, the WW1000 provides a good specification, which includes a pair of 3.06GHz Xeon processors teamed up with 1GB of PC2100 SDRAM. CyberGuard’s hardened CGLinux kernel is installed on a single 36GB SCSI hard disk, which is also used for functions such as virus quarantining and storing statistics and reports.
The WW1000 appliance supports a wide range of deployment scenarios and, at its most basic level, functions as an HTTP proxy and mail relay. We certainly had no problems installing it on our test network, where it slotted neatly in with all existing systems.
We configured our test clients to use the WW10000 as a web proxy, and for our mail server we just needed to provide the WW1000 with its IP address to allow it to act as a gateway. A wide range of third-party proxies are also supported, and include NetCache and Blue Coat appliances plus Microsoft’s ISA Server.
All configuration is carried out from the well-designed web interface, which provides a single point of contact for all functions. A central concept behind the WW1000 is the use of corporate filtering policies, which are applied at the gateway for selected email senders and recipients, IP addresses, users or groups.
Essentially, a corporate filtering policy contains multiple policies, with each one describing a range of filtering actions for each CSM component. These can contain content filters plus actions for the anti-virus or anti-spam modules, and the policies can be applied to selected users. Usefully, when modifying a CSM component, you can apply the changes to a specific policy or make them global.
Two buttons at the top of the web interface allow you to swap between system configuration and filtering polices set-up. All HTTP, HTTPs and FTP proxy services are accessed from the system configuration page along with the mail gateway and delivery details plus ICAP server parameters.
Component updates are carried out automatically by the appliance at user-specified intervals, but downloads can also be run manually.
The WW1000 gives spam a hard time and these measures begin with Mailshell’s SpamCatcher. This is augmented by a wide range of other protection measures, including RBLs, header and message body rules, URL filters and Bayesian analysis. CyberGuard also includes the Habeas SWE DNS-based service, which provides safe lists of audited and certified senders and aims to reduce false positives.
URL filtering provides extensive category lists, which include all the key areas such as pornography, drugs, violence, gambling and alcohol, and you can pick and choose which ones you want to control.
Secure Computing goes way beyond simply blocking a dubious web page request, because you can decide when these filters are to be active. This allows you to create acceptable use policies (AUPs) for the working week and those hours outside this.
There’s much more, as time and volume quotas can be applied to user types allowing you to restrict their browsing time on a daily, weekly and monthly basis, and also limit their download quota to so many megabytes over the same periods. Even individual user sessions can be limited to a specific number of minutes.
The fact that the WW1000 has the ability to scan encrypted SSL content puts it out in front of many other content filtering solutions. Another advantage of CyberGuard’s SSL Scanner is that it can carry out certificate validation, thereby removing the decision process from the employee as to whether the issuing party is trustworthy.
Virus scanning doesn’t get much tougher, because the engines from Sophos, Computer Associates and McAfee can all be used, and you can decide in which order they are applied for filtering. You don’t have to use all three, because you can select only those you want, license them from the web interface and then use content filtering policies to determine their behavior.
The Lockdown feature could prove invaluable in the event of a virus outbreak because you can block all access with a single press of a soft button, which is provided on the appliance’s home page.
Essentially, activating this immediately overrules all active policies and activates a single, predefined emergency policy. When the all-clear sounds, pressing the button again restores all policies back to active duty.
Overall, there is very little to criticize the Webwasher 1000 for. It delivers industrial strength content security measures, ties them together neatly into a single, easily deployed appliance, and delivers them at a price few competitors will be able to match.
— Dave Mitchell
