SmoothWall Simplifies Open Source Security

By Paul Rubens | Oct 23, 2008 | Print this Page
http://www.enterprisenetworkingplanet.com/netsecur/article.php/3780321/SmoothWall-Simplifies-Open-Source-Security.htm

Paul RubensOpen source security software can be very effective at keeping the bad guys off your network, but it can also be hard to configure and time consuming to keep patched and up to date. That’s the reason for the popularity among network administrators of hardware appliances such the Astaro’s Security Gateway — which we took a look at in a previous article — that integrate a number of applications under a single GUI and provide an automated patching and updating system.

But Astaro is certainly not the only game in town — another well known name in this market is SmoothWall Ltd, a UK based company which maintains an open source firewall project also called SmoothWall. This software has been evolving for the last eight years, the current version being called SmoothWall Express 3.0

SmoothWall Ltd offers commercial software products based on the SmoothWall firewall and DansGuardian Web content filtering system, and last year — perhaps recognizing the success of Astaro and other vendors — the company entered the Unified Threat Management (UTM) appliance market with the introduction of its SmoothGuard UTM-1000 appliance.

Sounding more like the latest generation of Terminator (try saying it with an Arnie accent) the SmoothGuard UTM-1000 is targeted at organizations with up to two thousand users or even more, according to Tom Newton, SmoothWall Ltd’s product development manager, “The UTM-1000 is running in organizations with as many as five thousand users right down ones with no users but a bunch of very heavily loaded servers,” Newton says. “I would say we currently cater for the top end of the middle range of the market.”

SmoothWall’s single appliance offering is in stark contrast to Astaro, which has six different models catering for the very smallest companies up to very large ones, but this will change at Halloween (31st October.) That’s the day SmoothWall Ltd is planning to introduce two appliances aimed at the lower end of the market: the UTM-108, aimed at organizations with 5 to 10 users, and the UTM-308, aimed for companies with up to about 750 users.

But right now the company only offers the UTM-1000. It comes in a 1U rackable form-factor, with 7 gigabit Ethernet ports on the front, along with a serial console port, two USB ports for system upgrades, an LCD display and four control buttons. Inside, the appliance is powered by an Intel Core 2 Duo processor.

But what’s really of interest is the software running on that processor. The fundamental service provided by the appliance is a perimeter firewall, with load balancing so that traffic can use two or more Internet connections efficiently — or certain types of traffic can be prioritized onto a particular connection. This has the same feature set as SmoothWall Ltd’s closed-source Advanced Firewall product.

The appliance also includes an internal firewall with support for multiple physically separated internal network zones to prevent users (or intruders) in one area from easily accessing or infecting resources in another. Inter-zone access is possible only for those users with the appropriate network privileges, and is given after authentication using an Active Directory, Novell eDirectory, LDAP or RADIUS server.

Using the open source OpenVPN SSL-based VPN software the appliance can also work as a VPN gateway, providing up to 1000 users with remote access. It can also be used with a second device to provide secure inter-office VPN communication.

OpenVPN is not the only piece of open source software that will be familiar to most people. The device also uses:

  • Apache
  • Squid
  • Snort
  • dhcpd
  • OpenSSH

for intrusion detection and other more mundane network services.

The device’s email security module, SmoothZap, uses the open-source Clam anti-virus engine, and, optionally, an anti-spam engine called Mailshell as well, to help protect the network from infections from email.

But Newton says that a firewall with intrusion detection is not really enough to attract large numbers of customers to an appliance . “We believe that the sweet spot in this market is where you unify a firewall security product with Web filtering,” he says.

SmoothWall’s UTM includes SmoothGuardian, a Web filtering and sanitizing system which has been developed using the open source DansGuardian Web content filter as a starting point. DansGuardian uses several methods including phrase matching, PICS filtering and URL filtering to block pornography and other categories of material that an administrator can select as inappropriate in a corporate context. DansGuardian was developed by Daniel Barron, CTO of SmoothWall Ltd.

SmoothGuardian extends DansGuardian with the inclusion of filtering policies which can be varied according to the time of day (to allow users to shop online at lunchtimes, for example,) and according to group policy (by integrating with Active Directory and the other authentication systems mentioned above, as well as logging, reporting, and configuration using the graphical interface. It also performs scans to provide a measure of protection against web-borne spyware, viruses and browser exploits.

Perhaps the most ambitious part of the UTM-1000 is the inclusion of IMSpector, an application developed by SmoothWall’s lead developer Lawrence Manning which allows organizations to monitor, log and block some instant message traffic, and prevent or scan downloads or file transfers initiated through some IM clients for viruses.

The key to UTMs such as this one is the GUI and the ease with which it can be configured out of the box. SmoothWall Ltd has designed the device so that it can be plugged in to the network and logged into by an administrator in a matter of minutes. By default the firewall is open to outbound traffic and closed to inbound traffic, and a “To Do” list guides the user to a number of configuration options such as setting up VPN access or configuring port forwarding and so on. However there are no configuration wizards, so full (and correct) configuration could be a time consuming process.

SmoothWall Ltd prices its appliance at £1250 ($2200), with a recurring charge after the first year of £350 ($615). This does not include Web filtering, which costs an additional £2500 ($4400) for 500 PCs, with a recurring charge after the first year of £1650 ($2900).

At this price the device represents very good value, according to Bob Turner, a network administrator at Allison Payment Systems (APS), a transaction print and electronic document delivery and management company based in Indianapolis, Indiana. The company runs two SmoothWall UTMs in a busy environment: its servers receive about 20,000 connections per minute, and in total about 600 devices are connected to its primary UTM and a second failover device. “We used to use a Symantec product, but when we switched to SmoothWall we found it was one third of the price, making it much more cost effective, and we didn’t have to give any features up. In fact it offered more,” says Turner.