Norman Network Protection Appliance - reviewed in Virus Bulletin July 2009
The renowned computer security magazine Virus Bulletin reviewed Norman Network Protection Appliance in its July 2009 issue.
A reprint of the complete review is available from in link below in PDF format.
Here are some of the highlights:
(...)
The version provided for this review was the full hardware set-up, installed on a Dell box, so we didn’t get to try the complete installation process, but as a pre-configured system it seemed likely to be fairly straightforward; the guidance in the manual mainly covers correct implementation of network cards, with the bulk of the set-up on a fixed, option-free path. The shipped machine came with a clear and straightforward quick-install guide, which looked ample to steer us through, but we also took along a copy of the manual in case of need. The manual is provided both as a complete guide and as a tailored version for purchasers of the full hardware appliance, leaving out all the unnecessary information on initial installation. With plenty of support on hand, we took the box into the test lab and prepared to fire it up.
(...)
The design of the product is brilliantly simple; apparently inspired by a demanding commission from a food manufacturer (requiring protection from malware in a sealed and certified environment where changes to either software or network configuration were highly undesirable), the Norman appliance sits invisibly between two network nodes, its two interfaces simply passing all data through and keeping an eye on the stream as it goes by, blocking the transfer of anything identified as a danger. So we simply slid the machine in between the hubs of two subnets, moved the cable connecting them to one interface on the appliance, inserted another in the second interface to complete the link, and sat back to watch. After an invisible judder as the network adjusted itself to the new layout, connection between the two subnets seemed entirely unaffected and data transfer between them continued virtually uninterrupted. Checking the management GUI showed that traffi c was being watched and throughput levels recorded, and attempts to pass malware samples from the outer zone to the protected subnet were immediately blocked. It all seemed very easy and painless.
(...)
One of the most interesting features here is the Sandbox log area. Where a malicious item has been run through the Sandbox system, detailed information is logged on the behaviours spotted when executed in the emulator. This data, including information on how a fi le has been packed or encrypted, what changes it makes to the fi lesystem, what network activity it attempts and more besides, is also made available to the administrator. These reports always make for fascinating reading, and are of great value in identifying malicious items and tracking down any activities they may have perpetrated before being caught. With automated log retrieval and parsing, the data can be used to keep other parts of the network secure by updating firewall rules and other security systems.
(...)
Providing such simple and unproblematic malware protection, along with an excellent, again very straightforward control system, makes this an extremely user-friendly weapon in the fi ght against malware problems in business networks, as well as a powerful one. (...)
| Usage | Title | Comment |
|---|---|---|
| Document | Virus Bulletin July 2009 - Review of Norman Network Protection Appliance | VB autorized reprint |
