/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsThis firewall product is designed by D-Link for the SMB, SOHO
and BFSI segment. This device uses the Intel Xscale (533Mhz) processor with 16
MB flash and 32 MB SDRAM. This device is best for those who do not have just a
single internal network with an Internet connection to secure but also have
infrastructure services like web, mail or VPN etc which also have to be accessed
from over the Internet. And this is so because this device has a DMZ as well as
standard WAN and LAN ports. The firewall provides 10/100Mbps Ethernet ports. It
also comes with a console port with which you can configure the device — but
we do not recommend that you use this method, unless you are conversant with
Linux networking commands. The Box uses a Linux-based firewall called iGateway
from Intoto. (For more info visit http://www.intoto.com/firewall.shtml )
Features
This device is the first product from D-Link to use a Intel
Xscale and Linux combo for a firewall. The device gives you options for NAT
(Network Address Translation), Secure NAT VPN (Virtual Private Networking), And
of course a statefull Firewall. Some other features of the device are an easy to
use web based management console, an Independent DMZ port, where you can connect
all your Company servers and machines which you have to access from outside the
network and that too, securely. Some other features are, e-mail notifications
for system events and attack events. You can even customize the notification and
select for which type of events you want alert. For example you can configure
the device to send alerts on DoS attacks but not on Sniffing attacks and so on.
You can even set alerts for syslog events in which you sent set weather you want
notification in case of system overload such as (processor or memory overload). /ciol/media/post_attachments/21323ae24a89913eb7bbcb4722cc9046b8264de95ffe02ced05094a52ab18c59.jpg)
Performance
To test the device we created a test bed where we connected
the WAN port with our local network with a network address of 192.168.3.0. Then
we connected a switch with the LAN port of the device and connected a Windows
Laptop with it and created a new subnet at 192.168.1.0 network. We used a second
switch to connect it to the DMZ port and made it a member of the same
192.168.3.0 network. To this switch we connected a Windows 2000 Machine running
IIS server. Now from our Labs network we connected a Laptop which has a set of
vulnerability accessing tools like Nessus, Firewalk, Ettercap, Dsniff and other
DDoS attacking software.
Now we created a NAT connection so that the laptop connected
with the LAN port of the device can access the internet through our Labs network
via the WAN port. Then we started running both the firewall testing benchmarks
— Nessus and Firewalk. The device stopped the attack and Firewalk was not able
to penetrate the device with the default configuration.
When we ran nessus and NMap they were able to detect the
version of the OS installed on the device and also figured out the open port 80.
But both of them are not really 'threats' unless someone tries to exploit them.
You can also configure them to be undiscoverable by changing the default
settings of the device to 'stealth' mode where both the tools got nothing in our
tests.
Then we tried to run some sniffing and DoS attacks on the
device. The device again detected both attacks and intimated us with immediate
e-mail notification. But here one thing that we noticed was that, while the DoS
attacks were running on the WAN port of the device it became a bit slow when
accessing the web interface from the internal network. This can cause a problem
if you haven't configured the e-mail notification because then the only way for
you to check for intrusion attempts is to visit the Web interface and read the
logs which can again become slow in case of some really heavy DDoS attacks.
The final test we did was the DMZ test where we ran Nessus on
the IIS server running inside the DMZ network. The result was that none of the
attacks were successful except for one warning, which was because the IIS server
was not patched up properly.
Bottom Line: Overall a nice and cost efficient product if you
have a need of secure DMZ zone and a much secure LAN.