- No technical expertise required
- comprehensive set of remotely managed security services designed to work together for complete protection
- push updates
- local monitoring
- Limited local customisation of security policies
- appliance itself is easily turned off
- desktop security still needed for mobile workers
On the face of it, a managed security service seems like a good idea -- simply pay someone else to protect your network rather than do it all yourself. However, such services can be expensive and, because you can’t see what’s going on, it’s hard to know whether you’re actually getting what you’ve paid for. This is not the case with Network Box, which delivers its security services via a locally configured appliance that can be monitored independently to see exactly what you’re getting for your money.
There are five Network Box appliances to choose from, catering for everything from the small home office to large enterprise networks. Each is based on the same set of remotely configured security tools, running on a security hardened Linux OS, with identical functionality but with different hardware to suit the number of users involved.
AMD Athlon processors are used across the range, with increasing memory, storage and network ports as you move up the scale. The £5,000 (ex. VAT; £2,800 per annum after the first year) SME 250 that we tested is designed to handle networks with 50-75 users. As well as LAN and Internet ports, it has a DMZ interface for locally hosted Web and email servers. There’s a fourth Ethernet port that can be used to either connect a second LAN or for load balancing and backup of the Internet connection.
There’s also a choice of network setups, with most users opting -- as we did -- to have the appliance configured as a transparent bridge, which means no changes to user PCs. However, you can, if you want, deploy it as a NAT gateway or as a proxy server.
Installation is straightforward -- especially if you opt to have a Network Box engineer do it, although this does add £650 (ex. VAT) to the price. We chose the DIY approach, which wasn’t too difficult: we simply plugged the appliance into an Internet router, and then our test network using the cables supplied. The Network Box operations centre then connected to the device remotely and a couple of minutes later it was up and running.
Whatever the model or setup, the Network Box appliance provides the same set of services starting with a stateful packet inspection (SPI) firewall capable -- on the SME 250 -- of handling up to 600,000 simultaneous WAN connections. That’s accompanied by a VPN server that can be used to support both site-to-site tunnelling and individual mobile users, with a choice of tunnelling protocols including PPTP, L2TP and IPSec. Network Box can also help with VPN client setup, providing custom software to handle the often tricky configuration of IPSec client facilities built into Windows XP.
Naturally there's antivirus protection, using a mix of Kaspersky, CLAM AVG and proprietary Network Box technologies, with support for both in-bound and out-bound scanning. You also get anti-spam filtering of email based on a mix of heuristic scanning and RBLs (Real-time Blackhole Lists). SurfControl content filtering is another feature, while an intrusion detection and prevention (IDP) engine rounds off a comprehensive security arsenal.
Another plus is the way the tools work together to provide the kind of UTM (Unified Threat Management) capability that's boasted by nearly all security vendors these days. Some are better than others, of course, but in this case everything does seem to all hang together: for example, spyware and phishing attacks are both identified by the anti-spam filters, and any Web sites they might direct users to are blocked by the SurfControl software. Likewise, the firewall and intrusion detection service can also get in on the act, with the end result dubbed 'UTM+' by the vendor.
Not that most users will be aware of what’s in the box, how it works or how it’s configured: they will simply leave Network Box to devise policies to suit their needs. The drawback to this approach is the need for any major policy changes to be negotiated and implemented by Network Box support staff. However, those we talked to were very knowledgeable and ready to help. Moreover, some local customisation is allowed via the built-in Web interface, which also lets you see what the appliance is up to.
At-a-glance status displays are the order of the day here, with 'analysis' buttons on each to drill down for more information, should you want. You can also create your own spam blacklists, add known safe senders to custom whitelists and release messages mistakenly held in quarantine. Similarly, it’s possible to customise the categories and rules used by SurfControl to manage Web site access; however the interface here does take a while to master and it’s easy to get things wrong.
That small niggle aside, we found the Network Box appliance both straightforward and effective. Updates are 'pushed' out to the unit when available, rather than waiting for the next scheduled download. The service also includes access to a 24-hour helpdesk, and the minor teething troubles we encountered were quickly diagnosed and efficiently cured by the Network Box engineers.
Of course, there are compromises to be made. Separate protection is needed for mobile workers when out of the office, and if you want absolute control over your network then this is clearly not the solution for you. However, if you’re busy running your business and want someone else to handle IT security, Network Box is an effective and affordable service, with the added bonus that you can see what’s going on and make sure you’re getting value for money.