Easy-to-use browser-based set-up. Fast installation.
Slow to navigate through. Needs a lot of configuration to work effectively.
Good prevention system suitable for the medium-sized company upwards.
Most of the products tested in the round up for this Group Test have been primarily aimed at the larger enterprise, as they tend to have the largest pockets and more need for protection. Barbedwire Technologies aims at the more modest-sized organization with its STAR Engine intrusion prevention product.
This is not to say that the product cannot handle being in a large network infrastructure environment, just that the relative price and ease of use makes this product a good bet for smaller firms in need of something suitable to defend themselves against attacks.
The package operates on a customized PC running Linux. The system is installed out of the box and we got it running in no time.
After logging into the box via the monitor and keyboard ports to change the password and the network interface values, we fired up a browser on our test server.
The browser-based console is well designed and laid out, and there are lots of things to configure before this system becomes fully operational.
One criticism that can be laid against the system is that it is relatively slow to navigate around the console. Surfing to different pages should really be instantaneous when you consider that the box is on the same network segment as the server from which we were browsing. The company says the bug that caused this particular problem has been fixed in the new version of its full product release.
The STAR Engine comes with a firewall, but our main concern and interest lies with the intrusion detection console. Here there are two sensors at work and both have an initial set of rules pre-configured. While no IP addresses need to be entered for the IDS to work (it uses stealth network sensing), it has to know what network traffic to look out for. This is entered under the network setting tab.
There was quite a lot of pre-configuration to do before the testing took place, such as filtering out false alerts so the system was not flooded with false positives.
Once up and running we scanned the system using Nmap and Nessus. The system detected them both and alerted us. As blocking rules were applied on the system, it shut off any attempt by us to compromise the system.
On the whole this product works well and should be a good starting point for security in the medium-sized enterprise. Although there was virtually no installation needed, the time taken to configure the IDS was longer than anticipated. However, once up it proved its worth.