Internet-connected computers (particularly those running Windows) face a host of threats from various sources these days it can often seem as if your PC is at risk from everything but e.coli.
Using a broadband router/firewall for protection is a good start, but it can't guard against some of the most serious and prevalent threats like e-mail or Web page-borne infections and most don't prevent people from accessing inappropriate content. For that kind protection you typically need to supplement your router's firewall with Internet security software that runs on a PC.
D-Link says that its SecureSpot DSD-150 is a solution to this dilemma, offering a simpler and less-expensive way to protect multiple systems on a network. The $99 SecureSpot is a hardware device that protects up to four PCs and provides most of the features you'd expect to find in a comprehensive Internet security suite, including a firewall, content controls, anti-virus and spam filtering, along with personal data protection and a pop-up blocker.
We found that the SecureSpot can be a cost-effective way to protect multiple systems from various Net-based threats. On the other hand, it doesn't eliminate the need to install software on your systems, and certain aspects of device configuration may be confusing to some people.
Pricing and Features
The SecureSpot is a small, nondescript black box with two RJ45 ports that sits between your cable modem/DSL device and your broadband router. As is the case with most security products these days, the SecureSpot is a subscription-based product the purchase price is good for the first year of service, and renewals will set you back $79.99 annually. While the SecureSpot protect up to four PCs on your network, but you can add additional systems for $19.99 per year.
In a nutshell, the SecureSpot functions as a Internet proxy device that works in conjunction with managed security provider Bsecure, a company that provides the management interface as well as the online databases that give the SecureSpot the capability to identify the content of Web sites and recognize threats like viruses, spam and so on.
Strictly speaking, the SecureSpot isn't a hardware-only solution. Many functions, such as the firewall, content controls and spam filter are self-contained, but some including the anti-virus scanner and certain aspects of the firewall are provided by a thin-client utility that you must install on each PC you want to protect. The client runs on either Windows XP/2000 or Mac OS X 10.3/10.4 (we used it with XP systems).
Getting the SecureSpot physically connected isn't difficult. D-Link provides step-by-step graphical instructions on what connects to what, and since the SecureSpot doesn't need to communicate directly with your broadband router, it shouldn't matter what kind of device you use (we used a Netgear WPN824).
The first time you try to access a Web site after installing the SecureSpot on your network, you're automatically taken to a Web page to activate the device and create your administration account on BSecure's SecureSpot management server. The next step is to download and install the thin client onto each system on your network opening the browser on any system takes you directly to a client download page.
The SecureSpot operates in one of three general security modes. The default mode, Medium, requires that systems run the thin client to browse the Web or to use any Internet-enabled application like e-mail or instant messaging. You can eliminate this restriction by setting the security mode to Low, but for either mode, removing the SecureSpot from the network can thwart content control restrictions.
To guard against this, the SecureSpot's High security mode causes the client to check for the presence of the SecureSpot device and if it's not found you'll need to enter an administrator login before you can access the Internet. This feature worked as advertised when we tried it, and you can't uninstall the client without the admin password (though you could conceivably access the Net unchallenged by using a PC without the client.)
|SecureSpot lets you block certain types of applications.|
SecureSpot configuration is handled via the SecureSpot Control Center, a browser-based interface that connects to the back-end server rather than directly to the device. (Accessing this control panel seemed to work better with Internet Explorer. With Firefox things were dicey.)
Most SecureSpot functions that are performed through the hardware can be configured centrally for all systems on your network. When you try to configure a feature that's part of the thin client (like an anti-virus scan) the browser will launch the relevant part of the thin client on the individual PC you're using for further customization options.
Content Controls and Firewall
If you have children that can access your home office computer or you want to limit the type of Web sites employees can access, you'll be happy to know that SecureSpot offers numerous ways to restrict when and how kids can access the Internet.
For starters, you can create an access schedule to define which days and times of day access will be allowed. There are dozens of content categories you can choose to filter, and you can supplement these category filters with lists of specific Web sites you want to block (or allow) access to.
You can easily gain override access to blocked sites by entering the SecureSpot administrator username and password. To stop concerted and repeated efforts to circumvent the content filter by trying to go to different sites with the same kind of content, the SecureSpot includes a safety lock option that can force a person to restart the system to regain Internet access after a specified number of blocked attempts.
