Monday, June 15, 2015

REVIEW : Shield - Intrusion Prevention System for Home Users






What is Shield?

Shield is a very small device that can protect your home and small business network from being attack by malicious hackers. The attacks include viruses, scams, phishing, website and browser exploits as well as operating system and application exploits. Shield protects your incoming and outgoing traffic. Even your system or network is compromised before using Shield, malicious hackers cannot control and access your system or network any further when Shield is implemented. Shield is also protecting your system or network from being scanning of vulnerabilities. That is excellent for preventing your system or network from being attack.

Shield acts as Intrusion Prevention System (IPS) or Unified Threat Management System (UTM). When it acts as IPS, the core engine is Suricata (Intrusion Detection and Prevention System). It is the simplest way to implement the device and its throughput is more than 1 Gbps. When it acts as UTM, its core engine is Snort (Intrusion Detection and Prevention System). This mode has a lot of features, such as web content filtering, anti-virus, VPN, QoS and etc. However, the slower throughput is the drawback for UTM mode.

Suricata and Snort are using Emerging Threats Open Rules for the operation. Emerging Threats Open Rules include malicious IP addresses, virus signatures, exploit signatures and attack signatures. It also include scanner signatures. According to Suricata developers, the maximum throughput of Suricata is more then 30 Gbps.

Shield includes a free lifetime subscription to stay up-to-date against the latest threats with automatic essential security updates. There is no number of user limitation in the device. It is designed for general users with no professional training in Information Security. It is very easy to setup and use. Plug, Play and Forget!

Business or DIY

There are some UTM or IDS/IPS available in the market. Those devices are developed for business and the prices are not reasonable for home or small business users. The cost will be over $1,000-USD. Meanwhile, the power consumption of those devices would be higher than Shield. Shield is only between 10W and 15W. Commercial UTM or IDS/IPS will have number of users restriction as well as cost for subscription annually of the rules and services.

On the other hand, we can build an UTM with Untangle; or, we can build a Suricata or Snort based IDS/IPS without paying for the software. However, the cost of hardware would be higher than the Shield for sure. For example, this motherboard costs about $399.99-USD. You also need to purchase hard drive, memory and computer case too. The power consumption for this hardware is between 35W to 80W. Shield would be cost around $300-USD only.

Recommended Setup

We suggest to plug Shield between your modem (if any) or Internet Service Provider (ISP) and router (wired or wireless) in Bridge Mode for excellent performance and protection.

If you do not have any router or you have a slower internet connection and the speed of the intranet is less than 1 Gbps, Router Mode can be implemented. The setup for Bridge and Router Modes are very easy and simple. No skill is required, believe me.

IPS (Bridge Mode)



UTM (Router Mode)




Technical Specifications
- 2 x 1.0 GHz MIPS64 CPU
- 1 GB DDR3 RAM
- 4 GB eMMC
- 3 x 1 GB Ethernet
- 1 x RJ45 Serial console port
- 5 x 3.5 x 1 inches
- between 10W and 15W power consumption


Features

Router Mode and Gateway Mode (UTM)
- Snort Engine
- Emerging Threats Rules
- Intrusion Prevention
- Network Anti-Virus
- NAT Firewall
- Content Filtering
- Web Proxying
- Dynamic DNS
- SSLVPN
- Quality of Service
- Graphical Web User Interface
- Realtime Traffic Monitor
- Realtime Connection Monitor
- Advanced and Basic Mode
- 10 Mbps throughput
- Plus More!

Bridge Mode (IPS)
- Suricata Engine
- Emerging Threats Rules
- Intrusion Prevention
- Graphical Web User Interface
- Realtime Traffic Monitor
- Realtime Connection Monitor
- Advanced and Basic Mode
- 40 Mbps throughput

Conclusion

Shield is well designed and the performance will not worse than other similar devices in the market. However, the price is rivalry. It is the first IDS/IPS/UTM for home users and small business. Being a Shield beta tester and developer of Croissants, I am fully satisfied with the performance, price, size and power consumption of Shield. It is really can be "Plug, Play and Forget!". Recommended!

That's all! See you.

Review in Chinese version