Symantec™ Security Gateways Reference Guide - Sawmill

Introducing Symantec security gatewaysAbout Symantec security gateways13High availability/load balancingAnti-spam supportThe security gateway includes support for high availability and load balancing (HA/LB). HA/LB combinesmultiple security gateways into a single security solution, and then narrows the point of access to a virtualIP address (VIP) on each network the cluster faces. Users no longer direct requests at a specific machine.Rather, connection requests are pointed at the cluster VIP. Connections are no longer dependent on thestate of a specific machine; if one cluster node fails, another is there to continue with the connection,transparent to the end user.The integrated HA/LB technology is based on a share nothing model. Other HA/LB solutions commonly usedisk sharing or MAC address sharing to achieve failover. Symantec’s implementation is network-based,where the network provides the means of communication between all nodes in a cluster. Every node in thecluster shares responsibility in maintaining the state of the cluster over a controlled network.The number of unsolicited emails sent daily is staggering. Unsolicited electronic messages are commonlyreferred to as spam, and are intrusive, aggravating, and sometimes offensive. Many email clients try toaddress the issue by filtering email messages, but filters are usually only effective when the sending sourceor information in the header remains constant. Spammers understand the tools available to users, and inmany cases they simply spoof or change the source email address, or change the subject, circumventing thefilter.If your company operates an internal mail server that receives email from external sources, Symantec’ssecurity gateways offer some additional methods to reduce the vast amount of unsolicited received email.By default, the SMTP proxy checks for protocol anomalies, and you can configure the the SMTP proxy toprevent the security gateway from functioning as an SMTP relay. You can impose hard and soft limits onthe number of recipients in an email. Additionally, you can check email sources can, and if they don’tresolve, block them. Optionally, you can elect to use one of the public real-time blackhole lists (RBL) whendeciding to accept or reject an email.AntivirusSymantec security gateways feature award-winning antivirus technologies that make Symantec theindustry leader in virus protection software. Symantec antivirus technology is one of the fastest and mosteffective solutions available today for detecting and preventing malicious virus attacks. As new threatsemerge, Symantec’s LiveUpdate technology updates both virus definitions and the engine without serviceinterruption, keeping you fully protected now and in the future. Although the antivirus component is anappliance-only feature, software versions of the security gateway can leverage the appliance’s antivirusfeature by using the appliance as an off-box antivirus solution.The antivirus component incorporates bloodhound technology for heuristic detection of known andunknown viruses, and Symantec Striker technology to detect and identify polymorphic viruses. Theantivirus component detects malicious viruses, worms, and Trojan horses in all major file types, includingmobile code and compressed file formats. Additionally, the antivirus component lets you decide what to dowith infected files; you can block or clean files containing malicious code.Intrusion detection and preventionSymantec security gateways monitor network traffic for suspicious behavior and respond to detectedintrusion in real-time. The intrusion detection component’s signatures help detect and prevent againstnumerous attacks including Teardrop, Whisker, Girlfriend, NOOP, buffer overflows and many others.Symantec’s LiveUpdate ensures that new atomic signatures are downloaded to address new threats wellbefore they become security issues. Intrusion detection and prevention is an appliance-only feature.