Craig Hinton

Unique in this test, the iPrism is actually an appliance. Although these tend to be more expensive than software-only products, they usually have the advantage of a fairly solid configuration since they are factory-build.

SurfControl has long been a name in internet security, with its CyberPatrol product one of the best known applications for home use, and its Web Filter application is an excellent business tool for micro-managing users' access to the internet.

SmoothWall Corporate Server is an extremely effective way of turning a PC into a dedicated hardware firewall sitting on its own hardened operating system. The company has now released a bolt-on to the Corporate Server to provide even more protection - Smooth Guardian, a multi-layered content filtering package.

Symantec Web Security is a product specifically designed to monitor the content of HTTP, HTTPS and FTP traffic. It takes the form of a proxy server that sits behind your firewall; with most firewalls it will operate transparently, but you have the bonus of integration with Check Point's FireWall-1.

While not strictly an appliance, this version of Websense is tightly integrated with all of SonicWALL's range of extremely popular firewall appliances.

Remember the halcyon days of the dot-com boom, when analysts were insisting that no company worth its salt could continue in business unless they had a web presence? Their weighted words were sufficiently terrifying to ensure that businesses rushed to add that all-important 'e' to their trading, resulting in countless new web sites appearing.

MIMEsweeper was one of the first products capable of protecting organizations against unwanted content, and it is still widely used today. The vendor, Clearswift, acquired MIMEsweeper's developer, Content Technologies, from Baltimore last year, and it is good to see that re-branding and product development have happened so quickly.

Today, MIMEsweeper is not just one product, but a suite of email security applications allowing network administrators to fine-tune their defenses as required. With the MAILsweeper application, administrators can define both the routing of all emails into and out of the network, and the content policies required. Throughout, the performance of the various elements can be monitored and the appropriate action taken.

Another approach to email security is to actively manage the emails being sent and received by your organization by means of rules and policies. This methodology is possibly more suited to those companies that require detailed audit trails, or who have had a problem with the unauthorized release of proprietary information via email, and it is the methodology espoused by Futuresoft's DynaComm i:series of products.

The control of email is the responsibility of DynaComm i:mail, which is fully integrated with the other products in the suite - these include an internet traffic filter and a file content scanner. Built into a dedicated SMTP server, the product can be positioned in a number of locations, depending on the configuration of your network and the needs of your business. It can also be located within the internal network, in which case all email - inbound and outgoing - will be processed. For smaller businesses with low email use - and smaller budgets - it can be located with the email server itself.

One very important area of email security is encryption. Unless you are using leased lines or virtual private networks (VPNs) to transmit information, the moment an email leaves your firewall it is at the mercy of the internet. Emails can be intercepted and read without your even knowing about it, which poses a terrible risk for corporate information. However, encrypting the email does give you a high degree of ­ reassurance.

PC Guardian provides a nifty little program called Encryption Plus Email that allows you to encrypt email body text and any attachments. The email product is very easy to install - full installation of the administration program takes less than a minute. The product is designed for individual use, so the administrator installs it on each workstation, then configures it centrally and rolls out the user files across the network. Encryption Plus Email is only available for Lotus Notes and Microsoft Outlook, but since these two cover a large proportion of companies this shouldn't be a problem.

Administrators often forget that management of emails isn't simply a question of who can send or receive them, or the content. When email arrives it sits in the inbox, but who has permission to access that inbox, or other folders for that matter?

With high turnovers of employees becoming increasingly common, the stressed administrator may well lose track of individual permissions. For example, many companies usually have a set of freelance or contract email ­ accounts that can be assigned to temporary staff. The permissions required by one contractor may be far more extensive than those required by their successor, but they could very well inherit those permissions when they arrive. And human nature being what it is, inquiring minds will almost certainly take advantage of this, whether innocently or maliciously.

Although F-Secure may not be the first name in anti-virus that springs to mind, its products are among the heaviest hitters in the industry. Unlike some products which depend purely on their signature lists to be updated, F-Secure also comprises multiple scanning engines and heuristic detection techniques that make it one of the first products to detect new viruses. The company has now brought its expertise to bear in email security with F-Secure Anti-Virus for Internet Mail.

The product is available for Windows (NT and 2000). A Unix version would be nice, although there is a version for Unix which sits at the firewall level. Installation presented no headaches. However because of the way the product works, disk and memory requirements are quite high. It is also better to share the scanning across more than one scanner server to keep bandwidth usage lower.

Gordano is a company that has made the messaging arena its own. Its NTMail product was a revolution when it was first launched in 1994, and it was recently re-branded and overhauled to become Gordano Messaging Suite (GMS).

Installation is simple and straightforward, and Gordano has also ensured that the product is suitable for all major operating ­ systems. Once installed, navigation is easy: the product is logically structured with well-laid out GUIs. Both configuration and management are carried out via a web-based interface.

