One of our customer was interested in a security solution that was tightly integrated, easy to manage and cost effective. After researching for a while I found that Astaro Security Gateway software (formerly Astaro Security Linux) was one of the best choices available in the market. The features were so appealing that I did a 30 day evaluation and this is what I found.
A fully functional 30 days evaluation version (iso image) can be downloaded from the Download Site (requires registration). You can burn the CD and installation takes less than 20 minutes. Following is the recommended hardware by Astaro:
- minimum Pentium II or compatible CPU
256 MB RAM
8 GB SCSI/IDE HD
bootable CDROM SCSI/IDE
3 PCI-NICs (Internet, Local Net, Demilitarized Zone) (for testing, 1 is enough)
Support, Documents, Downloads and other useful stuffs are available in MyAstaro portal. You can login with the registered email address and the password that was sent to you by Astaro. A searchable knowledgebase with useful infromation is also available (doesn’t require login).
Firewall: Excellent, similar to other high end firewalls like Netscreen or Cisco PIX with both stateful packet inspection and application-level deep packet filtering. Supports multiple interface and HA, setting up DMZ is very easy. Other good firewall features are; transparent mode, traffic shaping, QoS and detailed reporting.
VPN: PPPT is easy to setup and didn’t encounter any problem. IPSec; both Road Warrier and Site to Site vpn work smoothly and do have rich and confusing choice of Encryption algorithms, Authentication methods and IPSec protoclols.
Intrusion Protection: Based on popular open source software Snort. It is a signature based system which detects most of the popular attacks. The bad point about this and actually any Intrusion Protection System is that they produce a lot of false positives.
Proxies: SMTP, HTTP, DNS, POP3, IDENT. Actively tested the SMTP and HTTP proxies only. I think both of them are quite good. SMTP proxy is capable of doing attachment filtering but one limitation I found is that, we cannot customize the concurrent smtp connection. It should be set to either 20 or unlimited.
Email/HTTP Anti-Virus: Anti-virus works together with proxy server. It is using Kaspersky anti-virus engine which is quite popular with Linux/Unix platform. Infected Emails can be quarantine or deleted and can be released from the server if necessary.
Anti-Spam: It is using SpamAssassin anti-spam engine. The score can be adjusted and it allows to set 2 levels of threshold. For example we can quarantine when the score is 5 and delete when the score reaches 10 or 15. Supports whitelist and blacklist. One good feature is the daily SPAM Digest it sends to the users. So, if the users find some legitimate emails quarantined we can immediately release them.
HTTP Content Filtering: Uses signature to categorize the web sites and can block them based on category, users custom domain or keywords. Also supports blacklist and whitelist.
Logging/Reporting: Logging is very detail and well categorized. Has a very good feature called Live Log, which can be browsed from the web for troubleshooting.
Updates: Anti-Virus Pattern, Intrusion Protection, Content Filtering, and the OS updates are done automatically according to the schedule.
Backup: Backup and recovery is very easy in case of failures. Setup takes around 20mins and restore 5 mins. It also supports HA.
Overall I think this is an excellent product that has got most of the security features. The ease of management, relatively low cost and impressive features makes it an excellent choice for an integrated security product.
If you don’t want to install the software and love out-of-the box solution, then they’ve Astaro Security Gateway Appliances.