Skip to navigation

PCPro-Computing in the Real World Printed from www.pcpro.co.uk

Register to receive our regular email newsletter at http://www.pcpro.co.uk/registration.

The newsletter contains links to our latest PC news, product reviews, features and how-to guides, plus special offers and competitions.

Norman Network Protection Appliance in Security appliances

Verdict

There are overheads to the scanning process but this versatile security appliance can play many roles and is a cinch to deploy

Review Date: 13 May 2009

Price when reviewed: £3,495 (£4,019 inc VAT)

Overall Rating
4 stars out of 6

Features & Design
4 stars out of 6

Value for Money
4 stars out of 6

Performance
4 stars out of 6

Despite their undeniable appeal over software security suites, Norman has preferred to merely dabble in appliance-based solutions. Its last attempt was with the NetProtector 3000 and now it has another stab with the Norman Network Protection (NNP) appliance.

The NNP differs radically from your common or garden security appliance as it focuses only on viruses and malware. It's totally transparent in operation and just needs to be dropped in between the two networks it's providing protection for. Deployment scenarios are extensive as the NNP could be used to protect two LAN segments from each other or used as a gateway security solution.

Either way, your clients won't even know it's there as it scans traffic at the data link layer. As packets pass through the NPP they are passed on to the client, and it takes a copy, locally assembles the data stream and scans it. The moment it finds anything malicious the remaining packets won't be passed on to the client and it can leave this right up to the last packet.

Three scan methods are used with signature-based detection first on the list. Next up is Norman's sandbox, which is quite unique. As soon as suspect packets are detected it creates a sandbox on demand in local protected memory, which emulates a Windows system complete with BIOS, boot sectors, registry, file systems and video card.

It allows the code to run in the sandbox and if it makes any requests to look for other systems then more sandboxes are created so the code thinks it's running in a real environment. Last up is Norman's DNA Matching, which inspects code to see if it has inherited or reused code from known malicious programs. If it finds any matches then it concludes it's malware and blocks it.

The appliance has a separate dual-port Gigabit adapter that allows the NNP to sit midstream but note it has no hardware bypass circuit. We installed the appliance in between two network segments in the lab with minimal interruption - no proxies are used so you don't need to reconfigure your client systems.

The web interface offers a quick start routine where you decide which protocols to scan and choices include HTTP, FTP, POP3, SMTP, FTP, SMB and CIFS. You can bypass each one, block all related traffic or apply one of four scan methods, which include sandboxes and archive scanning.

For performance testing we started with scanning disabled and copied a 2.52GB video file and a folder containing over 5,000 files between systems on each segment, which took 49 seconds and 74 seconds respectively.

We then set the NNP to maximum scan settings for all protocols, and with this in action these times increased to 57 seconds and 101 seconds, showing the scan process introducing noticeable overheads. We also copied a selection of files containing genuine viruses and although the copies appeared to complete, we saw on the recipient system that the files were either blocked completely or were of zero byte length.

Its total transparency makes the NNP a versatile security appliance, as it can protect one network segment from another or be used at the gateway. Scanning does produce a performance hit, but it's easy to deploy and it's tough on viruses and malware.

Author: Dave Mitchell

Be the first to comment this article

You need to Login or Register to comment.

(optional)

advertisement

Most Commented Reviews
Latest News Stories Subscribe to our RSS Feeds
Latest Blog Posts Subscribe to our RSS Feeds
Latest Features
Latest Real World Computing

advertisement

Sponsored Links
 
SEARCH
SIGN UP

Your email:

Your password:

remember me

advertisement


Hitwise Top 10 Website 2008