Gordano Messaging Suite
July 01, 2003
$1,910 (50 users, 1 year) then $1,355 p.a.
- Ease of Use:
- Value for Money:
- Overall Rating:
Attractive online groupware suite.
Some administration security issues.
In its niche, GMS is a great product. Out of it, much less so.
The Gordano Message Suite is not an anti-virus solution per se, it is a complete web-based messaging system with email, instant messaging, calendar feature and message filtering. The whole lot is managed from a central web console which is clean and consistent, with the exception of a Windows utility to add users to the database.
As a messaging solution, especially for small companies, GMS is a great product. The interface is easy to use for both users and administrators, and it offers platform independence via its web interface. And, the backend can run on Linux and Solaris too.
The server component offers surprising flexibility, with the ability to resolve authentication against its own database, Windows authentication, Active Directory, LDAP or a SQL database.
The actual configuration options are primitive but cover all the essentials, and alerting and anti-virus policies can be set globally or for each mail domain.
The anti-virus agent scans attachments as they are attached to messages, or when arriving from outside the system. Messages already in the system are not scanned further, which means that a virus already present will not be identified when signature updates are applied. In reality, that is unlikely to present a serious risk, but there is a potential hazard. The presence of desktop anti-virus mitigates this, but that brings us back to square one on the management front.
The update process is handled by exchanging email messages between the GMS server and the Gordano server, which is a bit clunky but it works well enough. Reporting is basic but perfectly adequate, with details of recent viruses, and options to alert the sender, recipient and postmaster.
One serious security flaw became apparent during testing. The login procedure is secured, not using HTTPS but by Java crypto classes. But password changes - which will typically be one of the first tasks performed by every new user - are sent in plain text, easily sniffed and identified by a malicious agent on the network.
Online documentation was thorough but clumsy - the help window cannot be resized and generally requires the user to download and view PDF manuals. Better web documentation, particularly situated on the local server, would be a plus.
As a messaging environment, we really like GMS. You need to think carefully about its limitations, but it is well worth considering.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Security Architect, Cardiff - to £70k Basic
Infosec People - Cardiff, Wales
Interim CISO (Chief Information Security Officer) - Cyber Security Director
CYBER EXECS - London (Central), London (Greater)
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Cyber-security must reflect risk not just regulation
- Met Police grab suspect with phone unlocked to get hold of data
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report