What strikes you when looking at the installation instructions for the securiQ and organiziQ Suites is the sheer number of operating systems supported. Although the mail server has to be Lotus Domino, alongside the familiar Windows platforms we see IBM OS/2 and AIX, Sun Solaris and a couple of Linuxes. We're told that from January the mail server will not have to be Lotus Notes, but our review was not able to verify this.

securiQ focuses on the management and security of email traffic, with features such as anti-virus available. This allows you to use your tool of choice, but does seem unfair given the cost. organiziQ manages the administration and overheads incurred by email.

New Zealand-based Marshal Software, now part of NetIQ, might not be so well known as some vendors in this Group Test, but it has produced an impressive product in its MailMarshal application, a fully-fledged email security solution.

MailMarshal is suitable for any type of organization. For small businesses, it can be used to replace the existing mail server and act as a POP3 server for up to 500 users. Larger organizations can co-locate the product on their SMTP server (although this is another spool-and-forward application, so performance is an issue), or install it on a dedicated machine.

No security software Group Test would be complete without an appearance by Symantec, and this is no exception. Symantec's offering is its Norton Internet Security Suite, specifically targeted at the standalone desktop machine, or those connected to smaller networks. Because of this, it is only available for non-server versions of Windows.

Installation of the product is extremely straight­ forward, aided by the very well-written documentation; as you would expect, considerable emphasis is placed on the prevention of viruses. The product very much urges you to take responsibility for your own actions, and the manual contains a very useful guide to the risks the internet can pose - something many home users may know nothing about.

One of the major headaches for network administrators is bandwidth consumption. However big your pipe into the internet happens to be, it's the last few feet from the server to the desktop that is the killer. A few years ago, people took their eye off the ball where bandwidth is concerned, as it was assumed that everyone would be migrating to the fatter cables of category 6. However, standards issues and an unwillingness to spend money in today's uncertain times means bandwidth is still at a premium. Files have not stopped growing, with multimedia data bringing many networks grinding to a halt.

Matters would be considerably worse if it weren't for the godsend that is PKZIP. Files are compressed by as much as 90 percent, allowing hefty files to shrink to more manageable and less bandwidth-hungry sizes. Probably the most ubiquitous non-Microsoft application around, PKWARE's PKZIP is probably the best compression program available - well, they did invent the Zip format.

There is another aspect of security that is often overlooked in the rush to install firewalls, anti-virus software and email management systems, and yet it is possibly the oldest aspect of them all. Many people bemoan the days when they could leave their doors unlocked and not worry - and that was because there was a large degree of trust in the community. Exactly the same is true of many of the new business practices that the internet has made possible. Whereas a deal might once have been sealed with a handshake, over the impersonal internet that isn't possible. Or is it? One company that has long believed that it is, and has become the market leader in asserting it through its technologies, is RSA.

RSA Keon Core PKI Product Suite is a set of powerful applications which will allow you to construct a complete public key infrastructure (PKI) to allow trusted communication over the internet. After installation you will have the Keon CA (certificate authority) and the Keon RA (registration authority) applications present on your machine. The former issues digital certificates, while the latter processes applications for the certificates. You will also be able to generate public and private keys for encryption and decryption.

Security has been the mainstay of SurfControl's business for quite some time, so it is no surprise to see an email security solution. A policy-based application, SurfControl E-mail Filter is actually an SMTP host through which all mail is diverted.

Installation is amazingly simple. It's just a matter of entering the required information into a few windows and telling the product where it sits in relation to the email server. For reasons of economy, it can be installed on the same machine as the mail server, but for reasons of reliability this isn't recommended.

TFS Technology has taken a holistic approach to the whole subject of internet and email security, and the result is the extremely powerful Secure Messaging Server. The server acts as a firewall, ensuring that infected inbound emails don't get anywhere near your network.

Installation and configuration (Windows only) are simple and an application, TFS Administrator, does most of the hard work for you. This application is used for all configuration tasks, unless you want to do this remotely, in which case another product, TFS Secure Messaging Manager, allows this through a web browser. The Manager is also responsible for the security functions of the product.

Trend Micro is another familiar name in the anti-virus world. It has now branched out into email security with its InterScan Messaging Security Suite (IMSS), which, unsurprisingly, places a heavy emphasis on virus containment, but which also contains a number of other extremely valuable features.

IMSS is another spool-and-forward product, which means that the machine it is installed on should have a hard drive sufficient to handle your usual throughput of email. For this reason, and for reliability, it shouldn't really be installed on the SMTP server. Depending upon the needs of your network, it can be installed either in front of or behind your existing firewall, or even used in place of a firewall if - for some strange reason - you don't actually have one.