by June 3, 2005 0 comments



This is a complete security appliance for a small office or a branch office handling around 20 clients, with the added advantage that it offers
security to both wired as well as wireless networks. It’s a fairly feature-rich device offering multiple security features in one box. These include anti virus/anti spam, IDS systems, deep packet inspection firewall, IPSec-based VPN and even a remote access solution. One interesting feature of the product is that it can be used in meetings or guest rooms of big corporate offices where you can provide Internet access to guests without giving them access to your main network. 

The device comes with a built-in five-ports switch for the wired clients. There’s a WAN port to connect to the Internet and an additional ‘Opt Zone’ port, which can be used to connect two of these appliances together for automatic failover functionality. It can also be used as a DMZ (De-militarized Zone) port. 

The device has two antennae to function as an 802.11b/g wireless access point, which has built-in security options like WEP, WPA-passkey (authentication using 104-bit passkeys) or WPA-EAP (authentication using radius server). It also has wireless over VPN, which allows wireless clients to connect to it over a secure and encrypted channel. You can also implement one more layer of security on it by using ACLs on the device. This product works on the proprietary SonicOS, which is used in all
security appliances from SonicWall.

Usability and configuration
The device is really very easy to configure and install. All you have to do is push the Reset button at the back of the device to clear any settings and get the factory defaults. 

Now connect it to a crosswire (that comes with the bundle) to any PC and
access the class ‘C’ IP 192.168168.168. From here you can fire up a comprehensive wizard, which will help you configure the device, the way you want. In fact, it’s so easy to configure that even a novice can use it. 

Security
To test the firewall’s strength, we decided to run some vulnerability and firewall penetration tools on both the LAN and WAN interfaces of the device. We first configured a machine with Nessus and did an aggressive vulnerability scan on the firewall’s WAN interface. The result was just one security warning, which also turned out to be a false negative saying that ‘the VPN server is enabled on the device and some one can connect to the local resource of your network from outside the network’. 

Another interesting thing while we were running the scans was that all the attack packets were dropped by the firewall without much of a problem, and the device 
created comprehensive logs for the activities. We then ran firewalk (a firewall penetration tool) on it and it was not able to
penetrate the device. We also did a brute force attack, using a tool called Hydra over the appliance’s wireless LAN interface. In this case, the appliance’s built-in IPS was able to detect the attack and dropped all packets from it. We then ran the same Nessus tool on the firewall’s LAN side. This time, the tool gave us more warnings. It showed two security holes, out of which one was high risk. Actually the host gives out predictable TCP sequence numbers, which means that an attacker can use this flaw to
establish a spoofed TCP connection. This problem is not very crucial if you are using VPN or other security mechanism but if the device is not configured properly, it can cause problems.

Bottom Line:This security appliance is very easy-to-use and feature-rich that supports all security mechanisms for WiFi. So, the price that it comes for is 
justified and it’s worth a buy.

Anindya Roy

No Comments so far

Jump into a conversation

No Comments Yet!

You can be the one to start a conversation.

<