test

This product is built upon Sun's very secure Trusted Solaris 8 operating system, which has been used by the U.S. Department of Defense for over 25 years. It is a hardened version of the Solaris operating system platform for deployment of high-security desktops, database servers, firewalls, and communication gateways.

Many companies are looking to secure their networks from wardriving attacks and the current advice is to put a VPN behind a wireless access point. With this in mind, the following product should be ideal. The aim of the product is to secure access to network infrastructure from wireless clients using the wireless transport layer security (WTLS) protocol, which is a wireless version of SSL.

This box is one of the smallest in this Group Test but it managed to punch above its weight. It has most of the features that the bigger boxes have, but for a smaller price tag - good news for any business on a tight budget.

An ingenious little device from Meganet Corporation to enable secure portable data storage, the USB token incorporates a fingerprint biometric sensor and a simple interface of 3 LEDs to inform the user of status.

Guardware produces a variety of innovative products, all of which have been well received. It was interesting, therefore, to see a keyboard product with integral fingerprint reader from this Hungarian company (although the keyboard is actually made in China).

The SafeGuard Biometrics product is straightforward in concept and execution, making use of smartcard and biometric technology to provide strong identity verification for workstation and network access, as well as making the same functionality available to other services such as email clients and the use of certificates.

The NEC TouchPass system will appeal to systems administrators looking to integrate biometric verification into the organizational network access security routines.

This appliance hails from a Swedish company that has been going since 1997. The software runs on a Sun Netra X1 box (1U in size). It also has the widest range of client types we saw in this test.

Aventail was probably the first company to conceive and market the idea of the clientless SSL VPN. However it has only recently brought out its own hardware appliance that does such a job.

The Instant Virtual Extranet (IVE) Access 3000 from Neoteris is a hardware/software hybrid SSL VPN appliance that offers users access to network resources securely. These resources also encompass web-enabled applications and email software (Lotus Notes and Microsoft Exchange), as well as Unix file shares.

GFI LANguard System Integrity Monitor (SIM) detects whether files have been changed on a Windows 2000/XP system. It identifies exactly which files have been changed, making it easy to restore the system to its original state, although it does not provide any utility for automatic recovery - you have to have secured original copies of these files elsewhere.

The G-Server is the only hardware in this Group Test - all the other products consist of software. It is designed to be installed inline between the DMZ port on your firewall and a public web server. It is completely transparent and requires no changes to any network settings on other network equipment. It has no IP address visible to the outside world, so is undetectable by hackers. Even the MAC addresses of its NICs reflect those of the real web server to make the G-Server even more transparent. Two G-Servers may be configured for high availability.

Entercept is an intrusion prevention system (IPS). In common with traditional host-based intrusion detection systems (HIDS), Entercept resides on the host itself, but it works at a much lower level than a normal HIDS system.

TOS stands for 'trusted operating system.' It can also be used to protect servers that are providing DNS, as well as file servers, database servers, proxy servers and mail servers. TOS can protect any static files, including whole directories, drives, Windows registries and, of course, web pages.

This inventory application uses a technology called Lanprobe to meter software usage and discover devices on a network.

GASP is probably most famous for being the auditing software of choice for the Business Software Alliance. A free download of a version of this software is available on its web site. However, it can only audit up to 100 PCs and is time-limited. The version we reviewed is very much angled at the enterprise managing thousands of systems.

A complete Tripwire system consists of two components: Tripwire for Servers, which is an agent that must be installed on all servers that are to be protected; and Tripwire Manager, which provides central management for any number of Tripwire for Servers agents. Communications between server agents and management workstation are secured using the secure sockets layer (SSL) protocol.

Applock/Web works for web servers based on Microsoft IIS running on Windows NT/2000. It locks down both operating system and web server application. It auto-discovers which files are associated with web server functions (this may include web content and web scripts) and locks them down. It works within the operating system at the kernel level.

The software we received for this test was a pre-release of version 8, but initial observations tell us that any tweaks before the final version will probably be very minor ones.

This solution offers a suite of products under an asset management banner, comprising inventory, app- lication metering, asset control, contract management and TCO management. Support for Mac OS has recently been added.