Appliance leverages anti-spyware strength to clamp down on viruses, unauthorized applications
Barracuda Networks is building on the success of its Spam Firewall product line by delivering a similarly engaging Barracuda Web Filter 310 appliance. The device contains more features and customization than any other I’ve seen for the money.
Administrators familiar with the Barracuda Spam Firewall’s user interface will find a near-exact copy on the Web Filter, with its own feature-rich, multi-tabbed Web pages. (Web Filter was formerly known as the Spyware Firewall, until Barracuda extended its feature set and reach.) Although the device’s strength still lies in blocking spyware, it also blocks unauthorized Web sites, viruses, adware, malicious Web content, and unauthorized applications.
True Blue Appliance
Arriving as a 1U unit with LAN and WAN ports, the Web Filter 310 should be placed as an inline device to scan all incoming monitored content before passing it to the end-user. Content filtering begins with more than 50 separate predefined categories, ranging from the blatant (adult and porn content) to personal choices such as gambling, auctions, and finance.
Content can be blocked or whitelisted by domain, category, URL patter, or MIME type. Spyware and malware are blocked if they come from URLs previously determined by Barracuda Networks as malicious, as well as if they’re caught by the real-time binary content scanning.
The Web Filter can block peer-to-peer services, IM, file downloads, Web-based e-mail, music sites, proxies, and chat sites. Most of the popular services (AIM, iTunes, Weatherbug, MySpace, etc.) are already listed and can be allowed or blocked on a per-service basis. Preventing users from downloading and using unauthorized applications can significantly decrease malicious risk and increase productivity (infoworld.com/4304).
I want to stand up and applaud Barracuda’s capability to block third-party desktop toolbars -- such as those of Yahoo and MSN -- and applications that potentially pose a security risk -- such as instant messaging (a popular avenue for malware spreaders) and Citrix’s GoToMyPC.
One of my favorite features, in the content filtering section, allows an administrator to test a newly modified filtering category immediately, using a browser within the Web Filter interface. This allows the administrator to test for desired outcomes when trying to block or allow a particular site, although I did find some differences between what the test revealed and what occurred on the client.
Administrators can easily submit new sites and rogue applications to Barracuda Networks for addition to the built-in content categories. You can also block access manually using any of the Web Filter’s customized block options.
Local clients identified as infected by the Web Filter will be automatically blocked and directed to download and run the Barracuda Spyware Removal tool. Although I can’t recommend its use more than I can some of the better-known and lab-tested spyware removal tools, it’s nice to be able to give users an automatic option based upon malicious activity detection.
Nearly every feature includes whitelisting, blacklisting, exemptions, and authentication overrides, where an end-user can be allowed more access if he or she provides valid credentials.
Each content filtering decision can be constrained or allowed by user and group with a policy-driven engine. The Web Filter is also LDAP-enabled so your policies can be tied to directory services groups. When content is blocked or malware is detected, the user is presented with a company-branded alert page.
So how did Barracuda Web Filter do in the lab? Testing was done using Internet Explorer 6.0 and Firefox 1.0 on Windows XP Pro (all unpatched, no service packs). I then surfed to hundreds of sites containing banned content.
Web Filter’s anti-spyware roots remain strong: The appliance blocked almost every spyware Web site and trick I threw at it. I was able to get spyware past the device by going to rarely known Web sites, password protecting archive files, and re-packing existing malware. Nevertheless, Web Filter should keep all but your most hell-bent users from being infected by spyware.
I give Web Filter an average-to-above-average rating in blocking defined content. For the most part, it was able to maintain high accuracy without blocking desirable content. Some blocked content categories, including porn and spyware, had near-perfect detection rates, although some banned content did get through. I was impressed that while porn accuracy was high, Web Filter did not block any breast cancer or human sexuality education sites, as many of the competing products do.
Web Filter blocked most generic Web-based mail sites, but didn’t block any corporate Outlook for Web Access sites. I tried a dozen of the most popular anonymous Web proxy servers, which can allow end-users to bypass content filtering rules, and all were blocked. I was especially glad to see that HTTP URL encoding didn’t fool the Web Filter.
On the downside, I was able to download and install the Yahoo toolbar. I couldn’t download GoToMyPC from gotomypc.com, but could from indirect links found on citrix.com. I was also able to reach several popular hacking sites (including milw0rm.com, metasploit.com, and a mirror backup of vxheavens) without interruption. Virus detection was about 75 percent accurate.
Reporting is perhaps the Web Filter’s low point. While general canned reports are easy to access and print, customized or detailed reports are not available.
Overall, the appliance did well. With a few exceptions, the Barracuda Web Filter 310 should provide more than adequate protection for most networks. Its feature richness and flexibility will make it a top choice for many.
Overall Score (100%)
|Barracuda Web Filter 310||9.0||5.0||9.0||9.0||8.0|
Looking for the missing free copy icon? It's been replaced. There's a new direct link that works like a...
Supreme Court's decision is bad news for developers targeting the U.S. market, who will now have to...
The transition from command line to line-of-command requires a new mind-set -- and a thick skin
If an 'independent' code review says a product is totally secure, you aren't hearing the full story
A spate of projects from IBM's DeveloperWorks Open portal covers everything from improving Spark...
Built for development teams, Git can’t meet enterprise scalability and security requirements on its own...
AWS's developer-focused approach is one lesson enterprises should glean from the cloud leader