Features

RSA is usually associated with token solutions, providing dynamic one-time password facilities plugged into back end authentication servers like RSA's ACE/ Server. But there are times when a token is not ideal: you have lease costs to consider, the server-side requirements are relatively high and inexperienced users can find one-time passwords tricky to handle.

The SafeWord PremierAccess product immediately impresses as a solution that has been well considered from the outset. Developed around the dynamic password concept, it may nevertheless support smartcards and other tokens, and even biometrics. These methodologies may be mixed and matched depending upon the needs of the enterprise.

Entercept falls into the category of an intrusion prevention system (IPS). In common with traditional host-based IDS, Entercept resides on the host itself, but it works at a much lower level than a normal HIDS system.

This solution provides a network-based IDS, real-time session monitoring and internet/email content blocking. eTrust Intrusion Detection can be installed in standalone mode, or it can be distributed on separate machines. The intrusion detection program installs as a service under Windows NT/2000. As usual, the monitoring interface is a NIC in promiscuous mode, and therefore the presence of the IDS is concealed from the attacker.

This solution is supplied as software, desktop or rack-mounted. Each network sensor is a separate appliance, handing high-availability, high-security 10/100 or gigabit monitored segments.Running on a hardened OS, based on Red Hat Linux, in a small installation it can be managed using a web-based interface, software or optionally as an appliance.

ActivCard Gold provides the expected functionality for securing the desktop, remote network access and access to web services, via digital signatures stored upon a smartcard. Appropriate software utilities are provided to manage these functions. However, the ActivCard approach goes one stage further by adding biometrics technology to the mix.

Authenex Strong Authentication System (ASAS) is described as a network security application that provides strong (two-factor) authentication for remote, VPN and web access. This would appear to sum things up quite well and Authenex provides a variety of software tools to support this goal.

StealthWatch employs a completely different approach to traditional IDS, based on signature recognition. Instead of looking for signatures, it 'learns' what kind of activity is normal on your network and looks for abnormal events. Behavior-based IDS has some advantages over signature-based IDS, because less processing power is required and previously unknown attacks can be detected.

This software network-based IDS product requires a dedicated machine running Solaris 8 on either Sun SPARC or Intel hardware. The hardware specification depends on the amount of traffic to be monitored, and gigabit monitoring interfaces are supported. We were supplied with a pre-installed system running on a Dell PowerEdge rack-mounted server - however, customers would have to provide their own hardware; prices quoted are for software only.

In the Gateway Security product, Symantec has come up with a range of gateway appliances, each of which combines firewall, anti-virus, virtual private network (VPN), content filtering and intrusion detection in one rack-mounted system that is 1U high.

This product concentrates on hard disk data encryption. However , it does include a VPN client integration for IPCrytor VPN gateways, which is a remote access solution. Encryption may be in relation to your own local hard drive, or a specific directory or folder on the corporate LAN.

First, allow us to congratulate Datakey on a most comprehensive and clearly written set of user guides. This is an important factor for many users and yet so often overlooked in contemporary products. For those as yet unfamiliar with smartcards and tokens, this can be very helpful and save them a lot of time as they progress along their own particular learning curve.

The problem of recovering accidentally deleted files was solved largely by the implementation of the recycle bin in Windows - allowing users simply to select 'Restore' from the right-click menu. However, there are a number of users that will, without thinking about what they are doing, automatically empty the recycle bin or even use a utility that does it for them at the end of each session. In addition to this, some viruses delete files, bypassing the safety-net of the recycle bin and of course, some malicious users will deliberately remove certain files. In response to this, O&O Software GmbH has written O&O UnErase which provides the user with a means of recovering such files.

First there was Sniffer, Network Associates' traffic capture and analysis tool, which rapidly carved itself a position as the tool of choice for network engineers of all kinds. Then there was Sniffer Wireless, bringing the capabilities of the Sniffer engine to 802.11 wireless networks, a logical extension to the Sniffer brand which already supported a range of environments including LANs, remote networks and telecom networks. Now we have Sniffer Wireless PDA, porting that wireless analysis suite to a handheld platform, targeting network managers and security professionals with an overriding need for portability.

In this Group Test we have looked at a number of solutions, all designed to manage your critical policy management and to ensure corporate policy is adhered to across even the largest networks.

This particular solution is for Windows 2000 users only; it sets, manages and backs up policies across your whole network without the need for agents. Designed specifically to replace the built-in utilities that are provided with Windows 2000 networks, it also allows the management of multiple domains in unison.

We've looked at PoliVec Builder in the past, a policy development tool from the same stable. Part of the PoliVec suite, PoliVec Enforcer integrates seamlessly with its policy development tool counterpart to keep the enterprise secure.

Therefore, policy can be locked down to stop system changes and policy non-compliance from weakening the protected network infrastructure. Extensive reporting enables a precise picture of your network and real-time monitoring ensures that notification of problems can be dealt with in a timely fashion.

Policy enforcement is only as good as your management system allows, so a serious vulnerability could go unnoticed without prior knowledge of the problem.

Security Expressions allows deployment using no-agent technology to ensure that, once installed on either Windows NT or 2000 systems, the administrator can add machines within a group, that are required to adhere to the policies that pertain to that group.

Sygate Technologies says that its policy enforcement ensures remote connections over a VPN are not exposed to hijacking of data. It ensures remote authentication is only made if the user conforms to the policy set in force. This makes a lot of sense.

What Sygate Secure Enterprise provides is the ability to maintain certain rules, even for remote users. These include whether their firewall is current and configured correctly, if the remote user's anti-virus is up to corporate specifications and, equally important, up to date. These are just a few example of areas where compliance may be required.

The basis of any policy management tool is the ability to manage its users and to recognize potential problem areas. Some do this without agents and others prefer to manage policy enforcement with agents residing on both workstations and servers. This is the case for Symantec Enterprise Security Manager, which uses the agents as its means of communication between its networked machines, enabling timely updates and compliance reports.

Symantec Enterprise Security Manager has already established itself in the policy management solutions market. This particular solution ensures that policies are intrinsically complied with throughout the organization, as well as maintaining system security through recognizing changes that could affect the security of the network.

Using control information files (CIF) the product can be managed from a central console, but in a large organization you may require more than one. Agents provide the means for the information to be collected across a distributed network to ensure updates are accomplished at regular intervals. Changes can be identified and the appropriate action taken, while logs and reports may be generated for further analysis.

Recently acquired by NetIQ, VigilEnt Policy Center provides a policy management tool that ensures users are aware of their responsibilities while providing solid policy control across the company network.

This is a corporate-level security solution and requires a user database to allow you to import users so that user groups can be established. The policies can then be set for these groups, with users being required to answer questions to establish understanding and compliance. Logs are kept to view user input and also to define problem areas. This performance-related system means that users know how to use company data and they learn what is required of them, while the administrator can see statistics and reports. Users not complying can be identified and an email can be sent to them to remind them of its significance. This ensures that not only do your employees comply with your policies, but your company can prove compliance with the regulators and specifically with ISO 17799.

You can stipulate certain user rights to allow for policies to be reviewed prior to publication and distribution. But of course you may use pre-written policies, amend them or create your own, as required by your own particular corporate needs.