test

There are now many policy management tools for the control of email usage, and that need arises from the growing requirements that increasing legislation has put on companies. Policy Patrol is one such solution, ensuring that certain criteria are being met, and reducing the risk to the enterprise by monitoring communications and filtering out according to a rule set.

There are pre-set policies that allow the new installation to be put in place quickly and effectively while new policies are written.

Unlike the other products in this Group Test Web Inspector is neither system policy management or email policy management, but in fact an internet compliance tool that uses policy to set its users' boundaries. Suitable as a single installation for the smaller enterprise, this solution easily scales up to a distributed deployment over a large network.

Policy starts with access control, ensuring that users only have the rights assigned by the administrator in line with your corporate policy. Whether you choose to assign the same rights across the network or drill down your policy into user groups, sites, or individual users or workstations, is your choice. Policies can be created to suit your needs and ensure that only the web pages that your company deems necessary are viewed within work hours, allowing for the organization to permit safe surfing on non-business sites at stipulated times.

Possibly one of the most addictive aspects of the internet is instant messaging. Even if you prevent your employees from installing MSN Messenger, AIM or Yahoo, there are countless web sites that offer proprietary messaging systems that can be overlooked by some security applications.

Cobion's OrangeBox Web is a very similar product to DynaComm i:filter. Designed to integrate with a proxy server (for example, Microsoft ISA on Windows 2000/XP), it is also happy to sit on a number of popular Linux and Unix platforms. It can also be used as a proxy server in its own right if you have a small or medium-sized intranet network.

DynaComm's i:series offers a range of security solutions: DynaComm i:filter is designed to monitor and protect you from internet traffic. Covering HTTP, HTTPS, FTP and NNTP traffic, it uses a database of URLs and a rules-based strategy to enforce your internet policy.

Another policy enforcement product, but with some added features that really give it some teeth, is iomart's NetIntelligence. As well as monitoring URL requests, it also looks at the network as a whole (hardware, software and all files) and can instantly detect whether any unauthorized changes have been made, or whether any prohibited content is suddenly present.

N2H2 is generally considered to be one of the best content/URL filtering products on the market, and looking at in this group test, it is easy to see why.

NetIQ MailMarshal was the sleeper hit of the recent email security Group Test. Can this New Zealand-based software development center make it two in a row with its WebMarshal browser control? The answer is a resounding yes.

Unique in this test, the iPrism is actually an appliance. Although these tend to be more expensive than software-only products, they usually have the advantage of a fairly solid configuration since they are factory-build.

SurfControl has long been a name in internet security, with its CyberPatrol product one of the best known applications for home use, and its Web Filter application is an excellent business tool for micro-managing users' access to the internet.

SmoothWall Corporate Server is an extremely effective way of turning a PC into a dedicated hardware firewall sitting on its own hardened operating system. The company has now released a bolt-on to the Corporate Server to provide even more protection - Smooth Guardian, a multi-layered content filtering package.

Symantec Web Security is a product specifically designed to monitor the content of HTTP, HTTPS and FTP traffic. It takes the form of a proxy server that sits behind your firewall; with most firewalls it will operate transparently, but you have the bonus of integration with Check Point's FireWall-1.

While not strictly an appliance, this version of Websense is tightly integrated with all of SonicWALL's range of extremely popular firewall appliances.

Recently acquired by NetIQ, VigilEnt Policy Center provides a policy management tool that ensures users are aware of their responsibilities while providing solid policy control across the company network.

This is a corporate-level security solution and requires a user database to allow you to import users so that user groups can be established. The policies can then be set for these groups, with users being required to answer questions to establish understanding and compliance. Logs are kept to view user input and also to define problem areas. This performance-related system means that users know how to use company data and they learn what is required of them, while the administrator can see statistics and reports. Users not complying can be identified and an email can be sent to them to remind them of its significance. This ensures that not only do your employees comply with your policies, but your company can prove compliance with the regulators and specifically with ISO 17799.

You can stipulate certain user rights to allow for policies to be reviewed prior to publication and distribution. But of course you may use pre-written policies, amend them or create your own, as required by your own particular corporate needs.

Each enterprise will look long and hard at how they implement their corporate security policy. While many administrators look to implement an enterprise-wide solution, some may look to deliver specific policy management features for areas that their particular enterprise rates as high risk.

This means that in order to deliver policy management across all electronic communication a specific policy solution will be required that specializes in this particular function.

Sygate Technologies says that its policy enforcement ensures remote connections over a VPN are not exposed to hijacking of data. It ensures remote authentication is only made if the user conforms to the policy set in force. This makes a lot of sense.

What Sygate Secure Enterprise provides is the ability to maintain certain rules, even for remote users. These include whether their firewall is current and configured correctly, if the remote user's anti-virus is up to corporate specifications and, equally important, up to date. These are just a few example of areas where compliance may be required.

The basis of any policy management tool is the ability to manage its users and to recognize potential problem areas. Some do this without agents and others prefer to manage policy enforcement with agents residing on both workstations and servers. This is the case for Symantec Enterprise Security Manager, which uses the agents as its means of communication between its networked machines, enabling timely updates and compliance reports.

Symantec Enterprise Security Manager has already established itself in the policy management solutions market. This particular solution ensures that policies are intrinsically complied with throughout the organization, as well as maintaining system security through recognizing changes that could affect the security of the network.

Using control information files (CIF) the product can be managed from a central console, but in a large organization you may require more than one. Agents provide the means for the information to be collected across a distributed network to ensure updates are accomplished at regular intervals. Changes can be identified and the appropriate action taken, while logs and reports may be generated for further analysis.

At the heavy duty end of the market, SSH Secure Shell for Windows Server offers enough security for even the most paranoid network administrator. Already recognized as one of the most popular applications for creating secure sessions in Unix, it is now available for Windows, replacing such protocols as Telnet or FTP with a hardened connectivity solution for those businesses that require more than usual security for data transfer.

If you are looking for a little more than simple content filtering, it is worth taking a look at WebWasher. Aimed at the medium to large business, it provides extensive content filtering and a number of other valuable features.

One very important area of email security is encryption. Unless you are using leased lines or virtual private networks (VPNs) to transmit information, the moment an email leaves your firewall it is at the mercy of the internet. Emails can be intercepted and read without your even knowing about it, which poses a terrible risk for corporate information. However, encrypting the email does give you a high degree of ­ reassurance.

PC Guardian provides a nifty little program called Encryption Plus Email that allows you to encrypt email body text and any attachments. The email product is very easy to install - full installation of the administration program takes less than a minute. The product is designed for individual use, so the administrator installs it on each workstation, then configures it centrally and rolls out the user files across the network. Encryption Plus Email is only available for Lotus Notes and Microsoft Outlook, but since these two cover a large proportion of companies this shouldn't be a problem.