The SecureSpot provides a wizard that lets you set up the content control and firewall features at a basic functional level, but customizing certain aspects of the SecureSpot may prove confusing for less technical people since the configuration interface groups settings technically rather than logically (i.e. to block Web sites you use content controls, but to block the use of applications you use the firewall). This would be less of a problem if the manual provided detailed explanations of the various features, but it offers only short descriptions and little in-depth information.
In the firewall category, you'll find additional settings designed to prevent the use of certain applications. You can block the traffic used by certain programs (like instant messaging or peer-to-peer file sharing applications), prevent programs from even executing on a system or block the download of certain file types.
Depending on what Web sites you wish to restrict, you may need to pay close attention to both the content control and firewall configuration options and test systems after making changes. As an example, blocking Instant Messaging in the content control settings will block access to something like aim.com, but it won't prevent someone from downloading the actual AIM client from another source or using it if it's already on the system. For that you need to block the application and/or its traffic in the firewall.
Since an overriding set of content or application restrictions is seldom appropriate for everyone on the network, the SecureSpot lets you set up profiles for specific computers (defined by MAC address) or individual users and specify custom rules to each. The latter approach requires the extra step of logging into the SecureSpot thin client before obtaining Internet access, but you can associate SecureSpot user accounts with specific Windows profile to eliminate the need to log in twice.
Anti-Virus, Spyware, and Spam Filter
The SecureSpot's anti-virus protection is handled by the thin client and is based on the McAfee VirusScan engine, which also scans for spyware (virus/spyware definitions are automatically kept updated on each system by the server).
Although D-Link calls the SecureSpot a spam blocker, filter is a better term since the SecureSpot doesn't actually block any incoming mail. Unlike most PC-based anti-spam software, the SecureSpot's offers no configurable options besides turning the spam filter on or off and customizing the tag that's appended to incoming suspect e-mails. You then configure the POP3 e-mail client of your choice (IMAP and Webmail accounts aren't supported) to delete all tagged mail or divert it to a specific folder for later review.
You probably wouldn't want a third-party deciding what mail to block anyway, and despite the inaccurate nomenclature the SecureSpot's filter did a good job at identifying unwanted e-mail. We didn't encounter any false positives, and only a handful of spam messages made it through unrecognized.
Reporting and Performance
You can configure the SecureSpot to log all Web requests, and when you want to find out who tried to access what, you can log into the SecureSpot administration page and access a daily activity report (including past reports). The reports are hosted on the server, which means they can't be edited or deleted by anyone hoping to hide their tracks. A
Although the SecureSpot's documentation cited an option to send reports to an e-mail address, this feature was not available on our test unit. (We were using the most recent device firmware available at the time, 1.03.)
|You can use SecureSpot's reporting features to find out who tried to access what on the Internet.|
Using the SecureSpot did have a slight but noticeable impact on our network's performance. Downloading e-mails took longer as the spam filter worked its magic, but it still proceeded at an acceptable rate. There also seemed to be a discernible slowdown in browsing performance, but again it wasn't severe enough for most people to be bothered by it.
There's no question that the $99 SecureSpot DSD-150 is a less expensive means of protecting multiple systems compared to installing separate security software on each at $50-$70 a pop. (Although now that some security vendors are belatedly starting to offer three- or five-license bundles at significant discounts, the actual savings provided by the SecureSpot may not be profound as this simple pricing comparison might suggest.)
Configuring a single device like the SecureSpot should also be more efficient than doing it on three or four individual systems, but tailoring the SecureSpot to your specific needs may not necessarily be any easier than customizing PC security software due mainly to an unintuitive organization of features and a manual that doesn't sufficiently describe them.
Pros: cost-effective security protection for multiple PCs; good content controls and tamper-proof activity reporting, compatible with both with Windows and Mac
Cons: doesn't eliminate the need to install software on individual PCs; some configuration options can be confusing; unhelpful manual
|Do you have a comment or question about this article or other small business topics in general? Speak out in the SmallBusinessComputing.com Forums. Join the discussion today!|