One way of securing a small business network is to install anti-virus, anti-spam and other tools onto each and every user PC. However, deploying, managing and updating all that software can be a real struggle. The alternative is to use an all-in-one security appliance - like this ZyWALL 35 UTM from Zyxel - to block viruses, spam and any other nasties before they get anywhere near user desktops.

UTM is short for Unified Threat Management, with the ZyWALL 35 UTM being part of a family of Zyxel security appliances, all designed to monitor traffic passing between the local network and the Internet.

The hardware involved comes in a sturdy desktop box with, on the review model, a row of six 10/100Mbps Ethernet ports across the front. Two of these are used to connect to the Internet (via existing routers/modems) with automatic load balancing and failover in the event of a connection problem.

The other four ports are used to connect to the LAN, either direct to desktops and servers or, on larger networks, via other hubs and switches. Note too that these connectors can also be individually re-configured to act as DMZ (De-Militarized Zone) ports for the attachment of public-facing Internet Web and e-mail servers.

Round the back, a pair of serial ports allows for local console management and the attachment of a modem for dial backup in the event of a WAN failure. There's also a PC Card slot to take a ZyWALL Turbo Card, adding hardware acceleration for the anti-virus and intrusion detection/prevention services which we'll cover shortly.

Somewhat confusingly, the Turbo Card is included in the basic price, but you can also use its slot to add wireless networking capabilities. If you do, though, you'll lose the anti-virus and intrusion detection/prevention options which are disabled if the Turbo Card is absent. Be aware also that you have to use a Zyxel ZyAIR adapter if you want wireless, as it's not possible to load other drivers onto the appliance.

On the plus side, installation is straightforward with a Web-based GUI accessible over the LAN as well as the command line interface provided via the local serial port. This makes the device easy to configure, although a fair degree of technical knowledge is assumed. It can also take a while to get everything set up and configured the way you want it and we'd recommend putting time aside for experimentation and testing before trying to deploy the device on a live network.

As far as functionality is concerned, Zyxel claims to offer eight-in-one security on all its UTM devices, although that's open to debate and depends on exactly what you class as a security feature.

Most of the options are quite clearly security related, starting with an ICSA-certified stateful inspection firewall to detect, block and report on DoS (Denial of Service) and other common direct attacks on the local network. This is then accompanied by a VPN (Virtual Private Network) server which uses IPSec security and DES/3DES/AES encryption to provide remote users with secure encrypted tunnels onto the network.

As the name implies, up to 35 VPN tunnels can be supported on the ZyWALL 35 UTM, with a maximum throughput of 30Mbps. Unfortunately this is geared up for site-to-site connectivity, calling a custom personal VPN appliance like the ZyWALL SP1 to handle individual telecommuters.

There are no limits to the number of local users and up to 10,000 concurrent Internet connections can be supported, enabling the ZyWALL 35 UTM to comfortably protect networks with a hundred or more users. Other models are available for smaller and larger networks, and are priced accordingly.

The third security feature is the anti-virus scanner, based on Kaspersky technology and dependent on the Turbo Card accelerator. The fourth is a Mailshell anti-spam filter. Both can be configured to get their updates automatically and, in the latest release, can also identify and block phishing attacks which use social engineering to get users to reveal passwords and other confidential information.

The fifth feature is an intrusion detection and prevention (IDP) filter, again dependent on the Turbo Card, that looks for unusual behaviour to prevent worms, trojans, spyware and other application level infections. This can also be used to filter instant messaging and peer-to-peer networking sessions. Feature number six is content filtering based on technology from security firm Bluecoat, to stop users accessing specific types (categories) of Web sites.

Features seven and eight are the more problematic of the bunch, number seven being the load balancing and failover support provided for the Internet WAN ports, and number eight the ability to manage bandwidth allocation. Worth having, for sure, but most customers would class these as availability rather than security features.

Overall it's a very comprehensive security package with just about everything you need to protect a small business network. We found it reasonably easy to configure and, in the limited tests we were able to conduct, effective at blocking common security threats. You will, however, still need desktop protection for home workers and mobile users able to access the Internet in other ways. Moreover, you may already have some existing solutions which will overlap with what the ZyWALL 35 UTM has to offer.

That said, it's a good solution for those starting from scratch, with the full complement of tools, simple centralised management and automatic updates being the key selling points.

A comprehensive all-in-one security solution for the small business that combines key Internet defences, including a firewall and VPN server, anti-virus and anti-spam tools, content filtering and intrusion detection facilities. It doesn't do away entirely with the need for desktop and server-side tools but it is a good first line of defence and provides a high degree of protection from common threats.