Review: eTrust AccessControl

We are back in the world of passwords for Computer Associates' offering. Part of the eTrust suite of products, eTrust AccessControl is another policy-based application, fully integrated with the other eTrust products, as well as with CA's UniCenter network management software. It is designed to operate in Windows, Unix and Linux, and interoperates with (surprising, but not unwelcome), mainframe environments.

Installing eTrust AccessControl is relatively easy, and the management console is very graphical and easy to use. Worried administrators will also be pleased to know that eTrust AccessControl allows existing passwords and users to be imported with the minimum of fuss. Access rights can be specified for every resource from the network, right down to individual files. Access can be granted individually, or on a group/department level, and setting accepted/prohibited dates and times is very easy to do.

Auditing is very impressive; eTrust AccessControl logs every action and associates it with a specific user. Administrators can choose to filter this auditing so that only actions associated with particular users or specific resources are flagged. This is particularly important where the 'super-user' account is concerned, and eTrust monitors its usage fully.

eTrust AccessControl employs a policy model database (PMDB), allowing passwords and security policies to be synchronized across the network. For example, if one system requires a password with embedded numbers, while another allows alphanumerics, users will be forced to include the former when setting a password for the latter, allowing the same password to be used everywhere. The PMDB can also be used to enforce stricter password policies than are currently in place. Password policies can be rolled out across the network, making life easier for the administrator.

The product is supplied with a number of hefty PDF documents covering most aspects of the operation. However, the 'getting started' guide does read rather too much like a marketing brochure than a true quick-start manual.

Although limited in its authentication methods, eTrust Access-Control offers full integration with other CA products and provides a powerful policy-setting engine, designed for ease of use.

For:

Setting and enforcing policies across the network is made extremely easy.

Some of the extra functionality you may require involves buying further products. 

A powerful policy-based product, eTrust AccessControl offers considerable functionality and versatility for the larger business.