Tip

A review of iPolicy Networks' ISM Express 1000

This review of iPolicy Networks' ISM Express 1000, courtesy of Information Security magazine, explains the ins and outs of a product that manages across multiple intrusion prevention firewalls (IPFs), and helps you decide whether the product

    Requires Free Membership to View

is right for your customer's network.

ISM Express 1000
iPolicy Networks
Price: $30,000

Bigger, faster boxes have created the need for an enterprise market segment for unified threat management (UTM). Beyond performance, however, strong central management of multiple UTM appliances is critical for distributed environments.

That's where iPolicy Networks' ISM Express appliances come in, managing up to 15 iPolicy Intrusion Prevention Firewalls (IPF). The IPF is a stateful inspection firewall with integrated IDS, IPS, anomaly detection and Web-filtering capabilities.

Policy Control B

For an organization with multiple IPFs, ISM Express can enable centralized and consistent rule enforcement and management across multiple networks. Its intuitive and well-designed management console allowed us to apply granular firewall, IDS, IPS and URL filtering rules across multiple IPFs. Rules can apply to individual IPFs or globally.

We were able to successfully create and apply many different rules -- such as allowing inbound SSH, blocking access to a specific Web page and sending an alert when a port scan occurred.

Configuration/Management B

iPolicy's thorough documentation made it easy to configure initial IPF management.

We liked the layout of the management interface, which provides a unified view of IPF configuration and real-time monitoring of IPF events. We found it easy to modify rules and view events. We were able to create multiple administrators, who could manage global and local security policies per specific privileges. Local or RADIUS authentication can be used.

Security updates such as attack, worm and spyware signatures are regularly released by iPolicy; ISM Express can automatically download the updates and then apply them to all managed IPFs.

Device Security C-

It is critical that a security management system be fully secured, so we were quite concerned when we discovered several security weaknesses in ISM Express. A compromise could be catastrophic for an organization, possibly giving an attacker control of multiple IPFs.

A Nessus scan found high-risk vulnerabilities in the appliance's Oracle database (patches have been available since January 2005 or earlier). We also found the appliance had a remotely reachable Web page containing sample JSP and Servlet examples plus a management application, which could be exploited to compromise the appliance.

ISM Express was running Oracle's HTTP server with a Web page containing sample scripts, though the scripts could not be reached remotely. Finally, we found that two basic security hardening steps had not been taken -- renaming the Windows administrator account and not displaying the last logged-in user (making it an easier chance for an attacker to log in if he can just obtain the user's password).

Reporting B+

ISM Express offers both real-time and historical reporting. It can collect and display events from multiple IPFs, and alarms can also be forwarded to syslog, SNMP and SMTP servers. The customizable monitoring console provides a unified, near real-time view of system events and rule-enforcement actions.

Administrators can create a variety of predefined reports ranging from high-level executive summaries to detailed technical reports about specific IPFs. Reports can be exported as HTML or PDF documents.

Verdict

ISM Express is a powerful, useful product with strong reporting and policy management capabilities, which can provide centralized, consistent management across distributed IPFs. However, its surprisingly lax security should be tightened.

Testing methodology:Our test network included an ISM 1000 Express (a lower-performance 400 model is also available), an unmanaged switch, a Windows server and an IPF 3300 appliance.

This review originally appeared in Information Security magazine.


This was first published in January 2007

There are Comments. Add yours.

 
TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

REGISTER or login:

Forgot Password?
By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
Sort by: OldestNewest

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.