Primarily a content-filtering platform, the Minesweeper CF 500 came with optional extras for intrusion detection and vulnerability assessment. Content filtering comprises URL blocking, anti-virus and anti-spam. Standard features include a firewall with an IPsec VPN and a DHCP server.
The firewall was developed in-house by Barbedwire and is based on the Linux kernel. It comes with sensible defaults, which allow the internal network to access any service on the external interface, but drops all inbound connections. It also defaults to hiding all internal clients by enabling NAT.
Web content filtering or URL blocking is delegated to the well-known third-party Cerberian product, which is integrated into the appliance. This provides an automatically updatable subscription-based list of dubious URLs. This list is category-based, permitting considerable granularity in customizing what your organization is prepared to allow. It also supports a user-defined override white list.
Anti-spam is provided by an open-source product, Spam Assassin. This supports any third-party real-time blackhole list, but also includes heuristics and Bayesian filters. The latter are statistically-based filters that 'learn' what is regarded as spam - the clever statistics involved leads to a very high success rate in identifying spam with virtually no chance of a false positive. But, no instructions are provided with the appliance for using the Bayesian filters so we could not test this interesting feature. The company does claim, however, that an updated installation guide is to be released soon that will include the documentation.
Anti-virus scanning is performed by the Sophos Anti-Virus engine, which can disinfect (where possible) in real time. Updating is automatic, with even emergency updates being delivered quickly. When Minesweeper is used as an email gateway, it can scan for viruses and spam only in SMTP traffic, whereas its internal email server can scan POP3 and IMAP also.
Intrusion detection is provided by another open-source product, Snort, to which Barbedwire Technologies has added its own management interface. This includes active response, whereby it can reconfigure external firewalls from the likes of NetScreen, Check Point and Cisco. The mail server is based on the open-source Postfix, while the web server is Apache. The vulnerability assessment tool is yet another open-source product, Nessus.
In the Minesweeper CF500, fully loaded with the optional extras installed in the review unit, Barbedwire Technologies has successfully combined five third party/ open-source products with its own underlying Linux-based firewall. It has integrated them well by developing a consistent GUI that inspires confidence.