Advertisment

TrendMicro IGSA

author-image
PCQ Bureau
New Update

TrendMicro has come up with this innovative product called the InterScan

Gateway Security Appliance or IGSA in short. At a first glance, the device

reminds you of WatchGuard's firebox firewalls while it is not. It is rather a

gateway device that protects the network against malicious contents and

restricts machines to download or fetch them inside the network.

Advertisment

It acts as a filter, which sits between your firewall and the primary network

switch and filters out all malicious content such as viruses, spam, phishing and

pharming messages and websites, spyware and malware. You can even filter content

and URLs based on different pre-defined or custom criteria. The device supports

POP3, SMTP, HTTP and FTP protocols for scanning.

Price: Rs 2.45 lacs onwards
Meant For: Mid-sized enterprises
Key Specs: Anti-virus and anti phishing/pharming capabilities, spam filtering, content filtering
Pros: Very easy to deploy and configure 
Cons: None
Contact: Trend Micro, Delhi, Tel: 42699006Email:

sales.in@trendmicro.com 
SMS Buy 131261 to 6677

It is best suited for either high-security subnets where one requires an

extra layer of protection against phishing, pharming and virus attacks. It can

also be used for quarantining external machines like notebooks, which come to

any network without proper patches or with some infection. In such a scenario

the roaming user can directly connect his mobile device after the IGSA device.

This gives him with complete network access but at the same time protects the

local network from any kind of virus attack, which can get initiated from the

mobile device.

Advertisment

Look and feel



The TrendMicro IGSA is a rack mountable unit with a 1U height. The front panel
has an LCD display for you to do some very minimal configuration and check for

the IP addresses and other details about the products. At the back of the device

you will see three network ports. All of them are gigabit Ethernet ports. The

two ports at the right most corner can be connected with your external

(firewall) and internal (primary network switch) network. At the center you will

see another port, this one is meant for configuration and management.

Additionally, it also has an RS232 port to connect it with a machine's COM

port and do some minimal configuration over HyperTerminal.

The internals



The device runs on a Pentium 4 3.0 GHz processor and 1 GB RAM. It comes with two
512 MB RAM modules that use up all the RAM slots on the motherboard. As a result

you don't get any free slot for including any additional RAM if required. The

device also ships with an 80 GB hard disk. But this hard disk is not responsible

for storing and loading the OS, rather it is used for buffering and quarantining

files. On the other hand, the OS which is essentially a stripped down and

hardened version of Linux (Kernel 2.6.14) is stored and booted from a 512 MB

Compact Flash Type 2 Card. This technique keeps the OS and infected files on two

totally different media. For future proofing, the IGSA also has a spare PCI-X

133 MHz/64 bit slot.

Advertisment

Tests



To test the device, we connected its external port to our test network (network
address 192.168.5.x). Then we connected the internal port to a spare switch and

connected few machines to that switch. We found the device to be one of the

easiest to deploy and configure. You can do the configuration either through the

LCD panel, the HyperTerminal or the web-based graphical interface.

When the device detects any virus in the HTTP stream, it immediately generates and lists alerts in the log page

When we booted the machines, they immediately acquired the IP address from

our DHCP server. One thing to note here is that the device didn't do any kind

of NATing and both the ends of the device (the external and the internal ports)

work on the same subnet. This is because the IP addresses on both the ports are

same. To test the HTTP anti-virus capabilities of the device, we built a Web

server and hosted 164 zipped files containing about 10,000 infected files. This

server was hosted on the external network. Now from the internal network, we

started downloading all those infected files. The device cleaned and downloaded

60 zip files and blocked 104 (as it was unable to clean them). Then we decided

to run a fully updated Symantec Anti Virus on top of the cleaned zip files.

Advertisment

Symantec was able to find out two more infected files in the files cleaned by

IGSA. This mean that among 10,000 infected files, the device passed two infected

files to the secure network. This is not bad a performance in this ratio though

it's not hundred percent foolproof. We also sent all those virus files over

e-mail as well and the device showed similar performance.

To test the phishing capabilities, we created some fake mail and bombarded it

on to the internal network. The device detected all of them and tagged them

appropriately. We also ran Parana.pl, which is essentially a fuzzer to test Spam

Filters. The device also passed that test by detecting all the spam generated by

it.

Bottom Line: Fantastic device for mid-sized businesses who want to

compliment their existing firewalls and desktop anti viruses with an extra layer

of protection.

Advertisment