D-Link DFL-M510 review
D-Link’s latest member of its NetDefend family aims to take on the knotty problem of securing businesses against the risks of P2P (peer-to-peer) and IM applications. The obvious answer to the whole issue is simply to block the relevant ports via a firewall, but with instant messaging established as a useful business tool in many organisations it isn’t always so clear cut. Previously, this was dealt with by specialist solutions such as FaceTime’s FTG500, which provides excellent policy-based filtering but is priced for the enterprise. The DFL-M510 aims to offer a similar feature set, with the exception of spyware detection, but at a price to tempt the smaller business.
The appliance is a transparent gateway, so will slot straight into your existing network. It employs packet inspection at Layer 7 and therefore offers much general information on application-related activity. The unit doesn’t represent a single point of failure, as traffic will pass through unhindered even if it suffers a complete power outage. Management uses a Java applet to access the appliance, so requires the latest JRE (Java Runtime Environment) installed first.
You can run in passive mode first to allow you to see what traffic types you’re going to be dealing with. At this stage, the real-time traffic monitor is useful. It provides a graph showing throughput and a pie chart of traffic-type distributions. Each can be customised to specific traffic, users, apps and groups, along with a count in megabytes of the traffic throughput for each one. Once you’ve identified undesirable traffic, you can create multiple policies to block it and use schedules to determine when they’re active. There’s a lot to choose from, with plenty of predefined messaging and file-streaming apps that can be controlled. FTP can be blocked, and you even have control over email by stopping POP3, SMTP and IMAP logins. With many apps, you can block them completely or customise access. For example, with MSN Messenger, you have a number of subchoices, allowing you to block or allow file transfer, voice and audio communications, and online games. Rudimentary web access controls can also be implemented using policies that define sets of URL keywords.
The appliance automatically identifies all stations and their MAC addresses from the traffic, so you can easily create different groups. We started with a blanket block on all listed apps, and with this assigned to our test group all mail clients ceased to send and receive, MSN Messenger clients couldn’t sign in and all file transfers were blocked. For streaming media control, we could block the iTunes client and QuickTime from accessing the internet. We could then fine-tune our policies. It’s even possible to apply keyword-monitoring lists to IM messages as well as web browsing. Once a web content keyword block has been tripped, the client can receive a custom warning message in their browser. An email alert will be issued to one address, although you get only the IP addresses of the source and destination. In fact, general reporting facilities are poor, as the system log doesn’t show blocking activity and the Report tab only generates a graph of the real-time monitor for the selected period.
The DFL-M510 makes a smart solution for controlling IM and P2P usage in smaller businesses. Reporting needs to be improved, but apart from this it offers extensive levels of control over a wide range of apps, all in an easily deployed appliance.