Managed security services are proving to be an ideal solution for companies that want to offload the daily burden of dealing with network security and fighting off viruses, spam and worms. However, while these services can be a boon to overworked support departments many are too expensive for smaller businesses. The GuardianBox appliances aim to remedy this oversight by providing a wide range of security services but at a price these very same businesses can afford.
Offered by Bridge Broadband Services Ltd in Scotland, the GuardianBox solution comprises a combination of local appliance and hosted services that provide SPI firewalling, two stage email anti-virus scanning, anti-spam defences and web content filtering. In this review we take a look at the entry-level GB 25 model which targets very small companies with up to 25 employees. The appliance is a simple desktop box and inside it you’ll find an ICP EPIA mini-ITX motherboard equipped with a 1GHz VIA C3 processor accompanied by 256MB of memory. The Linux operating system is stored on a 2.5in Western Digital 40GB IDE hard disk. The network connections are handled by a pair of 10/100BaseTX Ethernet ports labelled as Green for the LAN side and Red for the WAN side. For installation the appliance must be placed between the LAN and WAN making sure that no other router exists between your users and the Internet. We tested with a simple ActionTec intelligent ADSL modem connected to the Red port. The Green side was linked to a network switch which serviced all our LAN test systems.
The appliance uses a bunch of open source utilities to provide the various functions. For email scanning you have ClamAV and F-Prot, spam is dealt with by SpamAssassin whilst DansGuardian looks after web content filtering. The SPI firewall cannot be switched off by the user and commendably defaults to blocking all unsolicited inbound traffic. Web browser access is provided for administrative access and it’s here that you find how little access the user has to the appliance as the majority of services are configured and updated remotely by Bridge Broadband.
Four options are provided with access to basic setup of the Red interface where you can select DHCP or enter a static IP address. We did suggest to the company that it would be useful to be able to see what IP address had been assigned to this interface for troubleshooting purposes and it agreed to implement this in its next appliance update. For the Green interface you can select an IP address, configure the DHCP server and enter fixed lease addresses.
The only access you have to the firewall is for entering multiple port forwarding rules. From the content filtering section you create lists of IP addresses to be blocked from or allowed web access. Banned file extension lists can be created whilst access to specific web sites and full domains can be completely blocked. A weighting score is used to determine undesirable web page content and you can enter a number that suits the types (and ages) of users on the LAN.
For email scanning SpamAssassin automatically checks all incoming POP3 traffic. It scores the message content and if this is over a preset threshold it appends the subject line with an extra comment. This means that you’ll need an internal system for dealing with tagged emails. For testing we created a new Outlook folder and set up a rule that moved all tagged email into it for further investigation. We ran the appliance in a live environment but weren’t overly impressed with SpamAssassin as over sixty per cent of spam was allowed through. We reported this to the providers who downloaded a modified rule list to the appliance. With this in place the success rate was improved dramatically but now it was tagging genuine emails which meant we had to regularly check all messages in our Outlook spam folder. Clearly, this component will take a while to customise before it actually reduces your workload. Infected emails are merely deleted by whichever scanning engine spots them and the appliance sends an advisory email to the recipient address in the message. All signature updates are handled remotely so there’s nothing else to do here for configuration.
Monitoring features from the web interface extend only to providing a graphical rundown of the web cache performance. A secure web portal hosted by Bridge Broadband provides much deeper information with bar graphs showing all web activity for each IP address along with web sites visited and file types downloaded. You can also create email white lists for individual addresses and domains. Another service included in the subscription fee is traffic shaping as you advise the company which traffic you want prioritised and it’ll configure the box according to your requirements. We were also advised that the company monitors client web activity and informs them when any unusual or dubious activity is spotted.
The GuardianBox GB 25 provides a wide range of managed security services that are easily deployed and priced just right for small businesses although we found the anti-spam component will require plenty of tweaking.
The administrative interface provides only basic access to the appliance network settings.
You can create multiple port forwarding rules to allow external access to servers on the LAN.
The web content filter can be customised by changing the scoring system used to grade the page web content.
The appliance’s web cache performance can be closely monitored.
The remote management portal provides plenty of graphs showing your user’s web activity.
Unlike other sites, we thoroughly test every product we review. We use industry standard tests in order to compare features properly. We’ll always tell you what we find. We never, ever accept money to review a product. Tell us what you think - send your emails to the Editor.