A complete set of default policies are provided enabling you to start filtering web traffic immediately as even the medium level security policy contains 40 predefined rules. X-Ray is a very handy feature for safe testing as this can be applied to whole policies or specific rules where it runs them passively. The anti-virus scanners and web content filters are also configured with rules and Websense now offers over fifty URL categories to choose from.
All rules within a policy are carried out in strict priority but it's easy enough to change their position if required. Under normal circumstances the policy rules that control Finjan's active real-time content inspection reside near the bottom so they can catch anything smart enough to slip past all the other defences. To test this feature we pointed one of our client systems at a web site known to have an extremely unpleasant payload.
Rather than move the relevant rules to the top of the policy we gradually disabled each rule the Trojan hit so that it would eventually get to the content inspection rule. Remarkably, to achieve this we had to deactivate rules for Websense first followed by Kaspersky's anti-virus, Finjan's anti-spyware and then rules blocking files with missing digital signatures and suspicious file downloads. Once the Trojan's code had been analysed the appliance blocked it and we could see from the log files that Finjan determined it was trying to terminate existing processes, engage in illicit memory management and load other DLLs.
We tested the Websense service, which is also configured using policy rules. Each policy can be applied to different users and groups and these can be swiftly imported using LDAP. We tested this by switching on the gambling category and attempting to visit nearly fifty on-line bingo sites where Websense saved our hard earned cash by blocking us from every one.
Whenever the NG-6000S blocks access it redirects the user to a warning web page and posts an entry in its log file. It also maintains a database, which is used to produce more detailed reports for areas such as viral activity or accessing blocked sites and can export them in PDF, Excel or HTML forms. The reports are predefined but can be applied to specific users or groups if required.
Web borne threats are getting ever smarter with ploys such as dynamic code obfuscation designed to circumvent traditional signature based scanning. Finjan's NG-6000S is unlikely to get caught napping though as it's capable of offering a tough defensive posture that can be easily customised with rule based policies plus optional anti-virus scanning and web content filtering.
Verdict
Anti-spam and firewall measures must be sourced separately but for web content security you’ll be hard pushed to find defences that are tougher than those offered by Finjan’s Vital Security appliances. The use of security policies makes the NG-6000S very versatile, deployment is a breeze and the active real-time content inspection is quite unique.
Chassis: 2U IBM x3650 rack
CPU: 2 x 2GHz Xeon 5130
Memory: 2GB 667MHz FB-DIMM
Storage: 2 x 73.4GB IBM 10k SAS hard disks
RAID: IBM ServeRAID 8k-l controller with 32MB cache memory (drives in RAID-1 mirror).
Network: 4 x Gigabit Ethernet
Management: Web browser
Options: 250 users: Websense - 1yr, £2,162; Kaspersky – 1yr, £1,242 (all exc VAT)
