Viruses, worms, trojans, spam, spyware - the number of Internet threats gets larger every day. As, too, does the armoury of tools needed to protect against them. Hence the rise of integrated solutions, such as Astaro Security Linux, which not only tackle everything in one go but, because the component tools are all designed to work together, can provide a higher level of protection than independent products.

Based on open source Linux with custom applications and other extensions, Astaro Security Linux can be deployed in two ways. One is to buy it pre-installed on hardware from Astaro partner Aegis Defence. The other is to buy the software and install it on a PC of your own choosing. Either way you end up with a self-contained appliance, designed to protect complete networks with a mix of up to six key security applications.

The first of these is an ICSA certified firewall which turns out to be slightly unusual in that it mixes together stateful inspection and application proxy technologies. The stateful inspection engine protects against Denial of Service (DoS) and other common threats while proxies for HTTP, DNS, SMTP, POP3 and other applications add an extra layer of security that can be leveraged by the other tools. Network Address Translation (NAT) support is also built-in, with the usual rules-based approach to setup together with extensive logging and reporting facilities.

Secure remote access is then provided by a built-in VPN gateway. This offers support for both site-to-site and site-to-client VPN deployment using a mix of industry standard tunnelling protocols including PPTP, L2TP and IPSec. A wide range of encryption algorithms can similarly be used, with an internal Certificate Authority (CA) to issue digital certificates where necessary.

External private and public certificates can also be used and users authenticated against a local database or by other RADIUS and Active Directory servers. Custom IPSec client software can be purchased but in most cases this isn't necessary as the Astaro VPN gateway can also be used with standard Windows and Apple Mac clients.

Applications three and four provide anti-virus and anti-spam protection with, in the latest V5.0 software, protection for users surfing the Web courtesy of facilities to scan HTTP and FTP traffic as well as SMTP/POP3 e-mails. Content filtering via URL lists is the fifth option with intrusion protection and detection the sixth in the Astaro tool chest. Note, though, that the firewall, VPN and anti-spam tools are the only ones included in the base price, along with a year's worth of updates. The others are all extra, as are updates beyond the first year.

It all sounds very impressive, with the added bonus that, in terms of hardware, you don't need very much to run Astaro Security Linux. On a small network, for example, a PC with a Pentium II processor or above is all that's required, with 256MB of memory and 8GB of disk space. You will, though, need at least a couple of network interfaces, to enable the Astaro software to act as a gateway and filter all traffic passing between the local network and the Internet.

Installation is pretty painless too. Simply boot from the CD-ROM supplied and the software is imaged to the hard disk in around ten minutes with very little operator intervention required. However, a fair amount of post-installation work is then needed, using a browser based tool called WebAdmin. This too is easy to navigate but assumes a high level of expertise when it comes to both networking and security features. For example, there are no obvious anti-virus, anti-spam or content filtering tools. Instead you have to navigate to the appropriate proxies to find these options and even then it's far from plain sailing, with no easy way of telling whether you've set up the software correctly.

On the plus side the Astaro package does what it claims and, when fully configured, provides a high level of protection against a range of threats. It also ships with extensive documentation which goes into each of the various options in some detail. Likewise there are plenty of logging and reporting tools which can be used to monitor activity - if you know what to look for.

On the downside, part time network administrators in small companies could well find Astaro Security Linux hard going. Added to which, if you take all the options, it will cost about £1,000 to protect 10 users and there are lots of competitively priced alternatives which are easier to manage. Higher up the food chain, however, the Astaro package does makes a lot more sense, especially when installed on custom hardware where it's cheaper than most of the alternatives yet more than a match in terms of functionality.

Open source based, Astaro Security Linux provides a comprehensive set of integrated tools to protect networks against hackers, viruses, spam and other common security threats. It's well specified and requires only modest supporting hardware but does need a fair amount of expertise to configure and manage, making it very much a mid-range solution best avoided by smaller organisations looking for a quick fix.