Kerio Control v7.4
March 21, 2013
c£175 for software appliance, plus five users, c£17 per additional user
- Ease of Use:
- Value for Money:
- Overall Rating:
- Strengths: Simple setup, documentation geared for novice administrators
- Weaknesses: VPN implementation is currently proprietary, light on reporting
- Verdict: Great for small businesses or novice administrators. Companies with more complex environments may want to wait for v8.0
The term unified threat management can sound intimidating to administrators lacking in information security experience. Fortunately, basic UTM protection doesn't need to be overly complex, and Kerio Control is a great example of that.
The product we tested was provided as a VMware virtual appliance. Following the quick setup guide, it was a simple matter of importing the appliance into our ESX environment and starting the tool. Through the console, we set up our trusted and untrusted interfaces and chose an administration password. All further configuration was performed through the product's web interface. On first login, we were presented with a configuration assistant wizard, which guided us through installing our licence and setting up a basic traffic policy.
Kerio Control provides a clear, snappy interface for administration. The administrator is provided with a clean, configurable dashboard on login, which provides a number of system status charts. All device features are listed in a hierarchal menu on the left-hand side, with configuration options presented on the right. All of the features we'd expect are present, including a basic firewall, intrusion prevention system (IPS), content filter, perimeter anti-virus scanner and VPN. It can also serve as a dynamic host configuration protocol (DHCP) and domain name system (DNS) server.
While intended to be used as the default gateway, Kerio Control can be configured as a proxy server for content filtering purposes. The IPS is signature-based, with signatures updated automatically on a configurable schedule. Anti-virus services are provided by Sophos, with signatures again updated on a configurable schedule. The content filter supports rules based on IP address groups, URL groups and keywords. Lightweight directory access protocol (LDAP) integration is supported, which makes user-based content filtering extremely easy to implement.
Additionally, the HTTP cache can be enabled for bandwidth-conscious administrators. Kerio's virtual private network (VPN) features are extremely easy to implement, providing support for both client-server and site-to-site configurations. Despite its simplicity, the implementation is proprietary, so site-to-site tunnels are only possible between two Kerio appliances, and clients connecting to the Kerio appliance must use the client software. Fortunately, this is set to change in the 8.0 version of the software, which will implement standards-based IPsec tunnels and support for Android and iOS clients.
The documentation is very good. Guides are provided for the initial appliance installation, configuration and on-going administration. Presented as PDFs, they are well-organised and seemingly tailored for administrators without extensive UTM experience. One negative thing we noticed was their recommendation that administrators allow access to the administration frontend from the untrusted interface. While we acknowledge that it would make remote administration easier, it really does not follow best practices, so we recommend reading the documentation with a critical eye.
Product support is offered on a 24/5 basis, and is provided via phone or email. Kerio also maintains an online knowledgebase and active user support forums.
Kerio Control starts at a cost of c£175 for the software appliance, plus five users, and c£17 per additional user.
SC Webcasts UK
Information Security Manager
Infosec People - Hammersmith, West London
Junior Penetration Tester, Hertfordshire, to £35k + benefits
Infosec People - England, Hertfordshire
Cyber Security Architect
CYBER EXECS - London (Greater)
SOC Analyst, Aldershot, £47-56k + package
Infosec People - Hampshire, England, Aldershot
Senior Security Engineer
Loveworklife Recruitment - United Kingdom
Sign up to our newsletters
SC Magazine UK Articles
- Tesco Bank allegedly ignored warnings of hack from Visa
- Investigatory Powers and Digital Economy Bills could threaten economy
- Updated: A million German routers knocked offline by failed Mirai botnet attack
- Gooligan ad fraud malware infects 1.3M Android users, installs over 2M unwanted apps
- Microsoft update left Azure Linux virtual machines open to hacking
- SC Awards Europe 2016 winners announcements!
- ISIS radicalises 'lone wolves' through strong social media presence
- Updated: How will Brexit affect the cyber-security industry in UK and Europe?
- 9.2 million medical records for sale on darkweb
- Microsoft Office 365 hit with massive Cerber ransomware attack, report
- Russian intelligence claims to bust up pending banking cyber-attack
- Presidential commission calls for collaborative action to combat cyber-threats
- Russia's banks will be hacked today, apparently
- Met Police grab suspect with phone unlocked to get hold of data
- Researchers hack Visa cards in six seconds