Ideco Gateway - Linux based router, firewall, proxy and internet connection sharing
Take the tour about Ideco Gateway
Free Enterprise Internet Gateway and Firewall based on Linux
March 18, 2010

Choosing the right Firewall for Your Enterprise

According to recent estimates, an unprotected computer network connected to the Internet could be attacked within ten minutes. Firewalls are clearly a vital first line of defense against unauthorized attacks on your network. Without it, your networking provides an easy way for anyone else to probe it for known vulnerabilities. All this coupled with the known security bugs in operating systems like Unix and NT, adds up to a likely possibility of a intrusion to happen. A really good firewall will give you a centralized point from which to control your network environment and it will also let you achieve the right balance between desirable and undesirable data accessibility. But even the best firewalls must permit some level of access. That’s why the need for computer security has expanded in the last few years. No wonder it is extremely important for businesses to secure office networks. But the question is - is it necessary to employ top of the line highly priced security solutions for all companies to stay protected? In the recent years there has been a number of new players coming to the market offering the same or better level of security for less cash. In this review we’ll take a look at Ideco Gateway by Ideco Software.

Ideco Gateway is one of those all-in-one solutions that require almost no administration after being setup and zero maintenance costs. Of course it has such vital features for any good firewall as the iptables package for packet filtering, NAT (Network Address Translation), and web administration. Other features include traffic analysis, caching web proxy, port forwarding, dmz support, ssh access, vpn support, statistical tools for in depth analysis of your network traffic like virus scanning and spam filtering.

Ideco uses "hardened" version of Linux with stateful inspection method that keeps tables to track the status of each connection, as well as commands that appear in the application layer, and regulates traffic flow accordingly. Overall, products using stateful inspection technology generally perform better than those using proxy technology. NAT technology helps to hide the addresses of all devices initiating connections from inside your network by converting their source address to the firewall's external address. This is crucial if you change ISPs and lack your own address space, if you use an unregistered address space, or if you simply need to communicate on the Internet without revealing details about your internal network. When you have to allow outside access to servers inside your network, you can provide additional external addresses that are directly mapped to the corresponding internal address. It allows users to take advantage of all today’s Internet protocols and applications (mail, messengers etc.). Ideco uses NAT technology to hide users making them invisible from outside of network.

The product is based on Linux so you are sure to expect the base performance to be excellent. Ease of installation of a product is always an important factor. Installation of Ideco Gateway requires no technical or Linux skills. Once the system is up and running the configuration of the firewall is extremely easy as well. Even newbies can administer Ideco once installed with the web interface. Ideco is built on a secure Linux distribution and is delivered as an ISO image. That image is used to burn a bootable CD, which installs both the Linux OS and the firewall product.

Management is done through a web interface. SSH can be enabled but is not by default for either. The web interface is incredibly easy to understand and use. Everything can be done via the web interface. Iptables configuration from the web interface is a great thing. The reporting capabilities include traffic graphs, firewall connections, basic system logs, detection logs, etc. and are all available through the web interface. The product has great analysis tools right onboard. Ideco’s latest security effort not only supports multiple network interfaces, but combines perimeter and internal firewalls with intrusion detection, e-mail virus protection and bandwidth management, antivirus and content filtering.

At first glance, Ideco doesn't seem at all unique when compared to integrated firewalls from competitors. But upon closer evaluation, you will discover that Ideco products are an ideal path to build reliable affordable security appliances. Ideco products scale up nicely to meet enterprise needs.

The firewall uses deep packet inspection technology while the bandwidth management module uses predictive analysis to enhance traffic flow. The products are policy driven and integrate with LDAP-based directory systems. That allows administrators to quickly define policies granting associated rights to individual users, groups of users or even LDAP-enabled applications. Solution providers looking to build a managed service around security will appreciate the extensive management features offered by Ideco. Other options include multihosting (multiple IP address) capabilities and support of up to nine network cards.

Using real IP-addresses on computers is not secure and could lead to information theft. Hackers could also take control of your computer and use it at their discretion. It also prevents inner company information leakage to the Internet while allowing users to browse Internet under different names or stay anonymous for personal Internet browsing. Ideco Gateway assigns a permanent personal IP–address to each user. Network computers do not have Internet access by default. After logging in the user is assigned an IP-address and is then allowed to use the Internet. That allows tracking user activities no matter which computer they use to access the internet.

Many employees use internet for personal interests like music and movies downloading, listening to radio, social networking etc. This of course affects their work performance. Ideco can provide detailed statistics (such as a list of top visited pages) for each user to see how effective they are and allow banning access to certain web sites altogether through the firewall.

Ideco allows VPN connection to the office network from distant offices or for those employees on business trips. Ideco uses crypt-proof deciphering protocols to prevent any data from being stolen. Ideco Gateway comes with a mail server with built-in antivirus options. Needless to say most viruses come through email letters.

Although Ideco is not considered a proxy type of firewall, its stateful inspection capabilities approach those of a proxy firewall. For example, in addition to NAT, it offers user authentication and defends against SYN and packet-fragmentation attacks.

User interface provides a centralized point of control that makes it easy to define and implement a complex security policy. All related hosts, networks and services are defined as objects with associated icons. It's easy to nest objects within groups that can be represented with their own icons. These icons can then be used when defining rules. Other icons representing various levels of logging and alerting also can be specified by each individual rule.

Ideco inspects data traversing the firewall closely. GUI is easy to understand and navigate. The real-time logging is great.

While the company is relatively new to the U.S. market, extensive work has gone into developing a partner-friendly channel program and product recognition.

Conclusion.

Once again the functionality of Ideco Gateway impresses. It is easy to install and configure. Ideco is perfect for medium and large businesses as it greatly enhances their security level while providing administration and monitoring of their networks. The overall rating of this product is 5 stars.